{"resultsPerPage":474,"startIndex":0,"totalResults":474,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-30T20:35:46.194","vulnerabilities":[{"cve":{"id":"CVE-1999-0511","sourceIdentifier":"cve@mitre.org","published":"1997-01-01T05:00:00.000","lastModified":"2026-05-28T18:16:20.797","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IP forwarding is enabled on a machine which is not a router or firewall."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":true,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*","matchCriteriaId":"4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_nt:*:*:*:*:*:*:*:*","matchCriteriaId":"ED27882B-A02A-4D5F-9117-A47976C676E0"}]}]}],"references":[{"url":"https://www.cve.org/CVERecord?id=CVE-1999-0511","source":"cve@mitre.org"},{"url":"https://www.cve.org/CVERecord?id=CVE-1999-0511","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-1999-0517","sourceIdentifier":"cve@mitre.org","published":"1997-01-01T05:00:00.000","lastModified":"2026-05-28T18:16:21.023","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An SNMP community name is the default (e.g. public), null, or missing."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.5,"impactScore":3.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:hp-ux:10:*:*:*:*:*:*:*","matchCriteriaId":"CC96D014-7CE2-4F61-BBAF-507829C542EA"},{"vulnerable":true,"criteria":"cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*","matchCriteriaId":"771931F7-9180-4EBD-8627-E1CF17D24647"},{"vulnerable":true,"criteria":"cpe:2.3:o:sun:sunos:5.0:*:*:*:*:*:*:*","matchCriteriaId":"C1370216-93EB-400F-9AA6-CB2DC316DAA7"}]}]}],"references":[{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0517","source":"cve@mitre.org"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0517","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-244","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-244/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-1999-0524","sourceIdentifier":"cve@mitre.org","published":"1997-08-01T04:00:00.000","lastModified":"2026-05-28T18:16:21.263","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts."},{"lang":"es","value":"Información ICMP como (1) máscara de red y (2) marca de tiempo está permitida desde hosts arbitrarios."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":4.0,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.5,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"},{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*","matchCriteriaId":"4781BF1E-8A4E-4AFF-9540-23D523EE30DD"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:ios:-:*:*:*:*:*:*:*","matchCriteriaId":"B6230A85-30D2-4934-A8A0-11499B7B09F8"},{"vulnerable":true,"criteria":"cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*","matchCriteriaId":"F480AA32-841A-4E68-9343-B2E7548B0A0C"},{"vulnerable":true,"criteria":"cpe:2.3:o:hp:tru64:-:*:*:*:*:*:*:*","matchCriteriaId":"06E97148-F1B2-40FB-9C98-AB9FBE867DE7"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*","matchCriteriaId":"E492C463-D76E-49B7-A4D4-3B499E422D89"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:os2:-:*:*:*:*:*:*:*","matchCriteriaId":"602ECD33-560E-4CDD-8396-7B6EC002C10A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"},{"vulnerable":true,"criteria":"cpe:2.3:o:novell:netware:-:*:*:*:*:*:*:*","matchCriteriaId":"61BD8560-99BE-46E5-8366-7CD9CD3427E6"},{"vulnerable":true,"criteria":"cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*","matchCriteriaId":"F5027746-8216-452D-83C5-2F8E9546F2A5"},{"vulnerable":true,"criteria":"cpe:2.3:o:sco:sco_unix:-:*:*:*:*:*:*:*","matchCriteriaId":"97A1D7CF-430A-4348-AC21-DB4BA7FD59F1"},{"vulnerable":true,"criteria":"cpe:2.3:o:sgi:irix:-:*:*:*:*:*:*:*","matchCriteriaId":"1B522A89-5F4E-4BA1-8AAF-2613C3A6CEE9"},{"vulnerable":true,"criteria":"cpe:2.3:o:windriver:bsdos:-:*:*:*:*:*:*:*","matchCriteriaId":"D0B43723-26A2-40E5-8B2D-B8747CEEA274"}]}]}],"references":[{"url":"http://descriptions.securescout.com/tc/11010","source":"cve@mitre.org","tags":["Broken Link"]},{"url":"http://descriptions.securescout.com/tc/11011","source":"cve@mitre.org","tags":["Broken Link"]},{"url":"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=1434","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.osvdb.org/95","source":"cve@mitre.org","tags":["Broken Link"]},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/306","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/322","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10053","source":"cve@mitre.org","tags":["Broken Link"]},{"url":"http://descriptions.securescout.com/tc/11010","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"]},{"url":"http://descriptions.securescout.com/tc/11011","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"]},{"url":"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=1434","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.osvdb.org/95","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"]},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/306","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/322","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10053","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"]},{"url":"https://support.f5.com/csp/article/K15277","source":"af854a3a-2127-422b-91ae-364da2661108"}],"vendorComments":[{"organization":"Red Hat","comment":"Red Hat Enterprise Linux is configured by default to respond to all ICMP requests. Users may configure the firewall to prevent a system from responding to certain ICMP requests.","lastModified":"2010-01-05T00:00:00"}]}},{"cve":{"id":"CVE-1999-0632","sourceIdentifier":"cve@mitre.org","published":"1999-01-01T05:00:00.000","lastModified":"2026-05-28T18:16:21.613","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The RPC portmapper service is running."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:N","baseScore":0.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":10.0,"impactScore":0.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://www.cve.org/CVERecord?id=CVE-1999-0632","source":"cve@mitre.org"},{"url":"https://www.cve.org/CVERecord?id=CVE-1999-0632","source":"af854a3a-2127-422b-91ae-364da2661108"}],"evaluatorSolution":"The RPC portmapper service is an unsecured protocol for Internet facing systems and should only be used on a trusted network segment, otherwise disabled.  The software should be patched and configured properly.","evaluatorImpact":"This Common Vulnerabilities and Exposures (CVE) entry is a configuration issue and not a software flaw. As such, it doesn’t fit in the CVE software flaw list. The Common Vulnerability Scoring System (CVSS) base score for this CVE entry has been set to 0 because this CVE entry has no impact as a software flaw according to CVSS. This does not mean that the configuration issue is not important and there may be security implications relative to computers having this configuration."}},{"cve":{"id":"CVE-2004-2320","sourceIdentifier":"cve@mitre.org","published":"2004-12-31T05:00:00.000","lastModified":"2026-05-28T19:16:21.473","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:*:express:*:*:*:*:*","matchCriteriaId":"A8F69E7A-8BBB-4D20-AEE9-F37155AD5C3F"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:*:win32:*:*:*:*:*","matchCriteriaId":"F119CDFF-214B-42E3-AF10-D8172D4A18E0"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp1:*:*:*:*:*:*","matchCriteriaId":"2B393A66-08A6-4EBA-B01E-BB6418423F79"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp1:express:*:*:*:*:*","matchCriteriaId":"0FAB4F19-EFE0-4860-B9E9-E3938A36AE17"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp1:win32:*:*:*:*:*","matchCriteriaId":"56955D93-989A-4746-A3FC-1C99A749FAAD"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp10:*:*:*:*:*:*","matchCriteriaId":"B2B4C4E8-2862-457F-BDCC-3F54B8F7AADE"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp10:express:*:*:*:*:*","matchCriteriaId":"16324B74-4143-473D-858F-B5B1899822B3"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp10:win32:*:*:*:*:*","matchCriteriaId":"6ABD1B84-730D-479B-BB39-98C7D5C2373D"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp11:*:*:*:*:*:*","matchCriteriaId":"47974FFB-1B28-492B-9A83-78AF16CF62CC"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp11:express:*:*:*:*:*","matchCriteriaId":"DFA4200B-3877-4FC9-B2AB-E51675CAD71F"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp11:win32:*:*:*:*:*","matchCriteriaId":"9787A30B-B85C-4434-AE28-03F5B5C8DEBC"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp12:*:*:*:*:*:*","matchCriteriaId":"6F27425D-1754-44AE-A4B5-F27D5FA6A052"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp12:express:*:*:*:*:*","matchCriteriaId":"B1C2B98A-EF68-4569-B50C-8F21D2298435"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp12:win32:*:*:*:*:*","matchCriteriaId":"F80AE1DC-B4B6-4E8C-A199-BFF64B0563F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp13:*:*:*:*:*:*","matchCriteriaId":"034C62E6-3598-4D66-A0BD-8BD2E67048C5"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp13:express:*:*:*:*:*","matchCriteriaId":"7D5A058C-D9DD-4B78-815E-40E27EC1C6BB"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp13:win32:*:*:*:*:*","matchCriteriaId":"73589C92-14F1-494E-B264-A632A03DFCCF"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp2:*:*:*:*:*:*","matchCriteriaId":"99D0A3A8-1444-4DA4-AEF3-08578482574C"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp2:express:*:*:*:*:*","matchCriteriaId":"8B0B183B-95A3-463D-B76B-50640F554013"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp2:win32:*:*:*:*:*","matchCriteriaId":"FD3C09F5-6E4A-43C4-8AEB-7DBBDE9DCC33"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp3:*:*:*:*:*:*","matchCriteriaId":"523836A4-0110-4CD3-A81E-988A02AEA68C"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp3:express:*:*:*:*:*","matchCriteriaId":"36A0EFDA-409E-44F0-9F8B-167A72D2361B"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp3:win32:*:*:*:*:*","matchCriteriaId":"8ACD6465-6904-4F6B-92F0-02078D0B41BC"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp4:*:*:*:*:*:*","matchCriteriaId":"A705EB67-3961-445F-8023-F82C7618BE2B"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp4:express:*:*:*:*:*","matchCriteriaId":"51A8AB95-FB23-4A7A-A6F5-EF442EAABD26"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp4:win32:*:*:*:*:*","matchCriteriaId":"BDF43AB2-1778-4B6D-B766-FF71DBE3C0A5"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp5:*:*:*:*:*:*","matchCriteriaId":"BD698DD8-5491-4A73-A527-8C9228992A2D"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp5:express:*:*:*:*:*","matchCriteriaId":"5F00947F-1804-41D5-8F2B-7E48C77B1306"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp5:win32:*:*:*:*:*","matchCriteriaId":"13C06026-2AC9-4419-A7B8-9F0ECDD8DBD4"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp6:*:*:*:*:*:*","matchCriteriaId":"86C4679F-F13F-4A97-AE42-BC54BD0F149C"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp6:express:*:*:*:*:*","matchCriteriaId":"114E5E3E-84B2-4DD3-98FC-2ABFFA41BAD4"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp6:win32:*:*:*:*:*","matchCriteriaId":"883ABAC3-3D2D-4D1A-8125-96A7CC0CE93D"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp7:*:*:*:*:*:*","matchCriteriaId":"EF96A26E-7284-43A0-BD6A-907E1029197D"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp7:express:*:*:*:*:*","matchCriteriaId":"9B6656CF-65ED-4F8E-B9F2-75A9DC1571D7"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp7:win32:*:*:*:*:*","matchCriteriaId":"0DDF3D79-F7B0-4FB2-B22C-B432BDC24B04"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp8:*:*:*:*:*:*","matchCriteriaId":"C8479B6C-464F-41BC-BF81-31EA74CEF4D2"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp8:express:*:*:*:*:*","matchCriteriaId":"7C013AE2-4B06-437A-815F-FAADD28CFA85"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp8:win32:*:*:*:*:*","matchCriteriaId":"F13D9A20-173F-46AB-8473-E69F6D617112"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp9:*:*:*:*:*:*","matchCriteriaId":"B08241CF-0F3D-44E2-8D72-4F98413933EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp9:express:*:*:*:*:*","matchCriteriaId":"D7306C09-BFBA-4DC0-8EA1-E5A5C0BC080F"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp9:win32:*:*:*:*:*","matchCriteriaId":"BC28783D-34C6-49B7-A02F-059DED18E71D"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:6.1:*:*:*:*:*:*:*","matchCriteriaId":"1FDCF6AE-43DC-4AE5-9260-CA657F40BE77"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:6.1:*:express:*:*:*:*:*","matchCriteriaId":"05AFBE78-C611-4EA2-8B00-5F8B61696CBE"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:6.1:*:win32:*:*:*:*:*","matchCriteriaId":"AC5439C1-D06F-44C6-94F5-2BD8598A506C"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:6.1:sp1:*:*:*:*:*:*","matchCriteriaId":"5DFE26B3-31F2-4FC0-854D-56EA4D08C28A"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:6.1:sp1:express:*:*:*:*:*","matchCriteriaId":"C3B7752C-B297-480A-B3FC-948EA081670C"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:6.1:sp1:win32:*:*:*:*:*","matchCriteriaId":"E40C38EC-ECA4-4F0C-8468-16191CDB9997"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:6.1:sp2:*:*:*:*:*:*","matchCriteriaId":"63017BF8-D681-45EC-9C31-09D029F1126D"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:6.1:sp2:express:*:*:*:*:*","matchCriteriaId":"71892EC0-E6B1-4214-AC53-06489F711829"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:6.1:sp2:win32:*:*:*:*:*","matchCriteriaId":"C4FD8871-680E-40F9-85AB-417B5195D4BE"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:6.1:sp3:*:*:*:*:*:*","matchCriteriaId":"8E0B1791-974A-4967-8CF9-33BE8183200B"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:6.1:sp3:express:*:*:*:*:*","matchCriteriaId":"696F52AE-FEB9-4090-872E-FDFD969F5604"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:6.1:sp3:win32:*:*:*:*:*","matchCriteriaId":"2B4BC3F5-BFE8-4834-B427-B6260D5B7A85"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:6.1:sp4:*:*:*:*:*:*","matchCriteriaId":"7B12A8B1-F78E-46B3-8872-4C6484345477"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:6.1:sp4:express:*:*:*:*:*","matchCriteriaId":"DCED03B6-7565-4F53-8D85-F3391BF66988"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:6.1:sp4:win32:*:*:*:*:*","matchCriteriaId":"D2FE768F-363B-49BC-8410-739B164FB32E"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:6.1:sp5:*:*:*:*:*:*","matchCriteriaId":"CB2FB0E9-3812-49C5-94F4-3B39D5BE2EED"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:6.1:sp5:express:*:*:*:*:*","matchCriteriaId":"B70F0353-635F-465B-A7E5-AF2D017AB008"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:6.1:sp5:win32:*:*:*:*:*","matchCriteriaId":"D3DA28D0-18CC-4F99-AABB-EC7863CBD455"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:6.1:sp6:*:*:*:*:*:*","matchCriteriaId":"6B091903-943F-4822-9F24-9D109B2D76A4"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:6.1:sp6:win32:*:*:*:*:*","matchCriteriaId":"CE1D6EE4-8545-4D0A-A50B-C8009F054DC2"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*","matchCriteriaId":"F9C5AFCF-79D8-4005-B800-B0C6BD461276"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:7.0:*:express:*:*:*:*:*","matchCriteriaId":"FBDF3AC0-0680-4EEE-898C-47D194667BE2"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:7.0:*:win32:*:*:*:*:*","matchCriteriaId":"8DEDDAF2-555D-4425-B4B6-65B1E9C21FF1"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*","matchCriteriaId":"6828CE4B-91E8-4688-977F-DC7BC21131C8"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:7.0:sp1:express:*:*:*:*:*","matchCriteriaId":"BBDB9094-78E8-4CBF-9F5F-321D5174F1EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:7.0:sp1:win32:*:*:*:*:*","matchCriteriaId":"9CD2BB36-AC0B-48E9-91E1-A4465896E87A"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:7.0:sp2:*:*:*:*:*:*","matchCriteriaId":"E141AA86-C6D0-4FA8-9268-0FB0635DF9CF"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:7.0:sp2:express:*:*:*:*:*","matchCriteriaId":"6FB8930F-C6D8-40B9-8D08-751F5B47229B"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:7.0:sp2:win32:*:*:*:*:*","matchCriteriaId":"A5C59B80-279B-45B3-9CC1-5A263681025B"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:7.0:sp3:*:*:*:*:*:*","matchCriteriaId":"893D9D88-43C4-4F9F-A364-0585DE6FA9E9"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:7.0:sp3:express:*:*:*:*:*","matchCriteriaId":"D59F9859-7344-43F0-9348-E57FABB9E431"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:7.0:sp3:win32:*:*:*:*:*","matchCriteriaId":"D2D05BAB-AB3B-466E-8301-01A41644DE77"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:7.0:sp4:*:*:*:*:*:*","matchCriteriaId":"D34E2925-DE2A-437F-B349-BD7103F4C37E"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:7.0:sp4:express:*:*:*:*:*","matchCriteriaId":"0A4EC87D-EF83-48C5-B516-A6A482D9F525"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:7.0:sp4:win32:*:*:*:*:*","matchCriteriaId":"935F28E3-9799-4EF6-AB83-62E9C214DD0D"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:*","matchCriteriaId":"E08D4CEA-9ACC-4869-BC87-3524A059914F"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:8.1:*:express:*:*:*:*:*","matchCriteriaId":"ADED8968-EA9C-4F0E-AD2F-BC834F4D8A58"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:8.1:*:win32:*:*:*:*:*","matchCriteriaId":"A3DFE048-905E-4890-809D-F6BCEF7F83C9"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*","matchCriteriaId":"6F5B2A06-CE19-4A57-9566-09FC1E259CDB"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:*:*:*:*:*","matchCriteriaId":"F7560131-A6AC-4BBB-AA2D-C7C63AB51226"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:8.1:sp1:win32:*:*:*:*:*","matchCriteriaId":"349036A0-B5E2-4656-8D2D-26BEE9EF9DFB"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:8.1:sp2:*:*:*:*:*:*","matchCriteriaId":"D18E22CC-A0FC-4BC7-AD39-2645F57486C1"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:8.1:sp2:express:*:*:*:*:*","matchCriteriaId":"893C2387-03E3-4F8E-9029-BC64C64239EF"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:8.1:sp2:win32:*:*:*:*:*","matchCriteriaId":"D00633D1-4B38-48D9-B5CD-E8D66EA90599"}]}]}],"references":[{"url":"http://dev2dev.bea.com/pub/advisory/68","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://secunia.com/advisories/10726","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.kb.cert.org/vuls/id/867593","source":"cve@mitre.org","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.osvdb.org/3726","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/9506","source":"cve@mitre.org","tags":["Patch"]},{"url":"http://www.securitytracker.com/alerts/2004/Jan/1008866.html","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/14959","source":"cve@mitre.org"},{"url":"http://dev2dev.bea.com/pub/advisory/68","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://secunia.com/advisories/10726","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.kb.cert.org/vuls/id/867593","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.osvdb.org/3726","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/9506","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"http://www.securitytracker.com/alerts/2004/Jan/1008866.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/14959","source":"af854a3a-2127-422b-91ae-364da2661108"}],"vendorComments":[{"organization":"Red Hat","comment":"The Apache Software Foundation do not treat this as a security issue. A configuration change can be made to disable the ability to respond to HTTP TRACE requests if required.\n\nFor more information please see:\nhttp://www.apacheweek.com/issues/03-01-24#news","lastModified":"2008-03-05T00:00:00"}]}},{"cve":{"id":"CVE-2008-4309","sourceIdentifier":"secalert@redhat.com","published":"2008-10-31T20:29:09.497","lastModified":"2026-05-28T19:16:22.167","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow,  related to the number of responses or repeats."},{"lang":"es","value":"El código getbulk en net-snmp 5.4 antes de v5.4.2.1, 5.3 antes de v5.3.2.3, y 5.2 antes de v5.2.5.1 permite a atacantes remotos   provocar una denegación de servicio (caída) mediante vectores relacionados con el número de respuestas o repeticiones."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:net-snmp:net-snmp:5.2.5:*:*:*:*:*:*:*","matchCriteriaId":"6F129CD3-B1ED-4FF4-8A86-2F76898E8915"},{"vulnerable":true,"criteria":"cpe:2.3:a:net-snmp:net-snmp:5.3.2.2:*:*:*:*:*:*:*","matchCriteriaId":"53505415-38BE-4EDC-824E-B64B5BF5B0D0"},{"vulnerable":true,"criteria":"cpe:2.3:a:net-snmp:net-snmp:5.4:*:*:*:*:*:*:*","matchCriteriaId":"950BC4AA-60A3-4512-A452-F205FF843C29"}]}]}],"references":[{"url":"http://lists.apple.com/archives/security-announce/2009/May/msg00002.html","source":"secalert@redhat.com"},{"url":"http://lists.apple.com/archives/security-announce/2010//Dec/msg00001.html","source":"secalert@redhat.com"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html","source":"secalert@redhat.com"},{"url":"http://marc.info/?l=bugtraq&m=125017764422557&w=2","source":"secalert@redhat.com"},{"url":"http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/tags/Ext-5-2-5-1/net-snmp/agent/snmp_agent.c?r1=17271&r2=17272&pathrev=17272","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"http://secunia.com/advisories/32539","source":"secalert@redhat.com"},{"url":"http://secunia.com/advisories/32560","source":"secalert@redhat.com"},{"url":"http://secunia.com/advisories/32664","source":"secalert@redhat.com"},{"url":"http://secunia.com/advisories/32711","source":"secalert@redhat.com"},{"url":"http://secunia.com/advisories/33003","source":"secalert@redhat.com"},{"url":"http://secunia.com/advisories/33095","source":"secalert@redhat.com"},{"url":"http://secunia.com/advisories/33631","source":"secalert@redhat.com"},{"url":"http://secunia.com/advisories/33746","source":"secalert@redhat.com"},{"url":"http://secunia.com/advisories/33821","source":"secalert@redhat.com"},{"url":"http://secunia.com/advisories/35074","source":"secalert@redhat.com"},{"url":"http://secunia.com/advisories/35679","source":"secalert@redhat.com"},{"url":"http://security.gentoo.org/glsa/glsa-200901-15.xml","source":"secalert@redhat.com"},{"url":"http://sourceforge.net/forum/forum.php?forum_id=882903","source":"secalert@redhat.com"},{"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-26-262908-1","source":"secalert@redhat.com"},{"url":"http://support.apple.com/kb/HT3549","source":"secalert@redhat.com"},{"url":"http://support.apple.com/kb/HT4298","source":"secalert@redhat.com"},{"url":"http://support.avaya.com/elmodocs2/security/ASA-2008-467.htm","source":"secalert@redhat.com"},{"url":"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0315","source":"secalert@redhat.com"},{"url":"http://www.debian.org/security/2008/dsa-1663","source":"secalert@redhat.com"},{"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:225","source":"secalert@redhat.com"},{"url":"http://www.openwall.com/lists/oss-security/2008/10/31/1","source":"secalert@redhat.com"},{"url":"http://www.redhat.com/support/errata/RHSA-2008-0971.html","source":"secalert@redhat.com"},{"url":"http://www.securityfocus.com/archive/1/498280/100/0/threaded","source":"secalert@redhat.com"},{"url":"http://www.securityfocus.com/bid/32020","source":"secalert@redhat.com"},{"url":"http://www.securitytracker.com/id?1021129","source":"secalert@redhat.com"},{"url":"http://www.ubuntu.com/usn/usn-685-1","source":"secalert@redhat.com"},{"url":"http://www.us-cert.gov/cas/techalerts/TA09-133A.html","source":"secalert@redhat.com","tags":["US Government Resource"]},{"url":"http://www.vmware.com/security/advisories/VMSA-2009-0001.html","source":"secalert@redhat.com"},{"url":"http://www.vupen.com/english/advisories/2008/2973","source":"secalert@redhat.com"},{"url":"http://www.vupen.com/english/advisories/2008/3400","source":"secalert@redhat.com"},{"url":"http://www.vupen.com/english/advisories/2009/0301","source":"secalert@redhat.com"},{"url":"http://www.vupen.com/english/advisories/2009/1297","source":"secalert@redhat.com"},{"url":"http://www.vupen.com/english/advisories/2009/1771","source":"secalert@redhat.com"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/46262","source":"secalert@redhat.com"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6171","source":"secalert@redhat.com"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6353","source":"secalert@redhat.com"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9860","source":"secalert@redhat.com"},{"url":"http://lists.apple.com/archives/security-announce/2009/May/msg00002.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://lists.apple.com/archives/security-announce/2010//Dec/msg00001.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://marc.info/?l=bugtraq&m=125017764422557&w=2","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/tags/Ext-5-2-5-1/net-snmp/agent/snmp_agent.c?r1=17271&r2=17272&pathrev=17272","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://secunia.com/advisories/32539","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://secunia.com/advisories/32560","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://secunia.com/advisories/32664","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://secunia.com/advisories/32711","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://secunia.com/advisories/33003","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://secunia.com/advisories/33095","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://secunia.com/advisories/33631","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://secunia.com/advisories/33746","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://secunia.com/advisories/33821","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://secunia.com/advisories/35074","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://secunia.com/advisories/35679","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://security.gentoo.org/glsa/glsa-200901-15.xml","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://sourceforge.net/forum/forum.php?forum_id=882903","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-26-262908-1","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://support.apple.com/kb/HT3549","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://support.apple.com/kb/HT4298","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://support.avaya.com/elmodocs2/security/ASA-2008-467.htm","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0315","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.debian.org/security/2008/dsa-1663","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:225","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2008/10/31/1","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.redhat.com/support/errata/RHSA-2008-0971.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/archive/1/498280/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/32020","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id?1021129","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.ubuntu.com/usn/usn-685-1","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.us-cert.gov/cas/techalerts/TA09-133A.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["US Government Resource"]},{"url":"http://www.vmware.com/security/advisories/VMSA-2009-0001.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.vupen.com/english/advisories/2008/2973","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.vupen.com/english/advisories/2008/3400","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.vupen.com/english/advisories/2009/0301","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.vupen.com/english/advisories/2009/1297","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.vupen.com/english/advisories/2009/1771","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/46262","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6171","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6353","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9860","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2008-5161","sourceIdentifier":"cve@mitre.org","published":"2008-11-19T17:30:00.670","lastModified":"2026-05-28T19:16:22.650","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors."},{"lang":"es","value":"Error en el manejo del protocolo SSH en (1) SSH Tectia Client y Server y Connector 4v.0 a la v4.4.11, v5.0 a la v5.2.4, y v5.3 a la v5.3.8; Client y Server y ConnectSecure v6.0 a la v6.0.4; Server para Linux sobre IBM System z v6.0.4; Server para IBM z/OS v5.5.1 y anteriores, v6.0.0, y v6.0.1; y Client v4.0-J a la v4.3.3-J y v4.0-K a la v4.3.10-K; y (2) OpenSSH v4.7p1 y posiblemente otras versiones, cuando usan un  algoritmo de bloque  cifrado en el modo Cipher Block Chaining (CBC), facilita a los atacantes remotos el conseguir cierta información en texto plano desde cualquier bloque de texto cifrado de su elección en una sessión SSH mediante vectores de ataque desconocidos."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:P/I:N/A:N","baseScore":2.6,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":4.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-329"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:4.7p1:*:*:*:*:*:*:*","matchCriteriaId":"3B042083-6D26-4A91-B3F6-E6D46266FF60"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_client:4.0:*:*:*:*:*:*:*","matchCriteriaId":"6693DC2D-CDA1-4E37-9569-58874F55A48A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_client:4.0.1:*:*:*:*:*:*:*","matchCriteriaId":"16CDE975-9E08-493B-9385-3EC2CABC4A15"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_client:4.0.3:*:*:*:*:*:*:*","matchCriteriaId":"8A63EA6B-2400-48C4-924D-3509971CCBEE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_client:4.0.4:*:*:*:*:*:*:*","matchCriteriaId":"0658F08E-2596-4D8E-91AA-44A9DBE8F151"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_client:4.0.5:*:*:*:*:*:*:*","matchCriteriaId":"74169893-A34F-49FB-8C83-36C4AA808925"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_client:4.2:*:*:*:*:*:*:*","matchCriteriaId":"013E94CC-AF68-44D0-826F-28B1825A8DA0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_client:4.2.1:*:*:*:*:*:*:*","matchCriteriaId":"C9981E30-0D54-4464-8287-E450E7E8F770"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_client:4.3:*:*:*:*:*:*:*","matchCriteriaId":"4ED17577-F56D-48DF-8863-B4FF039C47D7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_client:4.3.1:*:*:*:*:*:*:*","matchCriteriaId":"B74A91E2-C93E-49F4-B349-8E4CEC285C03"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_client:4.3.1j:*:*:*:*:*:*:*","matchCriteriaId":"FBF7244A-BFF7-4C7C-82FF-6B53236DB86D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_client:4.3.2:*:*:*:*:*:*:*","matchCriteriaId":"5BADA4CC-FC94-427A-AF93-9AAFDAADDB91"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_client:4.3.2j:*:*:*:*:*:*:*","matchCriteriaId":"1356E837-2CF3-4AF9-80DD-FA2A97B3B2F1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_client:4.3.3:*:*:*:*:*:*:*","matchCriteriaId":"8F1D6B7F-8B52-42C0-8613-740CACFB3463"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_client:4.3.4:*:*:*:*:*:*:*","matchCriteriaId":"D5024EC6-2A47-4ACE-A661-B78D314C7D0F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_client:4.3.5:*:*:*:*:*:*:*","matchCriteriaId":"FA64A6E8-0EB7-4BCA-A7AA-245A466C2F22"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_client:4.3.6:*:*:*:*:*:*:*","matchCriteriaId":"5058DC44-835D-4BD9-B550-E5CB22F6475F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_client:4.3.7:*:*:*:*:*:*:*","matchCriteriaId":"23ED4911-6CF5-4562-B421-A328D7BE0291"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_client:4.3.8k:*:*:*:*:*:*:*","matchCriteriaId":"E7F3388A-39FA-4A3A-819A-764A16AAEB54"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_client:4.3.9k:*:*:*:*:*:*:*","matchCriteriaId":"C90B0480-C558-41BD-A16C-AD63DA1C09C6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_client:4.4:*:*:*:*:*:*:*","matchCriteriaId":"81DDF3D8-35EA-4677-B1AC-1CA674EEBCD3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_client:4.4.1:*:*:*:*:*:*:*","matchCriteriaId":"F37366E9-F1B6-4458-AE1C-790405AC8740"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_client:4.4.2:*:*:*:*:*:*:*","matchCriteriaId":"8C727829-5E3A-41F6-BAB3-01AED39674D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_client:4.4.3:*:*:*:*:*:*:*","matchCriteriaId":"1CF57477-FB53-49CC-BAD4-CDC0FD9363F5"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_client:4.4.4:*:*:*:*:*:*:*","matchCriteriaId":"65FB72FC-37EE-4D42-893E-9C0924EEA2E5"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_client:4.4.6:*:*:*:*:*:*:*","matchCriteriaId":"D863ED8D-2B63-4497-B250-6AFA29D6D9D2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_client:4.4.7:*:*:*:*:*:*:*","matchCriteriaId":"D2BF5D4C-DFF8-4094-82A6-A1302169CD43"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_client:4.4.8:*:*:*:*:*:*:*","matchCriteriaId":"F5C5413C-47F1-4E3B-B618-2AECECA780FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_client:4.4.9:*:*:*:*:*:*:*","matchCriteriaId":"490A294D-AB7C-45C2-B887-1C3D2992AD91"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_client:4.4.10:*:*:*:*:*:*:*","matchCriteriaId":"43712853-9002-4778-9036-754262880B3C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_client:4.4.11:*:*:*:*:*:*:*","matchCriteriaId":"41A83090-D05D-40DD-AA29-F032CC165A9A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_client:5.0.0:*:*:*:*:*:*:*","matchCriteriaId":"C5BCE145-44F4-4FED-8936-3AEBF8B38357"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_client:5.0.0f:*:*:*:*:*:*:*","matchCriteriaId":"888C2DE3-2874-4310-9584-3AC96A82C306"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_client:5.0.1:*:*:*:*:*:*:*","matchCriteriaId":"FB6587AA-E91D-4194-81D0-FCF1AA382CAB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_client:5.0.1f:*:*:*:*:*:*:*","matchCriteriaId":"237D84A0-3FC3-4CFD-9454-ACD9E42DCC4C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_client:5.0.2:*:*:*:*:*:*:*","matchCriteriaId":"A6B2C7F5-8182-48B8-AA8A-C0F45978D3D4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_client:5.0.2f:*:*:*:*:*:*:*","matchCriteriaId":"F5EAC7A0-CD7D-4AE9-8421-9CDFFD073B5C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_client:5.0.3:*:*:*:*:*:*:*","matchCriteriaId":"17855D5D-BDF5-48D3-9D71-694A3D41A826"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_client:5.0.3f:*:*:*:*:*:*:*","matchCriteriaId":"3915E4A8-6CCF-44A3-85B9-70651137C084"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_client:5.1.0:*:*:*:*:*:*:*","matchCriteriaId":"0A5DEDB4-7E16-4356-B080-09BCDA68772F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_client:5.1.1:*:*:*:*:*:*:*","matchCriteriaId":"FC9DBDC7-DDF0-4596-84BC-E4E05F47F938"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_client:5.1.2:*:*:*:*:*:*:*","matchCriteriaId":"36FA61F9-CE29-47B0-AF2A-B1045A59018E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_client:5.1.3:*:*:*:*:*:*:*","matchCriteriaId":"9B338837-6346-48FC-A4D7-011EC20ACF61"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_client:5.2.0:*:*:*:*:*:*:*","matchCriteriaId":"8644D458-786D-4310-BAA8-40B2E27EA966"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_client:5.2.1:*:*:*:*:*:*:*","matchCriteriaId":"D4746C2E-91B1-4341-9CCD-78191BDF9A28"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_client:5.2.2:*:*:*:*:*:*:*","matchCriteriaId":"5F3FCC3E-F3D5-4F90-B64F-85576E8B776B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_client:5.2.3:*:*:*:*:*:*:*","matchCriteriaId":"17672CBB-A79F-4B91-9B01-193F960A4611"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_client:5.2.4:*:*:*:*:*:*:*","matchCriteriaId":"177E5CE0-A518-447F-9397-FC527E367077"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_client:5.3.0:*:*:*:*:*:*:*","matchCriteriaId":"5C808743-BFAF-4BB4-B0F0-13DF2C7D5531"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_client:5.3.1:*:*:*:*:*:*:*","matchCriteriaId":"FB90715C-E50C-4682-8C94-DE5CBCAA9965"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_client:5.3.2:*:*:*:*:*:*:*","matchCriteriaId":"6A8F8009-3586-4989-B180-2F46503DA59B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_client:5.3.3:*:*:*:*:*:*:*","matchCriteriaId":"44DDAAA8-185D-47FE-8434-E2FC000BD926"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_client:5.3.5:*:*:*:*:*:*:*","matchCriteriaId":"F2E5D670-FB1F-4560-A5A0-149FB4FCD2CF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_client:5.3.6:*:*:*:*:*:*:*","matchCriteriaId":"49A0662D-9356-4DC9-8082-58DBEE5C65FB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_client:5.3.7:*:*:*:*:*:*:*","matchCriteriaId":"4E858413-3408-4A77-B56D-5016959FC690"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_client:5.3.8:*:*:*:*:*:*:*","matchCriteriaId":"CFFB475D-7996-48B3-8886-9000C6230414"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_client:6.0.0:*:*:*:*:*:*:*","matchCriteriaId":"5E56BFE1-044A-45AC-BF9C-C0CFBD2F8C7E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_client:6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"4E72BBCB-636C-4939-90B7-308223E433EA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_client:6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"A5884968-F218-4CD4-AD4B-4C0CD26EF674"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_client:6.0.3:*:*:*:*:*:*:*","matchCriteriaId":"56FD197E-27E9-4AF4-8A84-E1D0A7FD14DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_client:6.0.4:*:*:*:*:*:*:*","matchCriteriaId":"5DCD63A2-B666-4F5E-9D17-ED38B0BF973C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_connector:4.0.7:*:*:*:*:*:*:*","matchCriteriaId":"63E32B6A-AF41-4AEA-B55B-52B821106D00"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_connector:4.1.2:*:*:*:*:*:*:*","matchCriteriaId":"0BC18FBF-1C2E-4D2F-9D3C-C6578CCBDB50"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_connector:4.1.3:*:*:*:*:*:*:*","matchCriteriaId":"0824B78E-EB43-4D74-9062-79D0F273B06E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_connector:4.1.5:*:*:*:*:*:*:*","matchCriteriaId":"0A76B02F-C2C8-4A35-A60A-EC74F43B8895"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_connector:4.2.0:*:*:*:*:*:*:*","matchCriteriaId":"F8CD470B-274F-421C-AD4D-6D076935D741"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_connector:4.3.0:*:*:*:*:*:*:*","matchCriteriaId":"C30FE48E-857E-441C-B497-B6E541D2913F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_connector:4.3.4:*:*:*:*:*:*:*","matchCriteriaId":"1A813EED-25AC-4191-92E8-58C1BC7D1E5B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_connector:4.3.5:*:*:*:*:*:*:*","matchCriteriaId":"8719CEF9-6753-495B-9ACB-9E323CB7BCDB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_connector:4.4.0:*:*:*:*:*:*:*","matchCriteriaId":"553D3277-1B91-4998-A610-7E5D3E2C1413"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_connector:4.4.2:*:*:*:*:*:*:*","matchCriteriaId":"17886B3D-394C-4C94-93B2-FAB23B45C880"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_connector:4.4.4:*:*:*:*:*:*:*","matchCriteriaId":"7584F9C5-41E9-4F84-9849-B5D604BB55A8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_connector:4.4.6:*:*:*:*:*:*:*","matchCriteriaId":"00008DAA-F66D-484B-941B-944F3E684981"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_connector:4.4.7:*:*:*:*:*:*:*","matchCriteriaId":"EEF4DE0B-ED77-49CE-AE0C-2AF2AE35FB78"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_connector:4.4.9:*:*:*:*:*:*:*","matchCriteriaId":"38EF9A76-6D83-4C99-A1DE-DC7E5AF28731"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_connector:4.4.10:*:*:*:*:*:*:*","matchCriteriaId":"3C13F8DE-007E-467E-9872-9C4A951F1EE5"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_connector:5.0.0:*:*:*:*:*:*:*","matchCriteriaId":"698824F0-DDFA-4469-8D42-59A56ACD6B5D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_connector:5.0.1:*:*:*:*:*:*:*","matchCriteriaId":"30A3B9E9-3643-443B-A19A-2AE989832C50"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_connector:5.0.2:*:*:*:*:*:*:*","matchCriteriaId":"F86A43A5-0906-405E-B3D0-250DA24A9093"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_connector:5.0.3:*:*:*:*:*:*:*","matchCriteriaId":"3126AFB2-A043-4C51-8402-D36D2F62AA73"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_connector:5.1.0:*:*:*:*:*:*:*","matchCriteriaId":"B00D37C5-5C79-46F9-97B7-555E48C53796"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_connector:5.1.1:*:*:*:*:*:*:*","matchCriteriaId":"55A817B6-CD13-4E0A-99DD-C5C39DF04C8E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_connector:5.1.2:*:*:*:*:*:*:*","matchCriteriaId":"6C6F7054-6EDF-4F25-945E-E24F00A4A2B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_connector:5.1.3:*:*:*:*:*:*:*","matchCriteriaId":"16BEBCBF-8826-4451-9B6B-802BD8A4FA99"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_connector:5.2.2:*:*:*:*:*:*:*","matchCriteriaId":"59F1EE63-6CF7-440D-BC5B-23D721996275"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_connector:5.3.0:*:*:*:*:*:*:*","matchCriteriaId":"5C446EEE-3D06-485D-A031-2DA2A6501712"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_connector:5.3.1:*:*:*:*:*:*:*","matchCriteriaId":"7F90B0C0-1CA9-47F8-B603-D6C15CF33352"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_connector:5.3.2:*:*:*:*:*:*:*","matchCriteriaId":"D7292ADB-5D2C-4569-93B5-76125D71E3AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_connector:5.3.3:*:*:*:*:*:*:*","matchCriteriaId":"2810AD0C-4C6F-4B07-8D72-2D640219AE82"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_connector:5.3.7:*:*:*:*:*:*:*","matchCriteriaId":"06C3FAFB-90D2-4C6D-A210-27297926433E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_connector:5.3.8:*:*:*:*:*:*:*","matchCriteriaId":"78E26C82-CA31-4EBB-9635-D895B04D90E5"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_connectsecure:6.0.0:*:*:*:*:*:*:*","matchCriteriaId":"170C4ADE-68C7-4F73-BD64-800D8E07F5E3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_connectsecure:6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"7FB022A4-BFF0-4154-A8B6-C38B6C09A1BD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_connectsecure:6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"026CCB02-C710-4AEA-B002-852AD4A3DCDB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_connectsecure:6.0.3:*:*:*:*:*:*:*","matchCriteriaId":"02ACCEFF-1301-4118-BFCA-877F7A1D84B6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_connectsecure:6.0.4:*:*:*:*:*:*:*","matchCriteriaId":"625EE79F-33C9-4272-A37C-F82921950EA2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:4.0:*:*:*:*:*:*:*","matchCriteriaId":"3E4480D2-1B5C-443D-8D7F-976885C33BDA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:4.0.3:*:*:*:*:*:*:*","matchCriteriaId":"795DEA94-79D6-4132-B205-AB098E92216A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:4.0.4:*:*:*:*:*:*:*","matchCriteriaId":"CD05A3E8-105D-4712-8BBE-2D5CF4F78890"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:4.0.5:*:*:*:*:*:*:*","matchCriteriaId":"8D6691FF-77F2-4AE3-B49F-BFB8744AD046"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:4.0.7:*:*:*:*:*:*:*","matchCriteriaId":"E58648AC-7288-46EC-B2BB-0805626BA31C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:4.1.2:*:*:*:*:*:*:*","matchCriteriaId":"3F8A31AD-D2E8-45DC-BF80-BD102B1FBC83"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:4.1.3:*:*:*:*:*:*:*","matchCriteriaId":"62FBDA08-566F-4D21-8186-4A287FD2F107"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:4.1.5:*:*:*:*:*:*:*","matchCriteriaId":"8B1DB64D-028A-422F-B106-873A45789A89"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:4.2.0:*:*:*:*:*:*:*","matchCriteriaId":"12509D69-71AF-48AF-986F-04A7E248011A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:4.2.1:*:*:*:*:*:*:*","matchCriteriaId":"075B6E8D-4C4B-4E98-94C6-52B842BE65FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:4.2.2:*:*:*:*:*:*:*","matchCriteriaId":"BEDF9DB2-6C3D-4BF5-BF55-818C3932CF93"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:4.3:*:*:*:*:*:*:*","matchCriteriaId":"27B99F6E-712C-4205-9185-26F543EFC881"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:4.3.0:*:*:*:*:*:*:*","matchCriteriaId":"F31FAA8F-EE03-4A7F-B0DE-BB4CE998FEB8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:4.3.1:*:*:*:*:*:*:*","matchCriteriaId":"0AF0262B-1451-40CA-9DD1-F2DEA793BD61"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:4.3.2:*:*:*:*:*:*:*","matchCriteriaId":"C27E0224-9431-49EF-8B32-850CDF6FFFE4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:4.3.3:*:*:*:*:*:*:*","matchCriteriaId":"88A88A21-7427-4452-8C2A-6C31542FA83C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:4.3.4:*:*:*:*:*:*:*","matchCriteriaId":"A3DCEAA0-509A-4978-BE53-0CBE084366FF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:4.3.5:*:*:*:*:*:*:*","matchCriteriaId":"3203DC73-05F2-4A28-9E62-3D87B482586A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:4.3.6:*:*:*:*:*:*:*","matchCriteriaId":"9BDA1AAC-3FCF-47D8-A6B4-9DB0D776CE14"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:4.3.7:*:*:*:*:*:*:*","matchCriteriaId":"64F4CDF1-695A-4677-A829-74BB365BF4FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:4.4:*:*:*:*:*:*:*","matchCriteriaId":"BBEF55DD-FC87-42A3-9DAF-9862AA9649CB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:4.4.0:*:*:*:*:*:*:*","matchCriteriaId":"61188360-C55E-47AD-8C3E-043689249DA4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:4.4.1:*:*:*:*:*:*:*","matchCriteriaId":"5A5BCE08-8940-4658-A4D7-5CAD33D3751C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:4.4.2:*:*:*:*:*:*:*","matchCriteriaId":"DC0FA974-7671-4FB7-BB36-274B5970EBAB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:4.4.4:*:*:*:*:*:*:*","matchCriteriaId":"011F841A-4F1B-49B2-B379-9FE126141568"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:4.4.5:*:*:*:*:*:*:*","matchCriteriaId":"B3C54819-CF51-4BBE-873F-4A0E2072D10F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:4.4.6:*:*:*:*:*:*:*","matchCriteriaId":"743C5472-860C-48A6-AED7-BB00B6E91440"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:4.4.7:*:*:*:*:*:*:*","matchCriteriaId":"2094ACB3-635A-437D-AF0E-4BFEB496EDF1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:4.4.8:*:*:*:*:*:*:*","matchCriteriaId":"40BE9A01-DEE5-4CD4-8C01-6689707A47EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:4.4.9:*:*:*:*:*:*:*","matchCriteriaId":"2838C7E9-F247-491B-AAD1-680927044C24"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:4.4.10:*:*:*:*:*:*:*","matchCriteriaId":"EAB99E2A-AF4D-4436-9C4F-EB043F8D16A8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:4.4.11:*:*:*:*:*:*:*","matchCriteriaId":"86E5680C-2E57-4BFA-9D60-B560BA819039"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:5.0.0:*:*:*:*:*:*:*","matchCriteriaId":"83D8769C-E438-4805-955A-4EA7A274F036"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:5.0.1:*:*:*:*:*:*:*","matchCriteriaId":"3B2E96C8-F8F8-4002-B242-3ADDF1E84B7D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:5.0.2:*:*:*:*:*:*:*","matchCriteriaId":"D2ADC814-3F33-47F6-AE27-7233F5D337AF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:5.0.3:*:*:*:*:*:*:*","matchCriteriaId":"5B56052F-6768-41D6-9E91-F1377EB4E122"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:5.1.0:*:*:*:*:*:*:*","matchCriteriaId":"9803DD4B-C48D-45EA-8154-C1C626DBDED2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:5.1.1:*:*:*:*:*:*:*","matchCriteriaId":"702A52AE-4E48-4138-8856-9EBE5A8DA964"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:5.1.1:*:ibm_zos:*:*:*:*:*","matchCriteriaId":"B8C108AB-0C7C-4B58-8B54-C92C95A6B65D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:5.1.2:*:*:*:*:*:*:*","matchCriteriaId":"509B3B08-533C-46CE-B53F-5A2BFC553C53"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:5.1.3:*:*:*:*:*:*:*","matchCriteriaId":"F0F992DB-F70C-4473-8C33-B5F59BD83A57"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:5.2.0:*:*:*:*:*:*:*","matchCriteriaId":"84D8E570-70B9-42CF-9764-238AAF6B380F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:5.2.0:*:ibm_zos:*:*:*:*:*","matchCriteriaId":"9E582465-CC4A-4827-8C1F-548F01D6FCF1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:5.2.1:*:ibm_zos:*:*:*:*:*","matchCriteriaId":"60515678-F93E-46CC-94EF-0EF9B2091D76"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:5.2.2:*:*:*:*:*:*:*","matchCriteriaId":"4054251B-98C7-4AC9-B610-BA0EB250972C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:5.2.2:*:ibm_zos:*:*:*:*:*","matchCriteriaId":"5B4AC671-C67D-46EC-9FB2-720F0DC3D4EF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:5.2.3:*:*:*:*:*:*:*","matchCriteriaId":"6A93E9C5-91A4-4FC1-871B-ECE0E0FAFAA0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:5.2.4:*:*:*:*:*:*:*","matchCriteriaId":"958F4FB0-C7DA-48D8-9500-A4A43ED807E3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:5.3.0:*:*:*:*:*:*:*","matchCriteriaId":"8D772EE8-FB18-4431-89D8-FAF42797A2DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:5.3.0:*:ibm_zos:*:*:*:*:*","matchCriteriaId":"A3A30FB0-35AB-4CF2-B74D-68015044770B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:5.3.1:*:*:*:*:*:*:*","matchCriteriaId":"75DA0AC9-E2BF-40C7-B970-43D0283FCC6A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:5.3.2:*:*:*:*:*:*:*","matchCriteriaId":"EA26CDDC-24FD-4FFD-BA5E-79F55BC8DA00"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:5.3.3:*:*:*:*:*:*:*","matchCriteriaId":"1003EDA5-E22E-4A4E-A289-660E823EE71F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:5.3.4:*:*:*:*:*:*:*","matchCriteriaId":"844003FE-63E9-4E2F-83E6-02798B753FB4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:5.3.5:*:*:*:*:*:*:*","matchCriteriaId":"7ED73DCC-6501-4DA8-B0C0-45F1A6E97BF5"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:5.3.6:*:*:*:*:*:*:*","matchCriteriaId":"711A3119-3390-48A9-8579-1D768D66386D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:5.3.7:*:*:*:*:*:*:*","matchCriteriaId":"798BE0FE-52F1-4283-8A0D-3E769A3752C0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:5.3.8:*:*:*:*:*:*:*","matchCriteriaId":"9F77CD27-4E7E-4B4A-9363-FC87B611338A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:5.4.0:*:ibm_zos:*:*:*:*:*","matchCriteriaId":"09B1AFF1-4F5D-42F0-A3A7-91BB9854B561"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:5.4.1:*:ibm_zos:*:*:*:*:*","matchCriteriaId":"01872E42-E249-48AB-9259-FF3B0F3CAA4D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:5.4.2:*:ibm_zos:*:*:*:*:*","matchCriteriaId":"B73B06FD-3452-4900-AE09-44172A1EF174"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:5.5.0:*:ibm_zos:*:*:*:*:*","matchCriteriaId":"DC126AA4-30B6-429B-A981-E4F0BCE03DE6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:5.5.1:*:ibm_zos:*:*:*:*:*","matchCriteriaId":"1932FFE5-DC06-4560-ADA7-4C993B8A880D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:6.0.0:*:*:*:*:*:*:*","matchCriteriaId":"67BA8F3E-57F3-4388-8CD0-431AAA8DDB36"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:6.0.0:*:ibm_zos:*:*:*:*:*","matchCriteriaId":"2BDEED3F-3936-429C-957E-9E3EE455445C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"71C39323-60AF-4CB5-BA5A-1F45353614F7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:6.0.1:*:ibm_zos:*:*:*:*:*","matchCriteriaId":"3FE3D768-A3CF-422A-9EE2-6256E3ADDBEC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"6D8E4B95-A551-4839-995F-5667CD215540"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:6.0.3:*:*:*:*:*:*:*","matchCriteriaId":"8B474CD5-DEC0-49DB-992D-658A3C573982"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:6.0.4:*:*:*:*:*:*:*","matchCriteriaId":"DB98ADBD-7FBB-4495-A71B-8EF9A6EAC33B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:tectia_server:6.0.4:*:linux_ibm_zos:*:*:*:*:*","matchCriteriaId":"356A4B29-4BE7-4D33-8B64-CECCA6C24FAF"}]}]}],"references":[{"url":"http://isc.sans.org/diary.html?storyid=5366","source":"cve@mitre.org"},{"url":"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705","source":"cve@mitre.org"},{"url":"http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html","source":"cve@mitre.org"},{"url":"http://marc.info/?l=bugtraq&m=125017764422557&w=2","source":"cve@mitre.org"},{"url":"http://openssh.org/txt/cbc.adv","source":"cve@mitre.org"},{"url":"http://osvdb.org/49872","source":"cve@mitre.org"},{"url":"http://osvdb.org/50035","source":"cve@mitre.org"},{"url":"http://osvdb.org/50036","source":"cve@mitre.org"},{"url":"http://rhn.redhat.com/errata/RHSA-2009-1287.html","source":"cve@mitre.org"},{"url":"http://secunia.com/advisories/32740","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://secunia.com/advisories/32760","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://secunia.com/advisories/32833","source":"cve@mitre.org"},{"url":"http://secunia.com/advisories/33121","source":"cve@mitre.org"},{"url":"http://secunia.com/advisories/33308","source":"cve@mitre.org"},{"url":"http://secunia.com/advisories/34857","source":"cve@mitre.org"},{"url":"http://secunia.com/advisories/36558","source":"cve@mitre.org"},{"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-247186-1","source":"cve@mitre.org"},{"url":"http://support.apple.com/kb/HT3937","source":"cve@mitre.org"},{"url":"http://support.attachmate.com/techdocs/2398.html","source":"cve@mitre.org"},{"url":"http://support.avaya.com/elmodocs2/security/ASA-2008-503.htm","source":"cve@mitre.org"},{"url":"http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt","source":"cve@mitre.org"},{"url":"http://www.kb.cert.org/vuls/id/958563","source":"cve@mitre.org","tags":["US Government Resource"]},{"url":"http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/CPNI957037.html","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/archive/1/498558/100/0/threaded","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/archive/1/498579/100/0/threaded","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/32319","source":"cve@mitre.org"},{"url":"http://www.securitytracker.com/id?1021235","source":"cve@mitre.org"},{"url":"http://www.securitytracker.com/id?1021236","source":"cve@mitre.org"},{"url":"http://www.securitytracker.com/id?1021382","source":"cve@mitre.org"},{"url":"http://www.ssh.com/company/news/article/953/","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.vupen.com/english/advisories/2008/3172","source":"cve@mitre.org"},{"url":"http://www.vupen.com/english/advisories/2008/3173","source":"cve@mitre.org"},{"url":"http://www.vupen.com/english/advisories/2008/3409","source":"cve@mitre.org"},{"url":"http://www.vupen.com/english/advisories/2009/1135","source":"cve@mitre.org"},{"url":"http://www.vupen.com/english/advisories/2009/3184","source":"cve@mitre.org"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/46620","source":"cve@mitre.org"},{"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667","source":"cve@mitre.org"},{"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10106","source":"cve@mitre.org"},{"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10163","source":"cve@mitre.org"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11279","source":"cve@mitre.org"},{"url":"http://isc.sans.org/diary.html?storyid=5366","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://marc.info/?l=bugtraq&m=125017764422557&w=2","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://openssh.org/txt/cbc.adv","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://osvdb.org/49872","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://osvdb.org/50035","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://osvdb.org/50036","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2009-1287.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://secunia.com/advisories/32740","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://secunia.com/advisories/32760","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://secunia.com/advisories/32833","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://secunia.com/advisories/33121","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://secunia.com/advisories/33308","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://secunia.com/advisories/34857","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://secunia.com/advisories/36558","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-247186-1","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://support.apple.com/kb/HT3937","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://support.attachmate.com/techdocs/2398.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://support.avaya.com/elmodocs2/security/ASA-2008-503.htm","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.kb.cert.org/vuls/id/958563","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["US Government Resource"]},{"url":"http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/CPNI957037.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/archive/1/498558/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/archive/1/498579/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/32319","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id?1021235","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id?1021236","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id?1021382","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.ssh.com/company/news/article/953/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.vupen.com/english/advisories/2008/3172","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.vupen.com/english/advisories/2008/3173","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.vupen.com/english/advisories/2008/3409","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.vupen.com/english/advisories/2009/1135","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.vupen.com/english/advisories/2009/3184","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/46620","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10106","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10163","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11279","source":"af854a3a-2127-422b-91ae-364da2661108"}],"evaluatorComment":"http://securitytracker.com/alerts/2008/Nov/1021235.html\n\nCBC mode connections are affected","evaluatorSolution":"With a valid username and password patches are available at the following link:\nhttps://downloads.ssh.com/","vendorComments":[{"organization":"Red Hat","comment":"This issue was addressed for Red Hat Enterprise Linux 5 by\nhttps://rhn.redhat.com/errata/RHSA-2009-1287.html\n\nAfter reviewing the upstream fix for this issue, Red Hat does not intend to address this flaw in Red Hat Enterprise Linux 3 or 4 at this time.","lastModified":"2009-09-02T00:00:00"}]}},{"cve":{"id":"CVE-2004-2761","sourceIdentifier":"cve@mitre.org","published":"2009-01-05T20:30:02.140","lastModified":"2026-05-28T19:16:21.770","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate."},{"lang":"es","value":"El algoritmo MD5 Message-Digest no resistente a colisión, el cual hace más fácil para atacantes dependientes de contexto, llevar a cabo ataques de suplantación, como lo demuestran los ataques de utilización de MD5 en la firma del algoritmo de un certificado X.509."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-310"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-328"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ietf:md5:-:*:*:*:*:*:*:*","matchCriteriaId":"5DFFBAC4-D50D-4CC4-A12C-9708D3C1199C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:a:ietf:x.509_certificate:-:*:*:*:*:*:*:*","matchCriteriaId":"3009C5D9-9EF8-43B2-BF17-DEBC497994B5"}]}]}],"references":[{"url":"http://blog.mozilla.com/security/2008/12/30/md5-weaknesses-could-lead-to-certificate-forgery/","source":"cve@mitre.org"},{"url":"http://blogs.technet.com/swi/archive/2008/12/30/information-regarding-md5-collisions-problem.aspx","source":"cve@mitre.org"},{"url":"http://secunia.com/advisories/33826","source":"cve@mitre.org"},{"url":"http://secunia.com/advisories/34281","source":"cve@mitre.org"},{"url":"http://secunia.com/advisories/42181","source":"cve@mitre.org"},{"url":"http://securityreason.com/securityalert/4866","source":"cve@mitre.org"},{"url":"http://securitytracker.com/id?1024697","source":"cve@mitre.org"},{"url":"http://www.cisco.com/en/US/products/products_security_response09186a0080a5d24a.html","source":"cve@mitre.org"},{"url":"http://www.doxpara.com/research/md5/md5_someday.pdf","source":"cve@mitre.org"},{"url":"http://www.kb.cert.org/vuls/id/836068","source":"cve@mitre.org","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.microsoft.com/technet/security/advisory/961509.mspx","source":"cve@mitre.org","tags":["Mitigation","Patch","Vendor Advisory"]},{"url":"http://www.phreedom.org/research/rogue-ca/","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/archive/1/499685/100/0/threaded","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/33065","source":"cve@mitre.org"},{"url":"http://www.ubuntu.com/usn/usn-740-1","source":"cve@mitre.org"},{"url":"http://www.win.tue.nl/hashclash/SoftIntCodeSign/","source":"cve@mitre.org"},{"url":"http://www.win.tue.nl/hashclash/rogue-ca/","source":"cve@mitre.org"},{"url":"https://blogs.verisign.com/ssl-blog/2008/12/on_md5_vulnerabilities_and_mit.php","source":"cve@mitre.org"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=648886","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935","source":"cve@mitre.org"},{"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888","source":"cve@mitre.org"},{"url":"https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02","source":"cve@mitre.org"},{"url":"https://rhn.redhat.com/errata/RHSA-2010-0837.html","source":"cve@mitre.org"},{"url":"https://rhn.redhat.com/errata/RHSA-2010-0838.html","source":"cve@mitre.org"},{"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03814en_us","source":"cve@mitre.org"},{"url":"https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00096.html","source":"cve@mitre.org"},{"url":"http://blog.mozilla.com/security/2008/12/30/md5-weaknesses-could-lead-to-certificate-forgery/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://blogs.technet.com/swi/archive/2008/12/30/information-regarding-md5-collisions-problem.aspx","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://secunia.com/advisories/33826","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://secunia.com/advisories/34281","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://secunia.com/advisories/42181","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://securityreason.com/securityalert/4866","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://securitytracker.com/id?1024697","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.cisco.com/en/US/products/products_security_response09186a0080a5d24a.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.doxpara.com/research/md5/md5_someday.pdf","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.kb.cert.org/vuls/id/836068","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.microsoft.com/technet/security/advisory/961509.mspx","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Patch","Vendor Advisory"]},{"url":"http://www.phreedom.org/research/rogue-ca/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/archive/1/499685/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/33065","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.ubuntu.com/usn/usn-740-1","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.win.tue.nl/hashclash/SoftIntCodeSign/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.win.tue.nl/hashclash/rogue-ca/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://blogs.verisign.com/ssl-blog/2008/12/on_md5_vulnerabilities_and_mit.php","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=648886","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://rhn.redhat.com/errata/RHSA-2010-0837.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://rhn.redhat.com/errata/RHSA-2010-0838.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03814en_us","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00096.html","source":"af854a3a-2127-422b-91ae-364da2661108"}],"evaluatorImpact":"There are four significant mitigating factors.\n\n1) Most enterprise-class certificates, such as VeriSign’s Extended Validation SSL Certificates use the still secure SHA-1 hash function. \n\n2) Certificates already issued with MD5 signatures are not at risk.  The exploit only affects new certificate acquisitions. \n\n3) CAs are quickly moving to replace MD5 with SHA-1.  For example, VeriSign was planning to phase out MD5 by the end of January 2009.  The date was pushed up due to the December proof of concept.  On December 31, 2008, RapidSSL certificates shipped with SHA-1 digital signatures. \n\n4)The researchers did not release the under-the-hood specifics of how the exploit was executed. \n\nSource - http://www.techrepublic.com/blog/it-security/the-new-md5-ssl-exploit-is-not-the-end-of-civilization-as-we-know-it/?tag=nl.e036","vendorComments":[{"organization":"Red Hat","comment":"Please see http://kbase.redhat.com/faq/docs/DOC-15379","lastModified":"2009-01-07T00:00:00"}]}},{"cve":{"id":"CVE-2003-1567","sourceIdentifier":"cve@mitre.org","published":"2009-01-15T00:30:00.250","lastModified":"2026-05-28T19:16:20.260","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0 returns the content of the original request in the body of the response, which makes it easier for remote attackers to steal cookies and authentication credentials, or bypass the HttpOnly protection mechanism, by using TRACK to read the contents of the HTTP headers that are returned in the response, a technique that is similar to cross-site tracing (XST) using HTTP TRACE."},{"lang":"es","value":"El método no documentado TRACK en Microsoft Internet Information Services (IIS) v5.0 devuelve el contenido de la petición original en el cuerpo de la respuesta, lo que facilita a atacantes remotos el robo de cookies y credenciales de autenticación, o evitar el mecanismo de protección HttpOnly, usando TRAK para leer los contenidos de las cabeceras HTTP que se devuelven en la respuesta. Una técnica similar al rastreo de sitios cruzados (XST) usando HTTP TRACE."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*","matchCriteriaId":"413C07EA-139F-4B7D-A58B-835BD2591FA0"}]}]}],"references":[{"url":"http://archives.neohapsis.com/archives/ntbugtraq/2003-q4/0321.html","source":"cve@mitre.org","tags":["Exploit"]},{"url":"http://www.aqtronix.com/Advisories/AQ-2003-02.txt","source":"cve@mitre.org","tags":["Exploit"]},{"url":"http://www.kb.cert.org/vuls/id/288308","source":"cve@mitre.org","tags":["US Government Resource"]},{"url":"http://www.osvdb.org/5648","source":"cve@mitre.org","tags":["Exploit"]},{"url":"http://archives.neohapsis.com/archives/ntbugtraq/2003-q4/0321.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]},{"url":"http://www.aqtronix.com/Advisories/AQ-2003-02.txt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]},{"url":"http://www.kb.cert.org/vuls/id/288308","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["US Government Resource"]},{"url":"http://www.osvdb.org/5648","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]},{"url":"https://www.aqtronix.com/Advisories/AQ-2003-02.txt","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2010-0386","sourceIdentifier":"cve@mitre.org","published":"2010-01-25T19:30:01.730","lastModified":"2026-05-28T19:16:23.160","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The default configuration of Sun Java System Application Server 7 and 7 2004Q2 enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing (XST) attack, a related issue to CVE-2004-2763 and CVE-2005-3398."},{"lang":"es","value":"La configuración por defecto de Sun Java System Application Server v7 y v7 2004Q2 activa el método HTTP TRACE, lo que provoca que sea mas sencillo para un atacante remoto robar las cookies y credenciales de autenticación a través de un ataque de seguimiento de trazas en sitios cruzados (XST), está relacionado con CVE-2004-2763 y CVE-2005-3398.\r\n"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-16"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-160"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sun:java_system_application_server:7.0:*:*:*:*:*:*:*","matchCriteriaId":"EAB26B3D-4DF0-45C2-9ECA-202C829392D4"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:java_system_application_server:7.0:*:platform:*:*:*:*:*","matchCriteriaId":"D00790CE-CD77-4C39-80AC-5FBD298DD63A"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:java_system_application_server:7.0:*:standard:*:*:*:*:*","matchCriteriaId":"BC5F2280-EC46-4D2F-8402-FE91ECEE6A1A"}]}]}],"references":[{"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-200942-1","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-200942-1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}],"evaluatorImpact":"Per: http://sunsolve.sun.com/search/document.do?assetkey=1-66-200942-1\r\n\r\n\r\nContributing Factors\r\n\r\nThis issue can occur in the following releases:\r\n\r\n    * Sun Java System Application Server Standard Edition 7 and later updates\r\n    * Sun Java System Application Server Standard Edition 7 2004Q2 and later updates\r\n    * Sun Java System Application Server Platform Edition 7 and later updates"}},{"cve":{"id":"CVE-2010-2965","sourceIdentifier":"cve@mitre.org","published":"2010-08-05T13:22:29.793","lastModified":"2026-05-28T20:16:17.883","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The WDB target agent debug service in Wind River VxWorks 6.x, 5.x, and earlier, as used on the Rockwell Automation 1756-ENBT series A with firmware 3.2.6 and 3.6.1 and other products, allows remote attackers to read or modify arbitrary memory locations, perform function calls, or manage tasks via requests to UDP port 17185, a related issue to CVE-2005-3804."},{"lang":"es","value":"El servicio WDB target agent debug en Wind River VxWorks v6.x, v5.x, y anteriores, como los usados en el Rockwell Automation 1756-ENBT serie A con firmware v3.2.6 y v3.6.1 y otros productos, permiten a atacantes remotos leer o modificar a su elección direcciones de memoria, realizar llamdas a funciones, o administrar tareas a través de peticiones UDP al puerto 17185, relacionado con el comportamiento de CVE-2005-3804."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":true,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:1756-enbt\\/a_firmware:3.2.6:*:*:*:*:*:*:*","matchCriteriaId":"22C36961-F714-459C-ADF9-107C8EE99115"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:1756-enbt\\/a_firmware:3.6.1:*:*:*:*:*:*:*","matchCriteriaId":"D4B6FA17-2C3D-45F8-B327-8760DD3757CF"},{"vulnerable":true,"criteria":"cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*","versionEndIncluding":"6.9.4.12","matchCriteriaId":"3F579A94-D4C9-4A16-9A1A-DE62C6F6ADC9"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:rockwellautomation:1756-enbt\\/a:-:*:*:*:*:*:*:*","matchCriteriaId":"0A3DE5C9-82F9-4D92-B735-D85816EE8557"}]}]}],"references":[{"url":"http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html","source":"cve@mitre.org","tags":["Not Applicable"]},{"url":"http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation.cfg/php/enduser/std_adp.php?p_faqid=69735","source":"cve@mitre.org","tags":["Permissions Required"]},{"url":"http://www.kb.cert.org/vuls/id/362332","source":"cve@mitre.org","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.kb.cert.org/vuls/id/MAPG-86EPFA","source":"cve@mitre.org","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.kb.cert.org/vuls/id/MAPG-86FPQL","source":"cve@mitre.org","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://support.windriver.com/olsPortal/faces/maintenance/downloadDetails.jspx?contentId=033708","source":"cve@mitre.org","tags":["Permissions Required"]},{"url":"http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Not Applicable"]},{"url":"http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation.cfg/php/enduser/std_adp.php?p_faqid=69735","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Permissions Required"]},{"url":"http://seclists.org/fulldisclosure/2025/Jan/10","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.kb.cert.org/vuls/id/362332","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.kb.cert.org/vuls/id/MAPG-86EPFA","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.kb.cert.org/vuls/id/MAPG-86FPQL","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://support.windriver.com/olsPortal/faces/maintenance/downloadDetails.jspx?contentId=033708","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2010-3190","sourceIdentifier":"cve@mitre.org","published":"2010-08-31T20:00:02.297","lastModified":"2026-05-28T19:16:23.390","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; Visual C++ 2005 SP1, 2008 SP1, and 2010; and Exchange Server 2010 Service Pack 3, 2013, and 2013 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL MFC Trace Tool), as demonstrated by a directory that contains a TRC, cur, rs, rct, or res file, aka \"MFC Insecure Library Loading Vulnerability.\""},{"lang":"es","value":"Vulnerabilidad de ruta de búsqueda no fiable en Microsoft Foundation Class (MFC) Library en Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1 y 2010; Visual C++ 2005 SP1, 2008 SP1 y 2010 y Exchange Server 2010 Service Pack 3, 2013 y 2013 permite que usuarios locales obtengan privilegios mediante un archivo troyano dwmapi.dll en el directorio de trabajo actual durante la ejecución de una aplicación MFC como AtlTraceTool8.exe (también conocida como ATL MFC Trace Tool), tal y como queda demostrado con un directorio que contiene archivos TRC, cur, rs, rct o res. Esto también se conoce como \"MFC Insecure Library Loading Vulnerability\"."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-426"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-426"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:itunes:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"4354E6D0-5AA8-4F1B-BD3B-1B66ABD062A1"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:visual_c\\+\\+:2005:sp1:*:*:redistributable_package:*:*:*","matchCriteriaId":"619BEBC1-9B3B-47B6-A0FC-E77084D57784"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:visual_c\\+\\+:2008:sp1:*:*:redistributable_package:*:*:*","matchCriteriaId":"F5719E28-6122-4BCA-91B7-E9709DA5A891"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:visual_c\\+\\+:2010:sp1:*:*:redistributable_package:*:*:*","matchCriteriaId":"A04EBB20-FC22-4482-861F-774853382E8B"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:visual_studio:2005:sp1:*:*:*:*:*:*","matchCriteriaId":"9271AF1C-9B1C-4ADB-9F54-E63EBA2910F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*","matchCriteriaId":"9AB2C8C4-7E86-4736-9CE4-2E65E4EDBF02"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:visual_studio:2010:-:*:*:*:*:*:*","matchCriteriaId":"4F4DFC93-9533-4893-B634-0551CDE7D252"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*","matchCriteriaId":"85959AEB-2FE5-4A25-B298-F8223CE260D6"}]}]}],"references":[{"url":"http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html","source":"cve@mitre.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://secunia.com/advisories/41212","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/","source":"cve@mitre.org","tags":["Broken Link"]},{"url":"http://www.securityfocus.com/bid/42811","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.us-cert.gov/cas/techalerts/TA11-102A.html","source":"cve@mitre.org","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-025","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12457","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2010-3190","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://support.apple.com/HT205221","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Vendor Advisory"]},{"url":"http://secunia.com/advisories/41212","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"]},{"url":"http://www.securityfocus.com/bid/42811","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.us-cert.gov/cas/techalerts/TA11-102A.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-025","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12457","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2010-3190","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://support.apple.com/HT205221","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}],"evaluatorComment":"Per: http://cwe.mitre.org/data/definitions/426.html\r\n\r\nCWE-426: Untrusted Search Path","evaluatorImpact":"Per: https://technet.microsoft.com/en-us/security/bulletin/ms11-025 Access Vector: Network per \"This is a remote code execution vulnerability\""}},{"cve":{"id":"CVE-2010-4478","sourceIdentifier":"cve@mitre.org","published":"2010-12-06T22:30:31.920","lastModified":"2026-05-28T20:16:19.203","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252."},{"lang":"es","value":"OpenSSH v5.6 y versiones anteriores, si J-PAKE está activo, no valida apropiadamente los parámetros públicos en el protocolo J-PAKE, lo que permite a atacantes remotos evitar la necesidad de conocer el secreto compartido, y autenticarse con éxito, enviando valores modificados en cada turno del protocolo. Relacionado con CVE-2010-4252."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*","versionEndIncluding":"5.6","matchCriteriaId":"607877D1-B86A-4973-A5D7-D3D0247FC272"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:1.2:*:*:*:*:*:*:*","matchCriteriaId":"316C8534-9CE3-456C-A04E-5D2B789FBE31"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:1.2.1:*:*:*:*:*:*:*","matchCriteriaId":"7BEB67BB-A442-46C2-8BC1-BBEB009AC532"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:1.2.2:*:*:*:*:*:*:*","matchCriteriaId":"B6E307F1-C765-409C-835C-133026A5179C"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:1.2.3:*:*:*:*:*:*:*","matchCriteriaId":"CA997F5E-29FE-454A-9006-001D732CD4B1"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:1.2.27:*:*:*:*:*:*:*","matchCriteriaId":"114134F3-BDFD-465D-8317-82F9D6EFA5A7"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:1.3:*:*:*:*:*:*:*","matchCriteriaId":"DAB55300-F90D-45D3-88BC-5ADCEC366264"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:1.5:*:*:*:*:*:*:*","matchCriteriaId":"F3EC5611-31B5-4253-B99A-E81C202768A0"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:1.5.7:*:*:*:*:*:*:*","matchCriteriaId":"43060323-1B51-45B4-BEB9-0E472896D8EA"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:1.5.8:*:*:*:*:*:*:*","matchCriteriaId":"5441C616-D127-42D9-88AA-0FC9AA16EB03"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:2.1:*:*:*:*:*:*:*","matchCriteriaId":"EED5E506-9D2B-4CAF-8455-B9BE7696E49C"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:2.1.1:*:*:*:*:*:*:*","matchCriteriaId":"EE7CB94E-0479-4939-86F6-0B4BEDE2E739"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:2.2:*:*:*:*:*:*:*","matchCriteriaId":"78135400-BA1A-42AA-BE17-5588442BCF11"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:2.3:*:*:*:*:*:*:*","matchCriteriaId":"78F2EDC0-3189-4523-882B-9188C852F793"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:2.3.1:*:*:*:*:*:*:*","matchCriteriaId":"CDEF5203-9D6B-4431-BF0D-C81B1E250AEC"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:2.5:*:*:*:*:*:*:*","matchCriteriaId":"E2991C07-5486-4590-A74E-46A379DD3339"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:2.5.1:*:*:*:*:*:*:*","matchCriteriaId":"4EB9BE06-0A36-4853-ADF4-9C1A1854278A"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:2.5.2:*:*:*:*:*:*:*","matchCriteriaId":"8FC57F38-6545-497B-B6DA-FCAF51755988"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:2.9:*:*:*:*:*:*:*","matchCriteriaId":"EC30FD61-10DA-4C9B-BCE8-AD75DCEB40BC"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:2.9.9:*:*:*:*:*:*:*","matchCriteriaId":"EC1DF4CE-E71C-4C10-9F82-B9ECDC94933F"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:2.9.9p2:*:*:*:*:*:*:*","matchCriteriaId":"80C55B73-497D-4A22-9230-A4160BF97344"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:2.9p1:*:*:*:*:*:*:*","matchCriteriaId":"0238F009-4BBA-4E6B-9E2A-6045BA9BBE9C"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:2.9p2:*:*:*:*:*:*:*","matchCriteriaId":"4B235167-9554-4431-88C5-9472DD36FCDE"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.0:*:*:*:*:*:*:*","matchCriteriaId":"580008AC-2667-4708-8F7E-D70416A460EE"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.0.1:*:*:*:*:*:*:*","matchCriteriaId":"E05D8E86-EC01-4589-B372-4DEB7845C81F"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:*","matchCriteriaId":"764AD252-CA2F-4A87-BCAA-7747E8C410E0"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.0.2:*:*:*:*:*:*:*","matchCriteriaId":"CFFAA075-4277-4FD8-8A5A-867EEE1BA2F4"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:*","matchCriteriaId":"269BB9F7-55E5-4CB3-8429-C37C7132799F"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*","matchCriteriaId":"C6E6F639-31A0-4026-B6D4-51BA79FB1D20"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.1:*:*:*:*:*:*:*","matchCriteriaId":"0211BCE3-0DED-40BA-8A21-1A97B91F71C7"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.1p1:*:*:*:*:*:*:*","matchCriteriaId":"B4EE9E4B-CABC-4EA2-9075-CC23CEB1B0A3"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.2:*:*:*:*:*:*:*","matchCriteriaId":"5AD7BB30-AC79-4153-852C-1053DCF4DE53"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.2.2:*:*:*:*:*:*:*","matchCriteriaId":"F48519C6-0C28-49A5-94C7-EF3AA88E2667"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:*","matchCriteriaId":"9E188C66-C8F1-4C13-AAFF-7C83B2A884B8"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*","matchCriteriaId":"9039BE91-AF0A-41E7-8F9F-15375890E120"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.3:*:*:*:*:*:*:*","matchCriteriaId":"08BCB2EA-DF9D-4853-805B-29FA6274E2B7"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.3p1:*:*:*:*:*:*:*","matchCriteriaId":"0F93417F-2498-4576-9F5D-B59F77D39669"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.4:*:*:*:*:*:*:*","matchCriteriaId":"AF3AB42C-B614-4746-99AD-E94140D91BF3"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.4p1:*:*:*:*:*:*:*","matchCriteriaId":"458167E5-9BC2-40BE-AC8A-9761A4F19494"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.5:*:*:*:*:*:*:*","matchCriteriaId":"3FB9B4C7-4235-4388-8E5D-E72ECCC37A7E"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.5p1:*:*:*:*:*:*:*","matchCriteriaId":"86ACA0ED-A3D0-48A7-B06F-13709AD23B55"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.6:*:*:*:*:*:*:*","matchCriteriaId":"0FEB9262-D05E-4610-9C79-3EDE44AC7C0B"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.6.1:*:*:*:*:*:*:*","matchCriteriaId":"8176879B-1875-4AC9-B15A-2ABCFCD04F88"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:*","matchCriteriaId":"FAA26A12-F96A-4025-BBCA-72B7A3B1E60C"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.6.1p2:*:*:*:*:*:*:*","matchCriteriaId":"A02751E9-2D38-4495-9572-8D84D71D4773"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.7:*:*:*:*:*:*:*","matchCriteriaId":"7A36BEA2-DAE4-423C-8D85-0F6036351F98"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.7.1:*:*:*:*:*:*:*","matchCriteriaId":"80DC64F6-FE28-44BA-91D1-EC2DB11B2CFC"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.7.1p1:*:*:*:*:*:*:*","matchCriteriaId":"DF23EBA1-D3A9-413F-9E83-43A91492C031"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.7.1p2:*:*:*:*:*:*:*","matchCriteriaId":"44CCF5CD-B434-4392-A79A-C1945D2AE30A"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.8:*:*:*:*:*:*:*","matchCriteriaId":"AEB456B8-9D8B-4985-858D-6A43FA5EE2E9"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.8.1:*:*:*:*:*:*:*","matchCriteriaId":"2BD4E0F6-4EEA-4EC7-83E7-FC6F7D2E7A3C"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.8.1p1:*:*:*:*:*:*:*","matchCriteriaId":"C35F4ABE-1B0C-4195-8F99-BF993A17882B"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.9:*:*:*:*:*:*:*","matchCriteriaId":"ADC7352D-2916-47F7-A256-F897D763DC9B"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.9.1:*:*:*:*:*:*:*","matchCriteriaId":"AEC3FC36-B246-4DCB-8984-228525D9A356"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.9.1p1:*:*:*:*:*:*:*","matchCriteriaId":"BC861000-37D8-4B0F-BFA0-57E9BE125B56"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:4.0:*:*:*:*:*:*:*","matchCriteriaId":"E003AB3C-8DF3-4AE8-82A3-984F30E5599B"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:4.0p1:*:*:*:*:*:*:*","matchCriteriaId":"5EBE75FE-DDE2-43BA-80EF-15A6698EABC9"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:4.1:*:*:*:*:*:*:*","matchCriteriaId":"1FF67D77-02AC-4807-984D-C5AE9799F051"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:4.1p1:*:*:*:*:*:*:*","matchCriteriaId":"683B26F0-5EA2-455A-8948-27C100BBA3AC"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:4.2:*:*:*:*:*:*:*","matchCriteriaId":"E5A75B23-2DD7-4EB2-BEAA-049FF4E51A14"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:4.2p1:*:*:*:*:*:*:*","matchCriteriaId":"7279E1EC-DEBC-4ACC-925D-06A7697C162F"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:4.3:*:*:*:*:*:*:*","matchCriteriaId":"7910598E-BEC1-4644-9DE4-D8BE505A4F9E"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:4.3p1:*:*:*:*:*:*:*","matchCriteriaId":"FB416D0C-6C86-450F-8917-D4B1BD82AB1E"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:4.3p2:*:*:*:*:*:*:*","matchCriteriaId":"3640CCC9-EC4A-44A4-B747-7BAAAD3460C7"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:4.4:*:*:*:*:*:*:*","matchCriteriaId":"B2DD362E-9EA9-4E88-9A94-D7B471EB1FD4"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:4.4p1:*:*:*:*:*:*:*","matchCriteriaId":"E3094069-AC2E-43BD-8094-D48E2526DECC"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:4.5:*:*:*:*:*:*:*","matchCriteriaId":"9B72CFB3-39C7-469C-AA59-69F5B8993BF7"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:4.6:*:*:*:*:*:*:*","matchCriteriaId":"2A7154C4-8325-4495-92B1-B7897CD7303E"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:4.7:*:*:*:*:*:*:*","matchCriteriaId":"99BF4471-763B-485A-ABD5-C68AD0A14058"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:4.7p1:*:*:*:*:*:*:*","matchCriteriaId":"3B042083-6D26-4A91-B3F6-E6D46266FF60"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:4.8:*:*:*:*:*:*:*","matchCriteriaId":"40B1B209-53B8-48DC-AFFC-BD69D5978A0B"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:4.9:*:*:*:*:*:*:*","matchCriteriaId":"7212E982-76F2-496C-9F08-EC4137F20804"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:5.0:*:*:*:*:*:*:*","matchCriteriaId":"52D13E08-7B08-44AA-9017-3EE3F6301E10"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:5.1:*:*:*:*:*:*:*","matchCriteriaId":"2FBC7FF1-01EE-40A1-8735-14360A371803"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:5.2:*:*:*:*:*:*:*","matchCriteriaId":"987527F8-8A42-4729-A329-4D2AC8AFD6E1"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:5.3:*:*:*:*:*:*:*","matchCriteriaId":"93910448-8D6F-4F7E-9C7F-959754ABA50D"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:5.4:*:*:*:*:*:*:*","matchCriteriaId":"3356FDFD-BEA5-45A5-A36B-D1153AFE6C23"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:5.5:*:*:*:*:*:*:*","matchCriteriaId":"9394B8AD-AB22-4955-8774-C6BA2B56A260"}]}]}],"references":[{"url":"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673","source":"cve@mitre.org"},{"url":"http://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf","source":"cve@mitre.org","tags":["Exploit"]},{"url":"http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/jpake.c#rev1.5","source":"cve@mitre.org","tags":["Patch"]},{"url":"http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/jpake.c.diff?r1=1.4%3Br2=1.5%3Bf=h","source":"cve@mitre.org"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=659297","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://github.com/seb-m/jpake","source":"cve@mitre.org"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12338","source":"cve@mitre.org"},{"url":"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]},{"url":"http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/jpake.c#rev1.5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/jpake.c.diff?r1=1.4%3Br2=1.5%3Bf=h","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=659297","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/seb-m/jpake","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12338","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2014-1692","sourceIdentifier":"secalert@redhat.com","published":"2014-01-29T16:02:05.443","lastModified":"2026-05-28T18:16:22.063","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The hash_buffer function in schnorr.c in OpenSSH through 6.4, when Makefile.inc is modified to enable the J-PAKE protocol, does not initialize certain data structures, which might allow remote attackers to cause a denial of service (memory corruption) or have unspecified other impact via vectors that trigger an error condition."},{"lang":"es","value":"La función hash_buffer en schnorr.c en OpenSSH hasta 6.4  cuando Makefile.inc se modifica para habilitar el protocolo J-PAKE, no inicializa ciertas estructuras de datos, lo que podría permitir a atacantes remotos provocar una denegación de servicio (corrupción de memoria) o tienen impacto no especificado a través de vectores que provocan una condición de error."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*","versionEndIncluding":"6.4","matchCriteriaId":"532A891C-B9DE-4E56-A8E1-6655F9BE8122"}]}]}],"references":[{"url":"http://marc.info/?l=bugtraq&m=141576985122836&w=2","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=144050155601375&w=2","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://openwall.com/lists/oss-security/2014/01/29/10","source":"secalert@redhat.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://openwall.com/lists/oss-security/2014/01/29/2","source":"secalert@redhat.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://osvdb.org/102611","source":"secalert@redhat.com","tags":["Broken Link"]},{"url":"http://secunia.com/advisories/60184","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://www-01.ibm.com/support/docview.wss?uid=isg3T1020637","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/Attic/schnorr.c.diff?r1=1.9%3Br2=1.10%3Bf=h","source":"secalert@redhat.com"},{"url":"http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/schnorr.c#rev1.10","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/65230","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/90819","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://marc.info/?l=bugtraq&m=141576985122836&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=144050155601375&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://openwall.com/lists/oss-security/2014/01/29/10","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://openwall.com/lists/oss-security/2014/01/29/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://osvdb.org/102611","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"]},{"url":"http://secunia.com/advisories/60184","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www-01.ibm.com/support/docview.wss?uid=isg3T1020637","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/Attic/schnorr.c.diff?r1=1.9%3Br2=1.10%3Bf=h","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/schnorr.c#rev1.10","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/65230","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/90819","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2014-0759","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2014-02-28T06:18:54.260","lastModified":"2026-05-28T18:16:21.837","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Unquoted Windows search path vulnerability in Schneider Electric Floating License Manager 1.0.0 through 1.4.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character."},{"lang":"es","value":"Vulnerabilidad de búsqueda de ruta en Windows sin entrecomillar en Schneider Electric Floating License Manager 1.0.0 hasta 1.4.0 permite a usuarios locales ganar privilegios a través de una aplicación de caballo de troya con un nombre compuesto de una subcadena inicial de una ruta que contiene un caracter de espacio."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.5,"impactScore":3.4}],"cvssMetricV2":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:C/I:C/A:C","baseScore":6.9,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":3.4,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:C/I:C/A:C","baseScore":6.9,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":3.4,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-428"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:schneider-electric:floating_license_manager:1.0.0:*:*:*:*:*:*:*","matchCriteriaId":"7976E9AC-B3A5-439D-8E0C-90F540A93CF9"},{"vulnerable":true,"criteria":"cpe:2.3:a:schneider-electric:floating_license_manager:1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"D2F7F55C-E444-4331-9ECC-F8D92D458AD2"}]}]}],"references":[{"url":"http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-015-01","source":"ics-cert@hq.dhs.gov","tags":["Vendor Advisory"]},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-14-058-01","source":"ics-cert@hq.dhs.gov"},{"url":"http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-015-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://ics-cert.us-cert.gov/advisories/ICSA-14-058-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["US Government Resource"]}],"evaluatorComment":"Per: http://cwe.mitre.org/data/definitions/428.html\n\n\"CWE-428: Unquoted Search Path or Element\"","evaluatorSolution":"Per: http://ics-cert.us-cert.gov/advisories/ICSA-14-058-01\n\n\"This license manager is used in the following Schneider Electric products:\n\n    Power Monitoring Expert,\n    Struxureware process Expert (PES),\n    Struxureware process Expert libraries,\n    Vijeo Citect (SCADA), and\n    Vijeo Citect Historian.\""}},{"cve":{"id":"CVE-2014-2532","sourceIdentifier":"cve@mitre.org","published":"2014-03-18T05:18:19.000","lastModified":"2026-05-28T18:16:22.340","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character."},{"lang":"es","value":"sshd en OpenSSH anterior a 6.6 no soporta debidamente comodines en líneas AcceptEnv en sshd_config, lo que permite a atacantes remotos evadir restricciones de entorno mediante el uso de una subcadena localizada antes de un caracter de comodín."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":4.2,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":2.5}],"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-266"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_user_data_repository:10.0.1:*:*:*:*:*:*:*","matchCriteriaId":"0473C6C9-B0C5-43F0-AC8C-C0DAD30DACF8"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*","versionEndIncluding":"6.5","matchCriteriaId":"87697D9A-08E0-462D-ABAC-71A48036CE69"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:6.0:*:*:*:*:*:*:*","matchCriteriaId":"A9754B4A-3042-49B8-86F7-2D60E25400C9"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:6.1:*:*:*:*:*:*:*","matchCriteriaId":"3872787F-2C1C-40C0-B9CF-A3C0CEAAB400"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:6.2:*:*:*:*:*:*:*","matchCriteriaId":"39D1E296-3040-4CC9-B95B-3E07D73F1150"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:6.3:*:*:*:*:*:*:*","matchCriteriaId":"FCEE2677-16EE-484F-B2FB-FCA377E0D76B"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:6.4:*:*:*:*:*:*:*","matchCriteriaId":"90798B9A-A1C6-4EC5-96BF-AF9C6FEFB63D"}]}]}],"references":[{"url":"http://advisories.mageia.org/MGASA-2014-0143.html","source":"cve@mitre.org"},{"url":"http://aix.software.ibm.com/aix/efixes/security/openssh_advisory4.asc","source":"cve@mitre.org"},{"url":"http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html","source":"cve@mitre.org"},{"url":"http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134026.html","source":"cve@mitre.org"},{"url":"http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133537.html","source":"cve@mitre.org"},{"url":"http://marc.info/?l=bugtraq&m=141576985122836&w=2","source":"cve@mitre.org"},{"url":"http://marc.info/?l=openbsd-security-announce&m=139492048027313&w=2","source":"cve@mitre.org"},{"url":"http://rhn.redhat.com/errata/RHSA-2014-1552.html","source":"cve@mitre.org"},{"url":"http://secunia.com/advisories/57488","source":"cve@mitre.org"},{"url":"http://secunia.com/advisories/57574","source":"cve@mitre.org"},{"url":"http://secunia.com/advisories/59313","source":"cve@mitre.org"},{"url":"http://secunia.com/advisories/59855","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2014/dsa-2894","source":"cve@mitre.org"},{"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2014:068","source":"cve@mitre.org"},{"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:095","source":"cve@mitre.org"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html","source":"cve@mitre.org"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","source":"cve@mitre.org"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/66355","source":"cve@mitre.org"},{"url":"http://www.securitytracker.com/id/1029925","source":"cve@mitre.org"},{"url":"http://www.ubuntu.com/usn/USN-2155-1","source":"cve@mitre.org"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/91986","source":"cve@mitre.org"},{"url":"https://support.apple.com/HT205267","source":"cve@mitre.org"},{"url":"http://advisories.mageia.org/MGASA-2014-0143.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://aix.software.ibm.com/aix/efixes/security/openssh_advisory4.asc","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134026.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133537.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://marc.info/?l=bugtraq&m=141576985122836&w=2","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://marc.info/?l=openbsd-security-announce&m=139492048027313&w=2","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2014-1552.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://secunia.com/advisories/57488","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://secunia.com/advisories/57574","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://secunia.com/advisories/59313","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://secunia.com/advisories/59855","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.debian.org/security/2014/dsa-2894","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2014:068","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:095","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/66355","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1029925","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.ubuntu.com/usn/USN-2155-1","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/91986","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT205267","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2014-2653","sourceIdentifier":"cve@mitre.org","published":"2014-03-27T10:55:04.513","lastModified":"2026-05-28T18:16:23.027","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate."},{"lang":"es","value":"La función verify_host_key en sshconnect.c en el cliente en OpenSSH 6.6 y anteriores permite a servidores remotos provocar la evasión de la comprobación SSHFP DNS RR mediante la presentación de HostCertificate no aceptable."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*","versionEndIncluding":"6.6","matchCriteriaId":"ED8E69C2-4499-4ABD-A51C-26933966E52A"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:6.0:*:*:*:*:*:*:*","matchCriteriaId":"A9754B4A-3042-49B8-86F7-2D60E25400C9"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:6.1:*:*:*:*:*:*:*","matchCriteriaId":"3872787F-2C1C-40C0-B9CF-A3C0CEAAB400"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:6.2:*:*:*:*:*:*:*","matchCriteriaId":"39D1E296-3040-4CC9-B95B-3E07D73F1150"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:6.3:*:*:*:*:*:*:*","matchCriteriaId":"FCEE2677-16EE-484F-B2FB-FCA377E0D76B"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:6.4:*:*:*:*:*:*:*","matchCriteriaId":"90798B9A-A1C6-4EC5-96BF-AF9C6FEFB63D"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:6.5:*:*:*:*:*:*:*","matchCriteriaId":"5A8ABE51-1535-44D9-B2A1-CC91021A29D9"}]}]}],"references":[{"url":"http://advisories.mageia.org/MGASA-2014-0166.html","source":"cve@mitre.org"},{"url":"http://aix.software.ibm.com/aix/efixes/security/openssh_advisory4.asc","source":"cve@mitre.org"},{"url":"http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134026.html","source":"cve@mitre.org"},{"url":"http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133537.html","source":"cve@mitre.org"},{"url":"http://marc.info/?l=bugtraq&m=141576985122836&w=2","source":"cve@mitre.org"},{"url":"http://openwall.com/lists/oss-security/2014/03/26/7","source":"cve@mitre.org"},{"url":"http://rhn.redhat.com/errata/RHSA-2014-1552.html","source":"cve@mitre.org"},{"url":"http://rhn.redhat.com/errata/RHSA-2015-0425.html","source":"cve@mitre.org"},{"url":"http://secunia.com/advisories/59855","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2014/dsa-2894","source":"cve@mitre.org"},{"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2014:068","source":"cve@mitre.org"},{"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:095","source":"cve@mitre.org"},{"url":"http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/66459","source":"cve@mitre.org"},{"url":"http://www.ubuntu.com/usn/USN-2164-1","source":"cve@mitre.org"},{"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742513","source":"cve@mitre.org","tags":["Exploit"]},{"url":"http://advisories.mageia.org/MGASA-2014-0166.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://aix.software.ibm.com/aix/efixes/security/openssh_advisory4.asc","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134026.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133537.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://marc.info/?l=bugtraq&m=141576985122836&w=2","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://openwall.com/lists/oss-security/2014/03/26/7","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2014-1552.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2015-0425.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://secunia.com/advisories/59855","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.debian.org/security/2014/dsa-2894","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2014:068","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:095","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/66459","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.ubuntu.com/usn/USN-2164-1","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742513","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]}]}},{"cve":{"id":"CVE-2014-5455","sourceIdentifier":"cve@mitre.org","published":"2014-08-25T16:55:04.977","lastModified":"2026-05-28T18:16:26.700","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Unquoted Windows search path vulnerability in the ptservice service prior to PrivateTunnel version 3.0 (Windows) and OpenVPN Connect version 3.1 (Windows) allows local users to gain privileges via a crafted program.exe file in the %SYSTEMDRIVE% folder."},{"lang":"es","value":"Vulnerabilidad de la ruta de búsqueda de Windows sin entrecomillar en el servicio ptservice anterior a la versión 3.0 de PrivateTunnel (Windows) y a la versión 3.1 de OpenVPN Connect (Windows) permite a los usuarios locales obtener privilegios a través de un archivo program.exe en la carpeta %SYSTEMDRIVE%."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:C/I:C/A:C","baseScore":6.9,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":3.4,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-428"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-428"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openvpn:openvpn:2.1.28.0:*:*:*:*:*:*:*","matchCriteriaId":"F249DC64-DBC5-4520-9351-224E51A21EC9"},{"vulnerable":true,"criteria":"cpe:2.3:a:privatetunnel:privatetunnel:2.3.8:*:*:*:*:*:*:*","matchCriteriaId":"543391ED-92D8-439F-8B96-EE0F956C2C64"}]}]}],"references":[{"url":"http://osvdb.org/show/osvdb/109007","source":"cve@mitre.org","tags":["Broken Link"]},{"url":"http://packetstormsecurity.com/files/127439/OpenVPN-Private-Tunnel-Privilege-Escalation.html","source":"cve@mitre.org","tags":["Exploit"]},{"url":"http://www.exploit-db.com/exploits/34037","source":"cve@mitre.org","tags":["Exploit"]},{"url":"http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5192.php","source":"cve@mitre.org","tags":["Exploit"]},{"url":"https://github.com/CVEProject/cvelist/pull/3909","source":"cve@mitre.org"},{"url":"https://github.com/CVEProject/cvelist/pull/3909/commits/ace34f1cf94602f31760d3eb7ae68e17df8f914d","source":"cve@mitre.org"},{"url":"https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05325943","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://osvdb.org/show/osvdb/109007","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"]},{"url":"http://packetstormsecurity.com/files/127439/OpenVPN-Private-Tunnel-Privilege-Escalation.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]},{"url":"http://www.exploit-db.com/exploits/34037","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]},{"url":"http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5192.php","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]},{"url":"https://github.com/CVEProject/cvelist/pull/3909","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/CVEProject/cvelist/pull/3909/commits/ace34f1cf94602f31760d3eb7ae68e17df8f914d","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05325943","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}],"evaluatorComment":"<a href=\"http://cwe.mitre.org/data/definitions/428.html\" target=\"_blank\">CWE-428: Unquoted Search Path or Element</a>"}},{"cve":{"id":"CVE-2014-3566","sourceIdentifier":"secalert@redhat.com","published":"2014-10-15T00:55:02.137","lastModified":"2026-05-28T18:16:23.643","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the \"POODLE\" issue."},{"lang":"es","value":"El protocolo SSL 3.0, utilizado en OpenSSL hasta 1.0.1i y otros productos, utiliza relleno (padding) CBC no determinístico, lo que facilita a los atacantes man-in-the-middle obtener datos de texto plano a través de un ataque de relleno (padding) oracle, también conocido como el problema \"POODLE\"."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N","baseScore":3.4,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":1.4},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N","baseScore":3.4,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-310"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-329"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*","matchCriteriaId":"AA9B3CC0-DF1C-4A86-B2A3-A9D428A5A6E6"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","matchCriteriaId":"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","matchCriteriaId":"33C068A4-3780-4EAB-A937-6082DF847564"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:5.0:*:*:*:*:*:*:*","matchCriteriaId":"CC2EDDE6-49F2-41D3-BCB2-F49886A2A170"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:*:*:*:*:*:*:*","matchCriteriaId":"B8C6E104-EDBC-481E-85B8-D39ED2058D39"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","matchCriteriaId":"9BBCD86A-E6C7-4444-9D74-F861084090F0"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","matchCriteriaId":"51EF4996-72F4-4FA4-814F-F5991E7A8318"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_supplementary:5.0:*:*:*:*:*:*:*","matchCriteriaId":"FB3FB071-FCCC-4425-AFBF-77287C1B8F7B"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:*:*:*:*:*:*:*","matchCriteriaId":"4B74C62D-4A6D-4A4F-ADF6-A508322CD447"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_supplementary:7.0:*:*:*:*:*:*:*","matchCriteriaId":"5DCADB10-49F8-4E8A-B915-6A770620B212"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","matchCriteriaId":"E5ED5807-55B7-47C5-97A6-03233F4FBC3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","matchCriteriaId":"825ECE2D-E232-46E0-A047-074B34DB1E97"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:*:*:*:*:*:*:*","matchCriteriaId":"6E89B38A-3697-46DD-BB3F-E8D2373588BE"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:7.0:*:*:*:*:*:*:*","matchCriteriaId":"56998F82-855E-4514-A4AF-A36084E10C5A"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*","matchCriteriaId":"EA8DDF4A-1C5D-4CB1-95B3-69EAE6572507"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:aix:6.1:*:*:*:*:*:*:*","matchCriteriaId":"FD518B94-9CD7-4C45-8766-578CF427B4CF"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:aix:7.1:*:*:*:*:*:*:*","matchCriteriaId":"0402E20C-8B41-4A2A-BFF9-92EC843985F0"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.10.1","matchCriteriaId":"24C6A01A-6308-4C69-B4D5-5BC10277E2E5"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:mageia:mageia:3.0:*:*:*:*:*:*:*","matchCriteriaId":"76F1E356-E019-47E8-AA5F-702DA93CF74E"},{"vulnerable":true,"criteria":"cpe:2.3:o:mageia:mageia:4.0:*:*:*:*:*:*:*","matchCriteriaId":"F805A106-9A6F-48E7-8582-D3C5A26DFC11"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:novell:suse_linux_enterprise_desktop:9.0:*:*:*:*:*:*:*","matchCriteriaId":"F3A90FEC-BCBF-4803-AC2E-55002987BE8A"},{"vulnerable":true,"criteria":"cpe:2.3:o:novell:suse_linux_enterprise_desktop:10.0:*:*:*:*:*:*:*","matchCriteriaId":"2F6E21D6-B64A-44D2-937D-CB7EDCB996C5"},{"vulnerable":true,"criteria":"cpe:2.3:o:novell:suse_linux_enterprise_desktop:11.0:*:*:*:*:*:*:*","matchCriteriaId":"8973AFDD-DB77-4AA2-A17C-9BBEE4439E25"},{"vulnerable":true,"criteria":"cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*","matchCriteriaId":"EA04C9F1-6257-4D82-BA0B-37DE66D94736"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:11.0:sp3:*:*:*:*:*:*","matchCriteriaId":"2A1D7F64-5AE6-4F2D-A282-DFF61399DFBE"},{"vulnerable":true,"criteria":"cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:*:*:*:*:*:*:*","matchCriteriaId":"336EC5B8-6FD8-42BB-9530-58A15238CEE1"},{"vulnerable":true,"criteria":"cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp3:*:*:*:*:*:*","matchCriteriaId":"623DB4CD-8CB3-445A-B9B5-1238CF195235"},{"vulnerable":true,"criteria":"cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp3:*:*:*:vmware:*:*","matchCriteriaId":"83439D9C-2374-473C-8D64-C0DB886FEFB3"},{"vulnerable":true,"criteria":"cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*","matchCriteriaId":"C384D0B6-8A5C-45CA-8CD9-7F4E967FE4F0"},{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*","matchCriteriaId":"DFBF430B-0832-44B0-AA0E-BA9E467F7668"},{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*","matchCriteriaId":"A10BC294-9196-425F-9FB0-B1625465B47F"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*","matchCriteriaId":"5991814D-CA77-4C25-90D2-DB542B17E0AD"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*","matchCriteriaId":"FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*","matchCriteriaId":"56BDB5A0-0839-4A20-A003-B8CD56F48171"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*","matchCriteriaId":"8A4E446D-B9D3-45F2-9722-B41FA14A6C31"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*","matchCriteriaId":"AF4EA988-FC80-4170-8933-7C6663731981"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*","matchCriteriaId":"64F8F53B-24A1-4877-B16E-F1917C4E4E81"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*","matchCriteriaId":"75D3ACD5-905F-42BB-BE1A-8382E9D823BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*","matchCriteriaId":"766EA6F2-7FA4-4713-9859-9971CCD2FDCB"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*","matchCriteriaId":"EFBC30B7-627D-48DC-8EF0-AE8FA0C6EDBA"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*","matchCriteriaId":"2BB38AEA-BAF0-4920-9A71-747C24444770"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*","matchCriteriaId":"1F33EA2B-DE15-4695-A383-7A337AC38908"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*","matchCriteriaId":"261EE631-AB43-44FE-B02A-DFAAB8D35927"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*","matchCriteriaId":"FA0E0BBF-D0BE-41A7-B9BB-C28F01000BC0"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*","matchCriteriaId":"1A1365ED-4651-4AB2-A64B-43782EA2F0E8"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*","matchCriteriaId":"EC82690C-DCED-47BA-AA93-4D0C9E95B806"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*","matchCriteriaId":"43B90ED1-DAB4-4239-8AD8-87E8D568D5D2"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*","matchCriteriaId":"3C9BF2DD-85EF-49CF-8D83-0DB46449E333"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*","matchCriteriaId":"6AEBE689-3952-46F0-BACA-BB03041C6D36"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*","matchCriteriaId":"86C46AB8-52E5-4385-9C5C-F63FF9DB82AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*","matchCriteriaId":"564AA4E7-223E-48D8-B3E0-A461969CF530"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*","matchCriteriaId":"A82CFB41-BEA5-4B5F-BCAA-9BAED22EEAF0"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*","matchCriteriaId":"35C2AE06-B6E8-41C4-BB60-177AC4819CE6"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*","matchCriteriaId":"EB15C1F3-0DE8-4A50-B17C-618ECA58AABF"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*","matchCriteriaId":"45491BD3-7C62-4422-B7DA-CB2741890FBA"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:0.9.8t:*:*:*:*:*:*:*","matchCriteriaId":"499E52F3-4B34-4C47-8ABF-292928EBAA5F"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:0.9.8u:*:*:*:*:*:*:*","matchCriteriaId":"D530BE19-ADCF-4B5C-99E0-2B9A1DE7717F"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:0.9.8v:*:*:*:*:*:*:*","matchCriteriaId":"A7540155-3629-4C76-9C67-8A8E0C1067F1"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:0.9.8w:*:*:*:*:*:*:*","matchCriteriaId":"419BBCCD-6F8A-418A-BA02-56267B11D948"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:0.9.8x:*:*:*:*:*:*:*","matchCriteriaId":"8A3A2AF8-C7DD-43D0-B03F-37E7EB735C1D"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:0.9.8y:*:*:*:*:*:*:*","matchCriteriaId":"DC142ACF-3CBD-4F96-B2AA-C7D48E7CF31E"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:0.9.8z:*:*:*:*:*:*:*","matchCriteriaId":"A6B4D332-3CB7-4C57-A689-ED0894659ED9"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:0.9.8za:*:*:*:*:*:*:*","matchCriteriaId":"EB130295-F27C-45DD-80F6-BE4BB0931C0B"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:0.9.8zb:*:*:*:*:*:*:*","matchCriteriaId":"CFA6F5C9-9EE6-40FA-AA99-B4C7274BE8EA"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*","matchCriteriaId":"2FBD8C92-6138-4274-ACBA-D7D42DAEC5AC"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*","matchCriteriaId":"3A2075BD-6102-4B0F-839A-836E9585F43B"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*","matchCriteriaId":"2A2FA09E-2BF7-4968-B62D-00DA57F81EA1"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*","matchCriteriaId":"F02E634E-1E3D-4E44-BADA-76F92483A732"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*","matchCriteriaId":"FCC2B07A-49EF-411F-8A4D-89435E22B043"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*","matchCriteriaId":"7E9480D6-3B6A-4C41-B8C1-C3F945040772"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*","matchCriteriaId":"10FF0A06-DA61-4250-B083-67E55E362677"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*","matchCriteriaId":"8A6BA453-C150-4159-B80B-5465EFF83F11"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*","matchCriteriaId":"638A2E69-8AB6-4FEA-852A-FEF16A500C1A"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*","matchCriteriaId":"56C47D3A-B99D-401D-B6B8-1194B2DB4809"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*","matchCriteriaId":"08355B10-E004-4BE6-A5AE-4D428810580B"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*","matchCriteriaId":"738BCFDC-1C49-4774-95AE-E099F707DEF9"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*","matchCriteriaId":"D4B242C0-D27D-4644-AD19-5ACB853C9DC2"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*","matchCriteriaId":"8DC683F2-4346-4E5E-A8D7-67B4F4D7827B"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*","matchCriteriaId":"764B7D38-BC1B-47DB-B1DF-D092BDA4BFCB"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*","matchCriteriaId":"6604E7BE-9F9B-444D-A63A-F65D1CFDF3BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*","matchCriteriaId":"132B9217-B0E0-4E3E-9096-162AA28E158E"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*","matchCriteriaId":"7619F9A0-9054-4217-93D1-3EA64876C5B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*","matchCriteriaId":"6D82C405-17E2-4DF1-8DF5-315BD5A41595"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*","matchCriteriaId":"4C96806F-4718-4BD3-9102-55A26AA86498"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*","matchCriteriaId":"2D1C00C0-C77E-4255-9ECA-20F2673C7366"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*","matchCriteriaId":"21F16D65-8A46-4AC7-8970-73AB700035FB"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*","matchCriteriaId":"92F393FF-7E6F-4671-BFBF-060162E12659"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*","matchCriteriaId":"E1B85A09-CF8D-409D-966E-168F9959F6F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*","matchCriteriaId":"3A66E6CF-39CF-412E-8EF0-8E10BA21B4A4"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*","matchCriteriaId":"C684FB18-FDDC-4BED-A28C-C23EE6CD0094"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*","matchCriteriaId":"A74A79A7-4FAF-4C81-8622-050008B96AE1"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*","matchCriteriaId":"CEDACCB9-8D61-49EE-9957-9E58BC7BB031"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*","matchCriteriaId":"4993DD56-F9E3-4AC8-AC3E-BF204B950DEC"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*","matchCriteriaId":"E884B241-F9C3-44F8-A420-DE65F5F3D660"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*","matchCriteriaId":"3A383620-B4F7-44A7-85DA-A4FF2E115D80"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*","matchCriteriaId":"5F0C6812-F455-49CF-B29B-9AC00306DA43"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*","matchCriteriaId":"3F2D462C-A1B4-4572-A615-BDE9DC5F1E55"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.0.10:*:*:*:*:*:*:*","matchCriteriaId":"C17C77E3-ABCE-4F1F-A55D-DB61A2A5E28F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.0.11:*:*:*:*:*:*:*","matchCriteriaId":"89B876D5-7095-4BA2-9EE3-3F0632BC2E77"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.0.12:*:*:*:*:*:*:*","matchCriteriaId":"918D00A4-5502-4DD6-A079-807AB3E964B2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.0.13:*:*:*:*:*:*:*","matchCriteriaId":"A38E8EAD-0742-41CB-B69E-DCC483CBC485"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.1.0:*:*:*:*:*:*:*","matchCriteriaId":"D1E3BE5C-5097-4585-AF0D-79661DC4A231"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.1.1:*:*:*:*:*:*:*","matchCriteriaId":"953723A1-606F-4976-A843-1A3F020B9B53"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.1.3:*:*:*:*:*:*:*","matchCriteriaId":"3F70EC32-7365-4653-8843-84C92EE9EC68"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.1.4:*:*:*:*:*:*:*","matchCriteriaId":"AFABBD01-0773-4823-ABBA-95181558C88E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.1.5:*:*:*:*:*:*:*","matchCriteriaId":"CE68D967-3356-4CF1-A582-F4EEAC52FA1A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.1.6:*:*:*:*:*:*:*","matchCriteriaId":"75F11AA6-E01D-4951-BB2C-31BB181DF895"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.1.7:*:*:*:*:*:*:*","matchCriteriaId":"F2D6AF76-02D2-42C1-9620-8F73D5547CC4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.1.8:*:*:*:*:*:*:*","matchCriteriaId":"C762024B-5792-43A3-A82F-A1C0F152F7BE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.1.9:*:*:*:*:*:*:*","matchCriteriaId":"20C26A6C-3C2E-4A2B-B201-6EE949368EDA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.2.0:*:*:*:*:*:*:*","matchCriteriaId":"0CB6DD83-F8B5-4286-879C-EDD35F5C7FDF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.2.1:*:*:*:*:*:*:*","matchCriteriaId":"9F110827-BCB4-468D-B8F7-4B545F965BFA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.2.2:*:*:*:*:*:*:*","matchCriteriaId":"43E177AD-166A-4521-89BE-66E7571EB80E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.2.3:*:*:*:*:*:*:*","matchCriteriaId":"3FAE0988-3222-4B11-A809-DFEE0FFDD98F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.2.4:*:*:*:*:*:*:*","matchCriteriaId":"683595A9-7C48-455D-91E7-BF7E1F5B4BF8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.2.5:*:*:*:*:*:*:*","matchCriteriaId":"C0AFDC7F-23C2-4925-9356-944CBEBB1E7E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.3.0:*:*:*:*:*:*:*","matchCriteriaId":"DE446DB7-3B45-461A-A8E7-5DAFAD8AE5D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.3.1:*:*:*:*:*:*:*","matchCriteriaId":"32B39B8F-50BF-460E-BD26-5C38E125362F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.3.2:*:*:*:*:*:*:*","matchCriteriaId":"FA02D40A-7BC3-42C4-8CEF-C992A3EECE4D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.3.3:*:*:*:*:*:*:*","matchCriteriaId":"35AB63E6-D66C-4F69-8C76-5BB56B0D6A18"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.3.4:*:*:*:*:*:*:*","matchCriteriaId":"D3F16ABD-287C-4710-9720-570648A13F97"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netbsd:netbsd:5.1:*:*:*:*:*:*:*","matchCriteriaId":"730917F8-E1F4-4836-B05A-16B2BA5774DC"},{"vulnerable":true,"criteria":"cpe:2.3:o:netbsd:netbsd:5.1.1:*:*:*:*:*:*:*","matchCriteriaId":"38D69127-E5B0-4BC6-8E0A-A5F16D19B06B"},{"vulnerable":true,"criteria":"cpe:2.3:o:netbsd:netbsd:5.1.2:*:*:*:*:*:*:*","matchCriteriaId":"C76E9006-A1DA-4902-94C9-AE7071E5A6BF"},{"vulnerable":true,"criteria":"cpe:2.3:o:netbsd:netbsd:5.1.3:*:*:*:*:*:*:*","matchCriteriaId":"D861332D-5976-4544-91C6-4016BAC4648E"},{"vulnerable":true,"criteria":"cpe:2.3:o:netbsd:netbsd:5.1.4:*:*:*:*:*:*:*","matchCriteriaId":"E8D29E76-7A2D-4BC5-AF4E-99A9C31A14D0"},{"vulnerable":true,"criteria":"cpe:2.3:o:netbsd:netbsd:5.2:*:*:*:*:*:*:*","matchCriteriaId":"3407906D-EF23-4812-A597-F0E863DE17B6"},{"vulnerable":true,"criteria":"cpe:2.3:o:netbsd:netbsd:5.2.1:*:*:*:*:*:*:*","matchCriteriaId":"F0D17EDB-45BF-4922-8D46-8C340D3F8D1F"},{"vulnerable":true,"criteria":"cpe:2.3:o:netbsd:netbsd:5.2.2:*:*:*:*:*:*:*","matchCriteriaId":"269E87C2-7474-43F0-870E-C5ADCB73ABFF"},{"vulnerable":true,"criteria":"cpe:2.3:o:netbsd:netbsd:6.0:*:*:*:*:*:*:*","matchCriteriaId":"C23BD3A0-E5AD-4893-AAAF-E2858B4128CF"},{"vulnerable":true,"criteria":"cpe:2.3:o:netbsd:netbsd:6.0:beta:*:*:*:*:*:*","matchCriteriaId":"164CD64D-C160-4F75-BF04-19BC7F6E11BE"},{"vulnerable":true,"criteria":"cpe:2.3:o:netbsd:netbsd:6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"1510AD8C-14AC-4649-AE37-5310575B3E3F"},{"vulnerable":true,"criteria":"cpe:2.3:o:netbsd:netbsd:6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"44D36CD7-FE10-4A72-8364-DE3EFD49AB4B"},{"vulnerable":true,"criteria":"cpe:2.3:o:netbsd:netbsd:6.0.3:*:*:*:*:*:*:*","matchCriteriaId":"24469F6E-FC82-416A-9639-8FC37BE9745F"},{"vulnerable":true,"criteria":"cpe:2.3:o:netbsd:netbsd:6.0.4:*:*:*:*:*:*:*","matchCriteriaId":"A4E28965-1C24-43CC-AFAA-5716D8F6CC6B"},{"vulnerable":true,"criteria":"cpe:2.3:o:netbsd:netbsd:6.0.5:*:*:*:*:*:*:*","matchCriteriaId":"368CB806-F671-481F-A9BE-DC320F82E5B8"},{"vulnerable":true,"criteria":"cpe:2.3:o:netbsd:netbsd:6.0.6:*:*:*:*:*:*:*","matchCriteriaId":"EF7E45F6-2EE9-4E97-B502-F48F2DDC5F3C"},{"vulnerable":true,"criteria":"cpe:2.3:o:netbsd:netbsd:6.1:*:*:*:*:*:*:*","matchCriteriaId":"69CAE756-335E-4E02-83F9-B274D416775C"},{"vulnerable":true,"criteria":"cpe:2.3:o:netbsd:netbsd:6.1.1:*:*:*:*:*:*:*","matchCriteriaId":"D3784838-1A43-4C46-A730-4CB88594A449"},{"vulnerable":true,"criteria":"cpe:2.3:o:netbsd:netbsd:6.1.2:*:*:*:*:*:*:*","matchCriteriaId":"F555CE26-6E23-4E7A-A138-6F675EA9BEAE"},{"vulnerable":true,"criteria":"cpe:2.3:o:netbsd:netbsd:6.1.3:*:*:*:*:*:*:*","matchCriteriaId":"69071B74-471C-42C0-AF2D-2D278D355250"},{"vulnerable":true,"criteria":"cpe:2.3:o:netbsd:netbsd:6.1.4:*:*:*:*:*:*:*","matchCriteriaId":"1C501514-768D-4AC0-8797-152763F24F0F"},{"vulnerable":true,"criteria":"cpe:2.3:o:netbsd:netbsd:6.1.5:*:*:*:*:*:*:*","matchCriteriaId":"79D2486C-5C39-40C7-B87B-969800F730C5"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"16F59A04-14CF-49E2-9973-645477EA09DA"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:database:11.2.0.4:*:*:*:*:*:*:*","matchCriteriaId":"5100F5C8-D5F8-466B-AABE-E42B3770B39D"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:*:*:*:*","matchCriteriaId":"1F3C58EE-B36B-4081-A307-0FE9B52D8E62"}]}]}],"references":[{"url":"ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://advisories.mageia.org/MGASA-2014-0416.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://blog.cryptographyengineering.com/2014/10/attack-of-week-poodle.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://blog.nodejs.org/2014/10/23/node-v0-10-33-stable/","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://blogs.technet.com/b/msrc/archive/2014/10/14/security-advisory-3009008-released.aspx","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://downloads.asterisk.org/pub/security/AST-2014-011.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html","source":"secalert@redhat.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html","source":"secalert@redhat.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.fedoraproject.org/pipermail/package-announce/2014-November/142330.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141114.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141158.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169361.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169374.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=141450452204552&w=2","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=141450973807288&w=2","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=141477196830952&w=2","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=141576815022399&w=2","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=141577087123040&w=2","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=141577350823734&w=2","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=141620103726640&w=2","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=141628688425177&w=2","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=141694355519663&w=2","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=141697638231025&w=2","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=141697676231104&w=2","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=141703183219781&w=2","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=141715130023061&w=2","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=141775427104070&w=2","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=141813976718456&w=2","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=141814011518700&w=2","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=141879378918327&w=2","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=142103967620673&w=2","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=142118135300698&w=2","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=142296755107581&w=2","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=142350196615714&w=2","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=142350298616097&w=2","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=142350743917559&w=2","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=142354438527235&w=2","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=142357976805598&w=2","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=142495837901899&w=2","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=142496355704097&w=2","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=142546741516006&w=2","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=142607790919348&w=2","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=142624590206005&w=2","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=142624619906067","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=142624619906067&w=2","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=142624679706236&w=2","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=142624719706349&w=2","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=142660345230545&w=2","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=142721830231196&w=2","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=142721887231400&w=2","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=142740155824959&w=2","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=142791032306609&w=2","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=142804214608580&w=2","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=142805027510172&w=2","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=142962817202793&w=2","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=143039249603103&w=2","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=143101048219218&w=2","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=143290371927178&w=2","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=143290437727362&w=2","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=143290522027658&w=2","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=143290583027876&w=2","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=143558137709884&w=2","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=143558192010071&w=2","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=143628269912142&w=2","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=144101915224472&w=2","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=144251162130364&w=2","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=144294141001552&w=2","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=145983526810210&w=2","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=openssl-dev&m=141333049205629&w=2","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3566.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2014-1652.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2014-1653.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2014-1692.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2014-1876.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2014-1877.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2014-1880.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2014-1881.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2014-1882.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2014-1920.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2014-1948.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2015-0068.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2015-0079.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2015-0080.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2015-0085.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2015-0086.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2015-0264.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2015-0698.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2015-1545.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2015-1546.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://secunia.com/advisories/59627","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://secunia.com/advisories/60056","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://secunia.com/advisories/60206","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://secunia.com/advisories/60792","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://secunia.com/advisories/60859","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://secunia.com/advisories/61019","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://secunia.com/advisories/61130","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://secunia.com/advisories/61303","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://secunia.com/advisories/61316","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://secunia.com/advisories/61345","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://secunia.com/advisories/61359","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://secunia.com/advisories/61782","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://secunia.com/advisories/61810","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://secunia.com/advisories/61819","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://secunia.com/advisories/61825","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://secunia.com/advisories/61827","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://secunia.com/advisories/61926","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://secunia.com/advisories/61995","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://support.apple.com/HT204244","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://support.citrix.com/article/CTX200238","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://www-01.ibm.com/support/docview.wss?uid=isg3T1021431","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://www-01.ibm.com/support/docview.wss?uid=isg3T1021439","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21686997","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21687172","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21687611","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21688283","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21692299","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2014/dsa-3053","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2015/dsa-3144","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2015/dsa-3147","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2015/dsa-3253","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2016/dsa-3489","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://www.kb.cert.org/vuls/id/577193","source":"secalert@redhat.com","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2014:203","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:062","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html","source":"secalert@redhat.com","tags":["Patch","Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html","source":"secalert@redhat.com","tags":["Patch","Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html","source":"secalert@redhat.com","tags":["Patch","Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/archive/1/533724/100/0/threaded","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/archive/1/533746","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/archive/1/533747","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/70574","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1031029","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1031039","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1031085","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1031086","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1031087","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1031088","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1031089","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1031090","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1031091","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1031092","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1031093","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1031094","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1031095","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1031096","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1031105","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1031106","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1031107","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1031120","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1031123","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1031124","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1031130","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1031131","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1031132","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ubuntu.com/usn/USN-2486-1","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"http://www.ubuntu.com/usn/USN-2487-1","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"http://www.us-cert.gov/ncas/alerts/TA14-290A","source":"secalert@redhat.com","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.vmware.com/security/advisories/VMSA-2015-0003.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-405500.htm","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/articles/1232123","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bto.bluecoat.com/security-advisory/sa83","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1076983","source":"secalert@redhat.com","tags":["Issue Tracking"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1152789","source":"secalert@redhat.com","tags":["Issue Tracking"]},{"url":"https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-big-ip","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://github.com/mpgn/poodle-PoC","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://groups.google.com/forum/#%21topic/docker-user/oYm0i3xShJU","source":"secalert@redhat.com"},{"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04819635","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02","source":"secalert@redhat.com","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10090","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10091","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10104","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E","source":"secalert@redhat.com"},{"url":"https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E","source":"secalert@redhat.com"},{"url":"https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E","source":"secalert@redhat.com"},{"url":"https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E","source":"secalert@redhat.com"},{"url":"https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E","source":"secalert@redhat.com"},{"url":"https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E","source":"secalert@redhat.com"},{"url":"https://puppet.com/security/cve/poodle-sslv3-vulnerability","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201507-14","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201606-11","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20141015-0001/","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://support.apple.com/HT205217","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/kb/HT6527","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/kb/HT6529","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/kb/HT6531","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/kb/HT6535","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/kb/HT6536","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/kb/HT6541","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/kb/HT6542","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://support.citrix.com/article/CTX216642","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://support.lenovo.com/product_security/poodle","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://support.lenovo.com/us/en/product_security/poodle","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://technet.microsoft.com/library/security/3009008.aspx","source":"secalert@redhat.com","tags":["Patch","Vendor Advisory"]},{"url":"https://www-01.ibm.com/support/docview.wss?uid=swg21688165","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://www.arista.com/en/support/advisories-notices/security-advisories/1015-security-advisory-7","source":"secalert@redhat.com"},{"url":"https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://www.dfranke.us/posts/2014-10-14-how-poodle-happened.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://www.elastic.co/blog/logstash-1-4-3-released","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://www.imperialviolet.org/2014/10/14/poodle.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://www.openssl.org/news/secadv_20141015.txt","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://www.openssl.org/~bodo/ssl-poodle.pdf","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://www.suse.com/support/kb/doc.php?id=7015773","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://advisories.mageia.org/MGASA-2014-0416.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://blog.cryptographyengineering.com/2014/10/attack-of-week-poodle.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://blog.nodejs.org/2014/10/23/node-v0-10-33-stable/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://blogs.technet.com/b/msrc/archive/2014/10/14/security-advisory-3009008-released.aspx","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://downloads.asterisk.org/pub/security/AST-2014-011.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.fedoraproject.org/pipermail/package-announce/2014-November/142330.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141114.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141158.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169361.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169374.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=141450452204552&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=141450973807288&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=141477196830952&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=141576815022399&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=141577087123040&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=141577350823734&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=141620103726640&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=141628688425177&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=141694355519663&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=141697638231025&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=141697676231104&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=141703183219781&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=141715130023061&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=141775427104070&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=141813976718456&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=141814011518700&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=141879378918327&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=142103967620673&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=142118135300698&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=142296755107581&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=142350196615714&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=142350298616097&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=142350743917559&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=142354438527235&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=142357976805598&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=142495837901899&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=142496355704097&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=142546741516006&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=142607790919348&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=142624590206005&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=142624619906067","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=142624619906067&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=142624679706236&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=142624719706349&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=142660345230545&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=142721830231196&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=142721887231400&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=142740155824959&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=142791032306609&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=142804214608580&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=142805027510172&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=142962817202793&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=143039249603103&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=143101048219218&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=143290371927178&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=143290437727362&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=143290522027658&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=143290583027876&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=143558137709884&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=143558192010071&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=143628269912142&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=144101915224472&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=144251162130364&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=144294141001552&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=145983526810210&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://marc.info/?l=openssl-dev&m=141333049205629&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3566.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2014-1652.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2014-1653.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2014-1692.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2014-1876.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2014-1877.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2014-1880.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2014-1881.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2014-1882.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2014-1920.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2014-1948.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2015-0068.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2015-0079.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2015-0080.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2015-0085.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2015-0086.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2015-0264.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2015-0698.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2015-1545.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2015-1546.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://secunia.com/advisories/59627","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://secunia.com/advisories/60056","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://secunia.com/advisories/60206","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://secunia.com/advisories/60792","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://secunia.com/advisories/60859","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://secunia.com/advisories/61019","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://secunia.com/advisories/61130","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://secunia.com/advisories/61303","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://secunia.com/advisories/61316","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://secunia.com/advisories/61345","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://secunia.com/advisories/61359","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://secunia.com/advisories/61782","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://secunia.com/advisories/61810","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://secunia.com/advisories/61819","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://secunia.com/advisories/61825","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://secunia.com/advisories/61827","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://secunia.com/advisories/61926","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://secunia.com/advisories/61995","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://support.apple.com/HT204244","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://support.citrix.com/article/CTX200238","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www-01.ibm.com/support/docview.wss?uid=isg3T1021431","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www-01.ibm.com/support/docview.wss?uid=isg3T1021439","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21686997","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21687172","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21687611","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21688283","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21692299","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2014/dsa-3053","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2015/dsa-3144","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2015/dsa-3147","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2015/dsa-3253","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2016/dsa-3489","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.kb.cert.org/vuls/id/577193","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2014:203","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:062","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/archive/1/533724/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/archive/1/533746","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/archive/1/533747","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/70574","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1031029","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1031039","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1031085","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1031086","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1031087","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1031088","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1031089","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1031090","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1031091","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1031092","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1031093","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1031094","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1031095","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1031096","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1031105","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1031106","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1031107","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1031120","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1031123","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1031124","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1031130","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1031131","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1031132","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ubuntu.com/usn/USN-2486-1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.ubuntu.com/usn/USN-2487-1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.us-cert.gov/ncas/alerts/TA14-290A","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.vmware.com/security/advisories/VMSA-2015-0003.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-405500.htm","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/articles/1232123","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://bto.bluecoat.com/security-advisory/sa83","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1076983","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1152789","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-big-ip","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://github.com/mpgn/poodle-PoC","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://groups.google.com/forum/#%21topic/docker-user/oYm0i3xShJU","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04819635","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10090","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10091","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10104","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://puppet.com/security/cve/poodle-sslv3-vulnerability","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201507-14","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201606-11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20141015-0001/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://support.apple.com/HT205217","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/kb/HT6527","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/kb/HT6529","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/kb/HT6531","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/kb/HT6535","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/kb/HT6536","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/kb/HT6541","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/kb/HT6542","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.citrix.com/article/CTX216642","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://support.lenovo.com/product_security/poodle","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://support.lenovo.com/us/en/product_security/poodle","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://technet.microsoft.com/library/security/3009008.aspx","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://templatelab.com/ssl-poodle/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www-01.ibm.com/support/docview.wss?uid=swg21688165","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.arista.com/en/support/advisories-notices/security-advisories/1015-security-advisory-7","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.dfranke.us/posts/2014-10-14-how-poodle-happened.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.elastic.co/blog/logstash-1-4-3-released","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.imperialviolet.org/2014/10/14/poodle.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.openssl.org/news/secadv_20141015.txt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.openssl.org/~bodo/ssl-poodle.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.suse.com/support/kb/doc.php?id=7015773","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2015-2808","sourceIdentifier":"cve@mitre.org","published":"2015-04-01T02:00:35.097","lastModified":"2026-05-28T14:16:16.170","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue."},{"lang":"es","value":"El algoritmo RC4, utilizado en el protocolo TLS y el protocolo SSL, no combina correctamente los datos de estados con los datos de claves durante la fase de inicialización, lo que facilita a atacantes remotos realizar ataques de recuperación de texto claro contra los bytes iniciales de un flujo mediante la captura de trafico de la red que ocasionalmente depende de claves afectadas por la debilidad de la invariabilidad (Invariance Weakness), y posteriormente utilizar un acercamiento de fuerza bruta que involucra valores LSB, también conocido como el problema de 'Bar Mitzvah'."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-327"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-327"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_application_session_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndIncluding":"3.9.0","matchCriteriaId":"C306035B-10B2-4BC5-B6DE-194BE343DA8E"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_policy_management:*:*:*:*:*:*:*:*","versionEndExcluding":"9.9.2","matchCriteriaId":"D3AB62FE-AB1A-4162-8A51-E34EDE33DD85"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:http_server:11.1.1.7.0:*:*:*:*:*:*:*","matchCriteriaId":"911FBD5E-213D-482F-81A9-C3B8CE7D903A"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:http_server:11.1.1.9.0:*:*:*:*:*:*:*","matchCriteriaId":"EBD2676F-EE9D-4462-ABA5-C11CE726849C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:http_server:12.1.3.0.0:*:*:*:*:*:*:*","matchCriteriaId":"6505AE29-5091-4C72-AF6B-932DEF53A8D2"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:http_server:12.2.1.1.0:*:*:*:*:*:*:*","matchCriteriaId":"4EC475C1-A339-4C49-B6BA-A0E4D6FDF5DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:http_server:12.2.1.2.0:*:*:*:*:*:*:*","matchCriteriaId":"38A45A86-3B7E-4245-B717-2A6E868BE6BE"},{"vulnerable":true,"criteria":"cpe:2.3:o:oracle:integrated_lights_out_manager_firmware:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndIncluding":"3.2.11","matchCriteriaId":"24EDBB8B-1AFB-498D-B78C-7BC72B8C1085"},{"vulnerable":true,"criteria":"cpe:2.3:o:oracle:integrated_lights_out_manager_firmware:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndIncluding":"4.0.4","matchCriteriaId":"F3024389-3D4A-4E19-BE42-DAF9EA51D471"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"16F59A04-14CF-49E2-9973-645477EA09DA"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*","matchCriteriaId":"85EA16E0-9261-45C4-840F-5366E9EAC5E1"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*","matchCriteriaId":"133AAFA7-AF42-4D7B-8822-AA2E85611BF5"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","matchCriteriaId":"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","matchCriteriaId":"33C068A4-3780-4EAB-A937-6082DF847564"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:6.6:*:*:*:*:*:*:*","matchCriteriaId":"319EC0C6-94C5-494A-9C5D-DC5124DFC8E1"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:7.1:*:*:*:*:*:*:*","matchCriteriaId":"A67A7B7A-998D-4B8C-8831-6E58406565FE"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:*","matchCriteriaId":"AE1D81A1-CD24-4B17-8AFD-DC95E90AD7D0"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*","matchCriteriaId":"807C024A-F8E8-4B48-A349-4C68CD252CA1"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*","matchCriteriaId":"F96E3779-F56A-45FF-BB3D-4980527D721E"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*","matchCriteriaId":"0CF73560-2F5B-4723-A8A1-9AADBB3ADA00"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"5BF3C7A5-9117-42C7-BEA1-4AA378A582EF"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*","matchCriteriaId":"83737173-E12E-4641-BC49-0BD84A6B29D0"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*","matchCriteriaId":"54D669D4-6D7E-449D-80C1-28FA44F06FFE"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","matchCriteriaId":"9BBCD86A-E6C7-4444-9D74-F861084090F0"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","matchCriteriaId":"51EF4996-72F4-4FA4-814F-F5991E7A8318"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*","matchCriteriaId":"16E6D998-B41D-4B49-9E00-8336D2E40A4A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*","matchCriteriaId":"98381E61-F082-4302-B51F-5648884F998B"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*","matchCriteriaId":"D99A687E-EAE6-417E-A88E-D0082BC194CD"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"B353CE99-D57C-465B-AAB0-73EF581127D1"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*","matchCriteriaId":"7431ABC1-9252-419E-8CC1-311B41360078"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*","matchCriteriaId":"24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"B76AA310-FEC7-497F-AF04-C3EC1E76C4CC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*","matchCriteriaId":"17F256A9-D3B9-4C72-B013-4EFD878BFEA8"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*","matchCriteriaId":"D0AC5CD5-6E58-433C-9EB3-6DFE5656463E"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","matchCriteriaId":"E5ED5807-55B7-47C5-97A6-03233F4FBC3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","matchCriteriaId":"825ECE2D-E232-46E0-A047-074B34DB1E97"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp3:*:*:*:*:*:*","matchCriteriaId":"58D3B6FD-B474-4B09-B644-A8634A629280"},{"vulnerable":true,"criteria":"cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*","matchCriteriaId":"F892F1B0-514C-42F7-90AE-12ACDFDC1033"},{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*","matchCriteriaId":"A10BC294-9196-425F-9FB0-B1625465B47F"},{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*","matchCriteriaId":"03117DF1-3BEC-4B8D-AD63-DBBDB2126081"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*","matchCriteriaId":"3ED68ADD-BBDA-4485-BC76-58F011D72311"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4:*:*:*:*:*:*","matchCriteriaId":"17D4B6F2-514D-4BC2-B2C5-4E2FCCAC594C"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*","matchCriteriaId":"D2DF4815-B8CB-4AD3-B91D-2E09A8E318E9"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*","matchCriteriaId":"35BBD83D-BDC7-4678-BE94-639F59281139"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:*:*:*","matchCriteriaId":"67960FB9-13D1-4DEE-8158-31BF31BCBE6F"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*","matchCriteriaId":"CB6476C7-03F2-4939-AB85-69AA524516D9"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*","matchCriteriaId":"2470C6E8-2024-4CF5-9982-CFF50E88EAE9"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*","matchCriteriaId":"15FC9014-BD85-4382-9D04-C0703E901D7A"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*","matchCriteriaId":"2F7F8866-DEAD-44D1-AB10-21EE611AA026"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*","matchCriteriaId":"1831D45A-EE6E-4220-8F8C-248B69520948"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:suse:manager:1.7:*:*:*:*:*:*:*","matchCriteriaId":"2C9E2D37-9F56-49E0-BB28-56FB755CE078"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*","matchCriteriaId":"88D6E858-FD8F-4C55-B7D5-CEEDA2BBA898"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*","matchCriteriaId":"8D305F7A-D159-4716-AB26-5E38BB5CD991"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*","matchCriteriaId":"815D70A8-47D3-459C-A32C-9FEACA0659D1"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*","matchCriteriaId":"F38D3B7E-8429-473F-BB31-FC3583EE5A5B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*","matchCriteriaId":"D4840254-CC76-4113-BC61-360BD15582B9"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*","matchCriteriaId":"1D8B549B-E57B-4DFE-8A13-CAB06B5356B3"},{"vulnerable":false,"criteria":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","matchCriteriaId":"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fujitsu:sparc_enterprise_m3000_firmware:*:*:*:*:*:*:*:*","versionStartIncluding":"xcp","versionEndExcluding":"xcp_1121","matchCriteriaId":"9DBE3B60-DED8-4F47-A60F-410ECB873BAE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:fujitsu:sparc_enterprise_m3000:-:*:*:*:*:*:*:*","matchCriteriaId":"AB54B753-F066-4387-B0C3-43E647A42EBE"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fujitsu:sparc_enterprise_m4000_firmware:*:*:*:*:*:*:*:*","versionStartIncluding":"xcp","versionEndExcluding":"xcp_1121","matchCriteriaId":"5BBD38A2-1B17-4B28-9FE1-6D62A6337C12"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:fujitsu:sparc_enterprise_m4000:-:*:*:*:*:*:*:*","matchCriteriaId":"1846C0CA-AE13-435F-BF91-EEE0CC311DD5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fujitsu:sparc_enterprise_m5000_firmware:*:*:*:*:*:*:*:*","versionStartIncluding":"xcp","versionEndExcluding":"xcp_1121","matchCriteriaId":"5884F45B-F822-46B9-A0DC-6B59A3C3E7E0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:fujitsu:sparc_enterprise_m5000:-:*:*:*:*:*:*:*","matchCriteriaId":"C2EDCD99-9677-45A7-9221-3A6A41917A7C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fujitsu:sparc_enterprise_m8000_firmware:*:*:*:*:*:*:*:*","versionStartIncluding":"xcp","versionEndExcluding":"xcp_1121","matchCriteriaId":"9ED7A13F-9510-4FA0-96A6-D2D34D49545F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:fujitsu:sparc_enterprise_m8000:-:*:*:*:*:*:*:*","matchCriteriaId":"9581ABD4-5ED6-4EC5-8A0B-1D7A449C10D5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fujitsu:sparc_enterprise_m9000_firmware:*:*:*:*:*:*:*:*","versionStartIncluding":"xcp","versionEndExcluding":"xcp_1121","matchCriteriaId":"0C4C1EC1-19BE-4E1E-8F56-47A83AD0410D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:fujitsu:sparc_enterprise_m9000:-:*:*:*:*:*:*:*","matchCriteriaId":"0A2CEAD6-9F8C-411C-9107-BA858CB8A31B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:huawei:e6000_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"075D228F-B3F3-44A0-9C93-510E2EF7BE16"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:huawei:e6000:-:*:*:*:*:*:*:*","matchCriteriaId":"1F66D29E-0B7F-45D3-BECC-21952F4A4850"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:huawei:e9000_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"CA0AE74D-A6FC-44A1-80D4-CB5039FD31AC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:huawei:e9000:-:*:*:*:*:*:*:*","matchCriteriaId":"741F1B4C-D77D-416F-B6D9-0359F391D96F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:huawei:oceanstor_18500_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"929D8B7A-4535-49EA-9DD6-AB83174337AA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:huawei:oceanstor_18500:-:*:*:*:*:*:*:*","matchCriteriaId":"B7AAE27E-EB13-43E2-A7F4-7973977AD936"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:huawei:oceanstor_18800_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"8E00020C-C1FB-425B-B285-BCF7450F76B0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:huawei:oceanstor_18800:-:*:*:*:*:*:*:*","matchCriteriaId":"B196FDFF-8A1D-4E7D-895A-1D09ADACC396"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:huawei:oceanstor_18800f_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"47CA0343-7F2A-45BE-B7A2-8F91F31C0912"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:huawei:oceanstor_18800f:-:*:*:*:*:*:*:*","matchCriteriaId":"4E675B6C-C847-486F-8946-F98E271E1DC0"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:huawei:oceanstor_9000_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"45D279CD-1344-4200-B4DF-303739323D19"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:huawei:oceanstor_9000:-:*:*:*:*:*:*:*","matchCriteriaId":"AEC54023-CF84-4095-A3E8-2D6E334768E9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:huawei:oceanstor_cse_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"4D5F81B5-BD6E-4B10-8EB9-AE0929E3DCE6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:huawei:oceanstor_cse:-:*:*:*:*:*:*:*","matchCriteriaId":"7E9846D2-4A8C-421E-8FE0-F6091DD2B30E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:huawei:oceanstor_hvs85t_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"C2453CC3-FDD3-4C42-9D17-C231DA2D1F41"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:huawei:oceanstor_hvs85t:-:*:*:*:*:*:*:*","matchCriteriaId":"675CCB4F-BB76-45DC-9E6E-3BD279995084"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:huawei:oceanstor_s2600t_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"CBD74E7B-DB83-44DF-9A0B-D2EFF346855A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:huawei:oceanstor_s2600t:-:*:*:*:*:*:*:*","matchCriteriaId":"5FFC0113-86D7-45B1-975F-B24AF1951C4A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:huawei:oceanstor_s5500t_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"6E3E931B-BD89-48D1-BE5F-0BDBF78914C0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:huawei:oceanstor_s5500t:-:*:*:*:*:*:*:*","matchCriteriaId":"F36770F0-2E40-42FF-BD7B-7AE2C84E62A2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:huawei:oceanstor_s5600t_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"63E1D8ED-A4EC-46B4-A0C0-8F46262F1D2F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:huawei:oceanstor_s5600t:-:*:*:*:*:*:*:*","matchCriteriaId":"6830C365-357D-41A3-8AA7-3B4854260762"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:huawei:oceanstor_s5800t_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"7A307235-4B7B-40EE-807A-9C8FFD8DF72C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:huawei:oceanstor_s5800t:-:*:*:*:*:*:*:*","matchCriteriaId":"866A8777-DB2A-4915-8DA6-1AF751742354"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:huawei:oceanstor_s6800t_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"488319BB-6D39-4AA5-85A8-840EF46227F4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:huawei:oceanstor_s6800t:-:*:*:*:*:*:*:*","matchCriteriaId":"C1F50E5B-8733-43AB-B6CF-66AC7305E2DB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:huawei:oceanstor_vis6600t_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"0BC3C090-EB04-4A0D-8644-51002CF2ABF5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:huawei:oceanstor_vis6600t:-:*:*:*:*:*:*:*","matchCriteriaId":"4D0988C3-BAE5-4B5A-92FC-9D275B4DE9F5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:huawei:quidway_s9300_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"4F01C05D-6937-4FAD-A0E1-6168EE1D7CE4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:huawei:quidway_s9300:-:*:*:*:*:*:*:*","matchCriteriaId":"2E756FE8-F106-4BFD-B33B-CC198363D2FD"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:huawei:s7700_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"CF102265-497A-4766-80C8-323D511B4EAF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:huawei:s7700:-:*:*:*:*:*:*:*","matchCriteriaId":"8769C2C4-E333-432B-8943-CFDFAE013379"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:huawei:s7700_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"CF102265-497A-4766-80C8-323D511B4EAF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:huawei:s7700:-:*:*:*:*:*:*:*","matchCriteriaId":"8769C2C4-E333-432B-8943-CFDFAE013379"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:huawei:9700_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"4A3C463F-2C0B-4269-95ED-A578C01E0F55"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:huawei:9700:-:*:*:*:*:*:*:*","matchCriteriaId":"D2A9F6EB-8B6E-465C-B441-C4861771861E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:huawei:9700_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"4A3C463F-2C0B-4269-95ED-A578C01E0F55"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:huawei:9700:-:*:*:*:*:*:*:*","matchCriteriaId":"D2A9F6EB-8B6E-465C-B441-C4861771861E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:huawei:s12700_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"89D69269-4251-4CE9-AD67-4968A917C1E0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:huawei:s12700:-:*:*:*:*:*:*:*","matchCriteriaId":"138C1E57-176C-46B1-9704-D9C8391CC802"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:huawei:s12700_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"89D69269-4251-4CE9-AD67-4968A917C1E0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:huawei:s12700:-:*:*:*:*:*:*:*","matchCriteriaId":"138C1E57-176C-46B1-9704-D9C8391CC802"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:huawei:s2700_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"540F0482-7F5E-4688-B282-97A6576E0A6D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:huawei:s2700:-:*:*:*:*:*:*:*","matchCriteriaId":"DD2CD071-58E4-4061-8217-990453213470"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:huawei:s3700_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"789A2B2D-99B1-4AA5-BB39-65D58D8B59B0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:huawei:s3700:-:*:*:*:*:*:*:*","matchCriteriaId":"B7F84390-E120-406B-967D-B473EB110EA9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:huawei:s5700ei_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"B9FD39BD-0D24-4C1E-969C-C9509AE8A0D8"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:huawei:s5700ei:-:*:*:*:*:*:*:*","matchCriteriaId":"1B0BE6C3-1FB2-4718-AA9D-1A8D8663C195"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:huawei:s5700hi_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"409A4E21-B8D8-445F-A9C4-3CDA73189CA9"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:huawei:s5700hi:-:*:*:*:*:*:*:*","matchCriteriaId":"ED775342-B93C-4DF9-BC62-B6BE549F1B29"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:huawei:s5700si_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"31FB20E5-4830-411C-AE4B-6B2E180C0972"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:huawei:s5700si:-:*:*:*:*:*:*:*","matchCriteriaId":"24C4DC87-DE8C-461F-A555-F6E9A71C1C48"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:huawei:s5710ei_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"95E7ABCB-D0C0-4C18-A7AC-8C1EBD5E4E87"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:huawei:s5710ei:-:*:*:*:*:*:*:*","matchCriteriaId":"A2D59F3D-CC4A-4ADD-B83C-5CE3F0546622"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:huawei:s5710hi_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"065508F6-D026-4C99-B6F9-AE25CB1124D3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:huawei:s5710hi:-:*:*:*:*:*:*:*","matchCriteriaId":"4DFF0F26-CDF2-49B0-AED7-EEA4B9E99E8C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:huawei:s6700_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"86E35CBD-4488-4E64-BEA2-A2E89A4BB9E2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:huawei:s6700:-:*:*:*:*:*:*:*","matchCriteriaId":"DA7AC10D-B0DD-4206-8642-134DDD585C06"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:huawei:s2750_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"A0C6E3C4-5677-49B6-9D35-FAC2E550F311"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:huawei:s2750:-:*:*:*:*:*:*:*","matchCriteriaId":"B7859972-B7B8-4619-AAED-22B6B14852BC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:huawei:s5700li_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"1755FB01-C830-4147-B0BF-7D422A7D2181"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:huawei:s5700li:-:*:*:*:*:*:*:*","matchCriteriaId":"21B89917-2B3D-4BA5-8836-ADEECF46E976"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:huawei:s5700s-li_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"8DF808C1-3081-4FC7-8661-FBF6A04761B6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:huawei:s5700s-li:-:*:*:*:*:*:*:*","matchCriteriaId":"86FFC3BE-77A0-4202-9AE0-06D8D67F6539"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:huawei:s5720hi_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"8A960DA7-8B35-43B3-B15F-F3F7E14BF308"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:huawei:s5720hi:-:*:*:*:*:*:*:*","matchCriteriaId":"CB64BC36-693E-4101-9C13-4A4C572A4EDE"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:huawei:s2750_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"A0C6E3C4-5677-49B6-9D35-FAC2E550F311"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:huawei:s2750:-:*:*:*:*:*:*:*","matchCriteriaId":"B7859972-B7B8-4619-AAED-22B6B14852BC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:huawei:s5700li_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"1755FB01-C830-4147-B0BF-7D422A7D2181"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:huawei:s5700li:-:*:*:*:*:*:*:*","matchCriteriaId":"21B89917-2B3D-4BA5-8836-ADEECF46E976"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:huawei:s5700s-li_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"8DF808C1-3081-4FC7-8661-FBF6A04761B6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:huawei:s5700s-li:-:*:*:*:*:*:*:*","matchCriteriaId":"86FFC3BE-77A0-4202-9AE0-06D8D67F6539"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:huawei:s5720hi_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"8A960DA7-8B35-43B3-B15F-F3F7E14BF308"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:huawei:s5720hi:-:*:*:*:*:*:*:*","matchCriteriaId":"CB64BC36-693E-4101-9C13-4A4C572A4EDE"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:huawei:s5720ei_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"6A799E13-49E1-4CFB-BB7D-5E528C7E0FE3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:huawei:s5720ei:-:*:*:*:*:*:*:*","matchCriteriaId":"D7B06975-BD37-452D-9782-B768610D3777"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:huawei:te60_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"D65BF93A-9246-48CB-8510-F6B0380F48D9"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:huawei:te60:-:*:*:*:*:*:*:*","matchCriteriaId":"999117E9-90C8-4E76-90B5-7D364C0B84BF"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:huawei:oceanstor_replicationdirector:v100r003c00:*:*:*:*:*:*:*","matchCriteriaId":"0A0D7527-BCA2-4CF5-A793-1C01F6570679"},{"vulnerable":true,"criteria":"cpe:2.3:a:huawei:policy_center:v100r003c00:*:*:*:*:*:*:*","matchCriteriaId":"95CA0A4C-2571-4593-A075-9A6A7EABBB33"},{"vulnerable":true,"criteria":"cpe:2.3:a:huawei:policy_center:v100r003c10:*:*:*:*:*:*:*","matchCriteriaId":"16D46E9E-7F34-49C4-B56F-9090157FAD6E"},{"vulnerable":true,"criteria":"cpe:2.3:a:huawei:smc2.0:v100r002c01:*:*:*:*:*:*:*","matchCriteriaId":"8D6E37DD-6CEA-443A-80C2-79E28C78D7CF"},{"vulnerable":true,"criteria":"cpe:2.3:a:huawei:smc2.0:v100r002c02:*:*:*:*:*:*:*","matchCriteriaId":"BE1A9027-21FC-45E0-98B2-BFB8B5BE484D"},{"vulnerable":true,"criteria":"cpe:2.3:a:huawei:smc2.0:v100r002c03:*:*:*:*:*:*:*","matchCriteriaId":"EC8620BB-7730-4C8F-8B4B-21389636B3C8"},{"vulnerable":true,"criteria":"cpe:2.3:a:huawei:smc2.0:v100r002c04:*:*:*:*:*:*:*","matchCriteriaId":"D971D78C-A6F3-438D-A292-54A9A226FFE9"},{"vulnerable":true,"criteria":"cpe:2.3:a:huawei:ultravr:v100r003c00:*:*:*:*:*:*:*","matchCriteriaId":"648D923E-BF31-4DF4-B160-66874A8E45AF"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:cognos_metrics_manager:10.1:*:*:*:*:*:*:*","matchCriteriaId":"23F3243D-14BB-45F4-BBF6-DD45B8729B6B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:cognos_metrics_manager:10.1.1:*:*:*:*:*:*:*","matchCriteriaId":"97449883-5401-42C0-8FF1-6A5BEC7BC829"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:cognos_metrics_manager:10.2:*:*:*:*:*:*:*","matchCriteriaId":"2B2DDB90-C6A1-4EE5-96F2-F0A33B2F79A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:cognos_metrics_manager:10.2.1:*:*:*:*:*:*:*","matchCriteriaId":"E43C2590-059B-43BE-BFD1-7B0D1020D324"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:cognos_metrics_manager:10.2.2:*:*:*:*:*:*:*","matchCriteriaId":"379CF92E-AFD1-4744-AC07-6A495548F121"}]}]}],"references":[{"url":"http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=143456209711959&w=2","source":"cve@mitre.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=143629696317098&w=2","source":"cve@mitre.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=143741441012338&w=2","source":"cve@mitre.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=143817021313142&w=2","source":"cve@mitre.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=143817899717054&w=2","source":"cve@mitre.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=143818140118771&w=2","source":"cve@mitre.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=144043644216842&w=2","source":"cve@mitre.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=144059660127919&w=2","source":"cve@mitre.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=144059703728085&w=2","source":"cve@mitre.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=144060576831314&w=2","source":"cve@mitre.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=144060606031437&w=2","source":"cve@mitre.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=144069189622016&w=2","source":"cve@mitre.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=144102017024820&w=2","source":"cve@mitre.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=144104533800819&w=2","source":"cve@mitre.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=144104565600964&w=2","source":"cve@mitre.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=144493176821532&w=2","source":"cve@mitre.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2015-1006.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2015-1007.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2015-1020.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2015-1021.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2015-1091.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2015-1228.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2015-1229.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2015-1230.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2015-1241.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2015-1242.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2015-1243.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2015-1526.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21883640","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www-304.ibm.com/support/docview.wss?uid=swg21903565","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www-304.ibm.com/support/docview.wss?uid=swg21960015","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www-304.ibm.com/support/docview.wss?uid=swg21960769","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2015/dsa-3316","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2015/dsa-3339","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.huawei.com/en/psirt/security-advisories/hw-454055","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/73684","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/91787","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1032599","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1032600","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1032707","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1032708","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1032734","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1032788","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1032858","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1032868","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1032910","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1032990","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1033071","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1033072","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1033386","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1033415","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1033431","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1033432","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1033737","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1033769","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1036222","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ubuntu.com/usn/USN-2696-1","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.ubuntu.com/usn/USN-2706-1","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://kb.juniper.net/JSA10783","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10163","source":"cve@mitre.org","tags":["Broken Link"]},{"url":"https://security.gentoo.org/glsa/201512-10","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf","source":"cve@mitre.org","tags":["Technical Description","Third Party Advisory"]},{"url":"https://www.secpod.com/blog/cve-2015-2808-bar-mitzvah-attack-in-rc4-2/","source":"cve@mitre.org"},{"url":"http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=143456209711959&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=143629696317098&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=143741441012338&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=143817021313142&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=143817899717054&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=143818140118771&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=144043644216842&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=144059660127919&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=144059703728085&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=144060576831314&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=144060606031437&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=144069189622016&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=144102017024820&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=144104533800819&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=144104565600964&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"http://marc.info/?l=bugtraq&m=144493176821532&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2015-1006.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2015-1007.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2015-1020.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2015-1021.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2015-1091.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2015-1228.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2015-1229.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2015-1230.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2015-1241.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2015-1242.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2015-1243.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2015-1526.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21883640","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www-304.ibm.com/support/docview.wss?uid=swg21903565","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www-304.ibm.com/support/docview.wss?uid=swg21960015","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www-304.ibm.com/support/docview.wss?uid=swg21960769","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2015/dsa-3316","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2015/dsa-3339","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.huawei.com/en/psirt/security-advisories/hw-454055","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/73684","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/91787","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1032599","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1032600","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1032707","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1032708","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1032734","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1032788","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1032858","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1032868","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1032910","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1032990","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1033071","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1033072","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1033386","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1033415","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1033431","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1033432","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1033737","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1033769","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1036222","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ubuntu.com/usn/USN-2696-1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.ubuntu.com/usn/USN-2706-1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://kb.juniper.net/JSA10783","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10163","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"]},{"url":"https://security.gentoo.org/glsa/201512-10","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Technical Description","Third Party Advisory"]},{"url":"https://www.secpod.com/blog/cve-2015-2808-bar-mitzvah-attack-in-rc4-2/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-6034","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-06-30T03:29:00.453","lastModified":"2026-05-28T20:16:19.437","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An Authentication Bypass by Capture-Replay issue was discovered in Schneider Electric Modicon Modbus Protocol. Sensitive information is transmitted in cleartext in the Modicon Modbus protocol, which may allow an attacker to replay the following commands: run, stop, upload, and download."},{"lang":"es","value":"Se ha descubierto un problema de omisión de autenticación por captura por reproducción en el protocolo Modicon Modbus, de Schneider Electric. Se transmite información sensible en texto claro en el protocolo Modicon Modbus, lo que podría permitir que un atacante reproduzca los siguientes comandos: run, stop, upload y download."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-294"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modbus_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"FDF59532-F8A6-4EFC-9B65-7FE1C37B6222"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modbus:-:*:*:*:*:*:*:*","matchCriteriaId":"B98D3886-8E25-44A6-9BA0-97274DBE4D39"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/97562","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-101-01","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/97562","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-101-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2017-15906","sourceIdentifier":"cve@mitre.org","published":"2017-10-26T03:29:00.220","lastModified":"2026-05-28T19:16:25.137","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files."},{"lang":"es","value":"La función process_open en sftp-server.c en OpenSSH, en versiones anteriores a la 7.6, no evita correctamente las operaciones de escritura en el modo readonly, lo que permite que los atacantes creen archivos de longitud cero."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-732"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-732"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*","versionEndExcluding":"7.6","matchCriteriaId":"AD490B42-DD19-477D-B3C0-B9CE4D14FB16"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:sun_zfs_storage_appliance_kit:8.8.6:*:*:*:*:*:*:*","matchCriteriaId":"517A2282-C254-49EB-A52D-FC2B45E70ADD"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*","matchCriteriaId":"3A756737-1CC4-42C2-A4DF-E1C893B4E2D5"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*","matchCriteriaId":"5C2089EE-5D7F-47EC-8EA5-0F69790564C4"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*","matchCriteriaId":"1FE996B1-6951-4F85-AA58-B99A379D2163"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*","matchCriteriaId":"E0C4B1E5-75BF-43AE-BBAC-0DD4124C71ED"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*","matchCriteriaId":"A3C19813-E823-456A-B1CE-EC0684CE1953"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:*:*:*:*:*:*:*","matchCriteriaId":"0A4D418D-B526-46B9-B439-E1963BF88C0A"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*","matchCriteriaId":"A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*","matchCriteriaId":"E94F7F59-1785-493F-91A7-5F5EA5E87E4D"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*","versionStartIncluding":"9.7","matchCriteriaId":"9DBEE506-E864-4FC6-B5D3-7E134438592C"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:9.6:*:*:*:*:vmware_vsphere:*:*","matchCriteriaId":"B92F025C-D612-4A64-B138-E6B4B113B504"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndIncluding":"6.2","matchCriteriaId":"493789AC-966C-48F4-900B-949EFA689E2F"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*","versionStartIncluding":"9.7","matchCriteriaId":"5E73AC99-34AC-4D4B-A946-34F33AAEC4A1"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*","versionStartIncluding":"9.7","matchCriteriaId":"D4BE7695-11DB-4F04-A469-91A29A83B358"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:virtual_storage_console:9.6:*:*:*:*:vmware_vsphere:*:*","matchCriteriaId":"3B82868F-6BBC-40D7-B410-1BCFF2C70B4B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"EB30733E-68FC-49C4-86C0-7FEE75C366BF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:cn1610:-:*:*:*:*:*:*:*","matchCriteriaId":"6361DAC6-600F-4B15-8797-D67F298F46FB"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","matchCriteriaId":"33C068A4-3780-4EAB-A937-6082DF847564"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"5BF3C7A5-9117-42C7-BEA1-4AA378A582EF"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*","matchCriteriaId":"83737173-E12E-4641-BC49-0BD84A6B29D0"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","matchCriteriaId":"51EF4996-72F4-4FA4-814F-F5991E7A8318"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"B353CE99-D57C-465B-AAB0-73EF581127D1"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*","matchCriteriaId":"7431ABC1-9252-419E-8CC1-311B41360078"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"B76AA310-FEC7-497F-AF04-C3EC1E76C4CC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*","matchCriteriaId":"17F256A9-D3B9-4C72-B013-4EFD878BFEA8"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","matchCriteriaId":"825ECE2D-E232-46E0-A047-074B34DB1E97"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/101552","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2018:0980","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf","source":"cve@mitre.org"},{"url":"https://github.com/openbsd/src/commit/a6981567e8e215acc1ef690c8dbb30f2d9b00a19","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201801-05","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20180423-0004/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.openssh.com/txt/release-7.6","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujan2020.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/101552","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2018:0980","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/openbsd/src/commit/a6981567e8e215acc1ef690c8dbb30f2d9b00a19","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201801-05","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20180423-0004/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.openssh.com/txt/release-7.6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujan2020.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-13165","sourceIdentifier":"security@android.com","published":"2017-12-06T14:29:01.333","lastModified":"2026-05-28T19:16:24.903","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An elevation of privilege vulnerability in the kernel file system. Product: Android. Versions: Android kernel. Android ID A-31269937."},{"lang":"es","value":"Existe una vulnerabilidad de elevación de privilegios en el sistema de archivos del kernel. Producto: Android. Versiones: Android kernel. Android ID: A-31269937."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":3.4}],"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","baseScore":4.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","matchCriteriaId":"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}]}]}],"references":[{"url":"https://source.android.com/security/bulletin/pixel/2017-12-01","source":"security@android.com","tags":["Patch","Vendor Advisory"]},{"url":"https://source.android.com/security/bulletin/pixel/2017-12-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-5753","sourceIdentifier":"secure@intel.com","published":"2018-01-04T13:29:00.257","lastModified":"2026-05-28T19:16:25.423","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis."},{"lang":"es","value":"Los sistemas con microprocesadores con ejecución especulativa y predicción de ramas podrían permitir la revelación no autorizada de información al atacante con acceso de usuario local mediante un análisis de un canal lateral."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":5.6,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.1,"impactScore":4.0},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":5.6,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.1,"impactScore":4.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:C/I:N/A:N","baseScore":4.7,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":3.4,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-203"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-203"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c:c2308:*:*:*:*:*:*:*","matchCriteriaId":"CD028C10-FD07-4206-A732-CCAC1B6D043D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c:c2316:*:*:*:*:*:*:*","matchCriteriaId":"704FAA50-1B7D-4917-AC4A-4C58785340F1"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c:c2338:*:*:*:*:*:*:*","matchCriteriaId":"5C6B95D3-75BD-4826-BFBE-9701CC0FF052"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c:c2350:*:*:*:*:*:*:*","matchCriteriaId":"F66E31A6-EA01-40C8-8718-CE2C1F45EEB8"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c:c2358:*:*:*:*:*:*:*","matchCriteriaId":"DBBE3B05-2063-49DE-A1D3-9D0A62E0CF5E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c:c2508:*:*:*:*:*:*:*","matchCriteriaId":"022F2CBE-EFB1-4962-AC91-D25AAB057DAF"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c:c2516:*:*:*:*:*:*:*","matchCriteriaId":"69C05CD9-551B-46EE-85F8-D18FF878FE8D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c:c2518:*:*:*:*:*:*:*","matchCriteriaId":"2DCCB5A5-20E3-4EC5-956C-EA7C0F33A026"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c:c2530:*:*:*:*:*:*:*","matchCriteriaId":"3C38C609-242E-4923-A81F-DAFBE7B6A927"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c:c2538:*:*:*:*:*:*:*","matchCriteriaId":"2AEB08B5-7CBA-479A-A41B-FD8A6D9E0875"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c:c2550:*:*:*:*:*:*:*","matchCriteriaId":"A8C4FDD7-F2EC-4EDB-ACC9-3D6B9152C855"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c:c2558:*:*:*:*:*:*:*","matchCriteriaId":"8E51DD0B-1EED-4BE9-B0A7-BE2E91CCA84C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c:c2718:*:*:*:*:*:*:*","matchCriteriaId":"D7AC7C56-2205-4121-99E2-001A7488E0FC"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c:c2730:*:*:*:*:*:*:*","matchCriteriaId":"A1677313-FF8F-493B-9DA3-C78F87581A17"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c:c2738:*:*:*:*:*:*:*","matchCriteriaId":"4B2A3CCE-FA57-43B5-B7DE-CFD0CC2ECD7A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c:c2750:*:*:*:*:*:*:*","matchCriteriaId":"85CA4444-5103-4451-8A7C-F6BBE714BBB7"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c:c2758:*:*:*:*:*:*:*","matchCriteriaId":"FA1EB745-46D7-4088-93C6-E7156520B144"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c:c3308:*:*:*:*:*:*:*","matchCriteriaId":"A93010C0-33B3-438F-94F6-8DA7A9D7B451"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c:c3338:*:*:*:*:*:*:*","matchCriteriaId":"2A988A78-6B3D-4599-A85C-42B4A294D86D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c:c3508:*:*:*:*:*:*:*","matchCriteriaId":"1D7C5EF4-3A92-4AF7-9B11-62B4FFDC5128"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c:c3538:*:*:*:*:*:*:*","matchCriteriaId":"246AA1B0-B6C8-406B-817D-26113DC63858"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c:c3558:*:*:*:*:*:*:*","matchCriteriaId":"00EE5B42-FF05-447C-BACC-0E650E773E49"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c:c3708:*:*:*:*:*:*:*","matchCriteriaId":"B0779CC9-BD39-4E0B-B523-A6C69F9EBB0C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c:c3750:*:*:*:*:*:*:*","matchCriteriaId":"A1F0E3C4-7E9B-435F-907E-4BF4F12AF314"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c:c3758:*:*:*:*:*:*:*","matchCriteriaId":"5D616C72-0863-478C-9E87-3963C83B87E8"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c:c3808:*:*:*:*:*:*:*","matchCriteriaId":"CC333B0D-3A0E-4629-8016-68C060343874"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c:c3830:*:*:*:*:*:*:*","matchCriteriaId":"6655535C-FF64-4F9E-8168-253AABCC4F5D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c:c3850:*:*:*:*:*:*:*","matchCriteriaId":"B1EDEA1E-9A19-4B3F-806E-D770D1AB4C73"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c:c3858:*:*:*:*:*:*:*","matchCriteriaId":"BBD68F3F-7E38-40B9-A20B-B9BB45E8D042"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c:c3950:*:*:*:*:*:*:*","matchCriteriaId":"1EACEF19-83BC-4579-9274-BE367F914432"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c:c3955:*:*:*:*:*:*:*","matchCriteriaId":"1CC73291-AA6F-40B0-860A-1F2E6AB1E2AC"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c:c3958:*:*:*:*:*:*:*","matchCriteriaId":"24128A7F-2B0B-4923-BA9E-9F5093D29423"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_e:e3805:*:*:*:*:*:*:*","matchCriteriaId":"0990DD71-9E83-499D-9DAF-A466CF896CFA"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_e:e3815:*:*:*:*:*:*:*","matchCriteriaId":"9B7FEDEF-9772-4FB1-9261-020487A795AA"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_e:e3825:*:*:*:*:*:*:*","matchCriteriaId":"FE7B0F72-DEDF-40C4-887C-83725C52C92E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_e:e3826:*:*:*:*:*:*:*","matchCriteriaId":"9568C222-9816-4520-B01C-C1DC2A79002D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_e:e3827:*:*:*:*:*:*:*","matchCriteriaId":"4B2F8FAD-1688-4369-BB4B-9FA9F30A80A9"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_e:e3845:*:*:*:*:*:*:*","matchCriteriaId":"53A1F23D-7226-4479-B51F-36376CC80B04"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_x3:c3130:*:*:*:*:*:*:*","matchCriteriaId":"BAB245C8-9918-41A0-9DFB-A11E4185C87A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_x3:c3200rk:*:*:*:*:*:*:*","matchCriteriaId":"9990DD08-BD81-4BFA-B3D4-0DECBF8CCC54"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_x3:c3205rk:*:*:*:*:*:*:*","matchCriteriaId":"F752A3C8-18ED-4765-B6EC-C664154EB701"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_x3:c3230rk:*:*:*:*:*:*:*","matchCriteriaId":"B4F31C3F-7C0D-4D95-B4B9-89FD38076913"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_x3:c3235rk:*:*:*:*:*:*:*","matchCriteriaId":"5BEEE36E-E735-4A33-80B7-9407D072F6BD"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_x3:c3265rk:*:*:*:*:*:*:*","matchCriteriaId":"2CB3D3DE-21BE-40C7-A510-AC97C92390DC"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_x3:c3295rk:*:*:*:*:*:*:*","matchCriteriaId":"0D9A9545-38A3-460D-AB1A-8B03BEB405A8"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_x3:c3405:*:*:*:*:*:*:*","matchCriteriaId":"1860D932-777D-41F2-94A2-D14AB1494AA3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_x3:c3445:*:*:*:*:*:*:*","matchCriteriaId":"75165A10-2FD5-4370-814C-B60FDE339AFF"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_x5-e3930:-:*:*:*:*:*:*:*","matchCriteriaId":"454AC633-5F1C-47BB-8FA7-91A5C29A1DD5"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_x5-e3940:-:*:*:*:*:*:*:*","matchCriteriaId":"A2394E8C-58D9-480B-87A7-A41CD7697FC6"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_x7-e3950:-:*:*:*:*:*:*:*","matchCriteriaId":"1B9AC02B-D3AE-4FAF-836E-55515186A462"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_z:z2420:*:*:*:*:*:*:*","matchCriteriaId":"65AAC7A7-77CA-4C6C-BD96-92A253512F09"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_z:z2460:*:*:*:*:*:*:*","matchCriteriaId":"FCD16C07-0050-495A-8722-7AC46F5920F9"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_z:z2480:*:*:*:*:*:*:*","matchCriteriaId":"01423706-C82C-4457-9638-1A2380DE3826"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_z:z2520:*:*:*:*:*:*:*","matchCriteriaId":"A881E2D3-A668-465F-862B-F8C145BD5E8D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_z:z2560:*:*:*:*:*:*:*","matchCriteriaId":"3E5B9B98-0EF0-4ACD-B378-F9DE5AB36CBB"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_z:z2580:*:*:*:*:*:*:*","matchCriteriaId":"4BDC6806-E4FC-4A6E-A6BB-88C18E47ABFA"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_z:z2760:*:*:*:*:*:*:*","matchCriteriaId":"6602DD69-E59A-417D-B19F-CA16B01E652C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_z:z3460:*:*:*:*:*:*:*","matchCriteriaId":"05C493EE-EF9F-47E2-8F88-86DF6C5F1FF9"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_z:z3480:*:*:*:*:*:*:*","matchCriteriaId":"40010DAE-DD1A-4A81-B6E9-EDC1B0DDCAB0"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_z:z3530:*:*:*:*:*:*:*","matchCriteriaId":"ED96AC16-12CC-43F6-ACC8-009A06CDD8F5"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_z:z3560:*:*:*:*:*:*:*","matchCriteriaId":"2CE9DC29-C192-4553-AF29-D39290976F47"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_z:z3570:*:*:*:*:*:*:*","matchCriteriaId":"F625E647-B47E-404C-9C5B-72F3EB1C46F5"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_z:z3580:*:*:*:*:*:*:*","matchCriteriaId":"E3AF3279-89E7-4C91-8C5F-5AD5937CD0C4"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_z:z3590:*:*:*:*:*:*:*","matchCriteriaId":"B5878612-9825-4737-85A5-8227BA97CBA5"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_z:z3735d:*:*:*:*:*:*:*","matchCriteriaId":"F453D348-28CE-402B-9D40-A29436A24ECC"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_z:z3735e:*:*:*:*:*:*:*","matchCriteriaId":"36322F4B-83D7-468A-BB34-1C03729E9BF3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_z:z3735f:*:*:*:*:*:*:*","matchCriteriaId":"0AD22811-C3C6-4B5E-98D5-D3F2240E6C8C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_z:z3735g:*:*:*:*:*:*:*","matchCriteriaId":"A3C7D0BA-8F07-42AD-8BB9-C65472BE41C1"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_z:z3736f:*:*:*:*:*:*:*","matchCriteriaId":"B0A2A50E-94FA-44E9-A45D-3016750CFBDA"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_z:z3736g:*:*:*:*:*:*:*","matchCriteriaId":"5625CAD8-4A62-4747-B6D9-90E56F09B731"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_z:z3740:*:*:*:*:*:*:*","matchCriteriaId":"43A234CE-D6AA-4A32-8425-1A4DDA0F6B6D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_z:z3740d:*:*:*:*:*:*:*","matchCriteriaId":"78DE1A01-3AEF-41E6-97EE-CB93429C4A1D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_z:z3745:*:*:*:*:*:*:*","matchCriteriaId":"410184AF-B932-4AC9-984F-73FD58BB4CF7"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_z:z3745d:*:*:*:*:*:*:*","matchCriteriaId":"B265F073-9E0A-4CA0-8296-AB52DEB1C323"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_z:z3770:*:*:*:*:*:*:*","matchCriteriaId":"3F664223-1CBC-4D8A-921B-F03AACA6672B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_z:z3770d:*:*:*:*:*:*:*","matchCriteriaId":"987A8470-08BA-45DE-8EC0-CD2B4451EECD"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_z:z3775:*:*:*:*:*:*:*","matchCriteriaId":"8BBC9542-FB77-4769-BF67-D42829703920"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_z:z3775d:*:*:*:*:*:*:*","matchCriteriaId":"74FDC18B-4662-422E-A86A-48FE821C056F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_z:z3785:*:*:*:*:*:*:*","matchCriteriaId":"CAB4AA2C-D1D9-44D8-9471-66EBDE9DC66D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_z:z3795:*:*:*:*:*:*:*","matchCriteriaId":"CBA3E7AE-CB74-48A8-A2B8-9FCADB6E40D2"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_j:j1750:*:*:*:*:*:*:*","matchCriteriaId":"78E4461B-72F8-4F3D-A405-4AFA99EC8A32"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_j:j1800:*:*:*:*:*:*:*","matchCriteriaId":"663DDC1C-E48A-4E84-A6CC-B46FC45D6A6F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_j:j1850:*:*:*:*:*:*:*","matchCriteriaId":"8CEEC75B-10CE-4B7E-BA5F-6D661EC07FFF"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_j:j1900:*:*:*:*:*:*:*","matchCriteriaId":"DAEDED56-9387-4DAC-BF52-C32ECCB7D407"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_j:j3060:*:*:*:*:*:*:*","matchCriteriaId":"FA13F31C-BBD9-48C7-8499-92D0B5CA8CF4"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_j:j3160:*:*:*:*:*:*:*","matchCriteriaId":"E57A9B28-734B-401D-B24C-A295F364D8E8"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_j:j3355:*:*:*:*:*:*:*","matchCriteriaId":"F02289DF-4A02-4602-89B7-E9148236EE1E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_j:j3455:*:*:*:*:*:*:*","matchCriteriaId":"723E7155-493D-4B5A-99E2-AB261838190E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_j:j4005:*:*:*:*:*:*:*","matchCriteriaId":"82E37264-E4BA-4D9D-92E7-56DE6B5F918F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_j:j4105:*:*:*:*:*:*:*","matchCriteriaId":"8704BE6D-2857-4328-9298-E0273376F2CD"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_n:n2805:*:*:*:*:*:*:*","matchCriteriaId":"731F1E65-1D53-443B-8E2F-8AF11191AFA6"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_n:n2806:*:*:*:*:*:*:*","matchCriteriaId":"02A83822-822D-4A4D-B29B-A5BE6367A7DF"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_n:n2807:*:*:*:*:*:*:*","matchCriteriaId":"E8C32738-F08E-469C-8DE0-2708F30574A1"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_n:n2808:*:*:*:*:*:*:*","matchCriteriaId":"B292187E-8EAD-49D2-B469-B14CA0656035"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_n:n2810:*:*:*:*:*:*:*","matchCriteriaId":"C7D131E1-24C1-48CF-B3DD-46B09A718FB5"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_n:n2815:*:*:*:*:*:*:*","matchCriteriaId":"0ABF1231-73CF-4D1B-860C-E76CD26A645E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_n:n2820:*:*:*:*:*:*:*","matchCriteriaId":"F7F88E38-4EC4-41DB-A59D-800997440C0E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_n:n2830:*:*:*:*:*:*:*","matchCriteriaId":"32FD6647-4101-4B36-9A9A-F70C29997148"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_n:n2840:*:*:*:*:*:*:*","matchCriteriaId":"D248D668-A895-43B3-ADEF-1B22EE7DC76E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_n:n2910:*:*:*:*:*:*:*","matchCriteriaId":"858411B5-E904-45FA-8B33-5CC73B915B22"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_n:n2920:*:*:*:*:*:*:*","matchCriteriaId":"6BB9336C-C893-4AB0-9402-868CE9960058"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_n:n2930:*:*:*:*:*:*:*","matchCriteriaId":"A4695F94-7AAE-4219-9EF6-CE6D0838192D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_n:n2940:*:*:*:*:*:*:*","matchCriteriaId":"BD7A0991-73F0-410D-855C-BFC88A66E61F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_n:n3000:*:*:*:*:*:*:*","matchCriteriaId":"FAF5CF9A-B3F2-4686-B933-7DB13AD2CF35"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_n:n3010:*:*:*:*:*:*:*","matchCriteriaId":"9858EAC3-C1CE-449B-A605-FFA337DA825D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_n:n3050:*:*:*:*:*:*:*","matchCriteriaId":"E7A8F905-A4C6-4EC6-B9E8-800948350B89"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_n:n3060:*:*:*:*:*:*:*","matchCriteriaId":"565B48E3-1406-4E3C-B4A5-35865C5614E1"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_n:n3150:*:*:*:*:*:*:*","matchCriteriaId":"46B6C4D7-B0A2-4DF1-B8DE-19C806D5FABB"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_n:n3160:*:*:*:*:*:*:*","matchCriteriaId":"8AB82A90-C0BC-4BA8-88CA-4967BC3A4A7A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_n:n3350:*:*:*:*:*:*:*","matchCriteriaId":"191A094B-E354-4767-AD43-87CE140BF851"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_n:n3450:*:*:*:*:*:*:*","matchCriteriaId":"C1289B9E-5725-42EF-8848-F545421A29E1"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_n:n4000:*:*:*:*:*:*:*","matchCriteriaId":"238A21CB-F8C5-468B-B523-6D014E2EA8AA"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_n:n4100:*:*:*:*:*:*:*","matchCriteriaId":"0DC52CDD-614D-4EA0-8DA8-D71189C42E8B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:330e:*:*:*:*:*:*:*","matchCriteriaId":"A4229DB2-8BBC-49F8-87A8-2E7D56EFD310"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:330m:*:*:*:*:*:*:*","matchCriteriaId":"FEBA7322-4D95-4E70-B6A5-E0D8F1B5D7EB"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:330um:*:*:*:*:*:*:*","matchCriteriaId":"A0E91F46-D950-4894-BACF-05A70C7C6F7B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:350m:*:*:*:*:*:*:*","matchCriteriaId":"0E12B40B-5221-48A6-B2A6-D44CD5636BB0"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:370m:*:*:*:*:*:*:*","matchCriteriaId":"6BCB77C9-ABE3-44A0-B377-7D7035E8A11F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:380m:*:*:*:*:*:*:*","matchCriteriaId":"D06639F5-5EE8-44F4-B48A-5694383154DF"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:380um:*:*:*:*:*:*:*","matchCriteriaId":"CD9662C9-59D3-4B3E-A4DA-4F1EE16FC94B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:390m:*:*:*:*:*:*:*","matchCriteriaId":"637C3687-FBCC-41A0-BFE6-823BAE45FB92"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:530:*:*:*:*:*:*:*","matchCriteriaId":"2350A197-193F-4B22-80E8-3275C97C78EE"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:540:*:*:*:*:*:*:*","matchCriteriaId":"734C7A7E-ACCA-4B34-BF38-0FAED988CC6A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:550:*:*:*:*:*:*:*","matchCriteriaId":"4D9ABAFC-B3B5-449D-A48E-2E978563EDE7"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:560:*:*:*:*:*:*:*","matchCriteriaId":"99019EA0-6576-4CE7-B60A-975D418AA917"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:2100:*:*:*:*:*:*:*","matchCriteriaId":"8E846AEF-751D-40AD-84B5-EFDC9CF23E2F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:2100t:*:*:*:*:*:*:*","matchCriteriaId":"EB9DD909-B2AC-46BA-B057-D239D0773CAD"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:2102:*:*:*:*:*:*:*","matchCriteriaId":"54F5C355-FDFC-4E71-93AA-218389EF10E6"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:2105:*:*:*:*:*:*:*","matchCriteriaId":"B0A1CA1E-971D-4F67-864E-2E772C1E736B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:2115c:*:*:*:*:*:*:*","matchCriteriaId":"1B5F8391-D974-49AC-8550-ADB3FA6C0535"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:2120:*:*:*:*:*:*:*","matchCriteriaId":"8302BF58-9E54-40DA-BCFE-59CA52C460D9"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:2120t:*:*:*:*:*:*:*","matchCriteriaId":"ECCDE9EF-037B-4650-8131-4D57BE141277"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:2125:*:*:*:*:*:*:*","matchCriteriaId":"47BA9DA8-F690-4E3C-AEF6-6A5C7BAA6F19"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:2130:*:*:*:*:*:*:*","matchCriteriaId":"DB8253DA-9A04-40D6-84C1-C682B4023D4B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:2310e:*:*:*:*:*:*:*","matchCriteriaId":"DAF6D175-85C3-4C72-AD9F-31B47EF43154"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:2310m:*:*:*:*:*:*:*","matchCriteriaId":"7A5FC594-2092-4240-9538-235BBE236DD9"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:2312m:*:*:*:*:*:*:*","matchCriteriaId":"87D95F00-EA89-4FDE-991C-56636B8E0331"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:2328m:*:*:*:*:*:*:*","matchCriteriaId":"32C40D38-F7F2-4A48-ADAA-6A8BBD6A1A00"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:2330e:*:*:*:*:*:*:*","matchCriteriaId":"4158561F-8270-42D1-91D8-E063CE7F5505"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:2330m:*:*:*:*:*:*:*","matchCriteriaId":"FF0DEA96-0202-41EB-BDC3-24E2FC4415B2"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:2340ue:*:*:*:*:*:*:*","matchCriteriaId":"F8BACE1C-5D66-4FBC-8F86-30215A623A94"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:2348m:*:*:*:*:*:*:*","matchCriteriaId":"CF707146-0D64-4F3A-AE22-956EA1CB32B6"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:2350m:*:*:*:*:*:*:*","matchCriteriaId":"8118C3F9-0853-4E87-9E65-86E1398B2780"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:2357m:*:*:*:*:*:*:*","matchCriteriaId":"1A298501-C4D7-48D4-90F9-15AFA59DED48"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:2365m:*:*:*:*:*:*:*","matchCriteriaId":"FEE1B07B-3D92-4D2D-8667-D902F002277F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:2367m:*:*:*:*:*:*:*","matchCriteriaId":"8F05CB19-1059-4C4D-BFD7-9F51A22A4F97"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:2370m:*:*:*:*:*:*:*","matchCriteriaId":"5588732F-7F1A-4C24-B35F-30532107FFDE"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:2375m:*:*:*:*:*:*:*","matchCriteriaId":"A127DD5D-426D-4F24-A8C5-DC9DAC94B91C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:2377m:*:*:*:*:*:*:*","matchCriteriaId":"26EE0BBD-3982-4B0F-82F6-D58E077C75DD"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:3110m:*:*:*:*:*:*:*","matchCriteriaId":"FAEEC918-EA25-4B38-B5C3-85899D3EBE6C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:3115c:*:*:*:*:*:*:*","matchCriteriaId":"813965F4-3BDA-4478-8E6A-0FD52723B764"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:3120m:*:*:*:*:*:*:*","matchCriteriaId":"2C5EA2F4-F3EF-4305-B1A1-92F636ED688F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:3120me:*:*:*:*:*:*:*","matchCriteriaId":"04384319-EE8C-45B4-8BDD-414502E7C02D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:3130m:*:*:*:*:*:*:*","matchCriteriaId":"C52528CE-4F31-4E5F-8255-E576B20F3043"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:3210:*:*:*:*:*:*:*","matchCriteriaId":"A6C3F422-F865-4160-AA24-1DAFAE63729C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:3217u:*:*:*:*:*:*:*","matchCriteriaId":"5D034E7F-4D17-49D7-BDB2-90CB4C709B30"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:3217ue:*:*:*:*:*:*:*","matchCriteriaId":"3C18E6B4-E947-403B-80FB-7095420D482B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:3220:*:*:*:*:*:*:*","matchCriteriaId":"2814CC9F-E027-4C5A-93AF-84EA445E6C12"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:3220t:*:*:*:*:*:*:*","matchCriteriaId":"24A470C3-AAAA-4A6E-B738-FEB69DB78B9D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:3225:*:*:*:*:*:*:*","matchCriteriaId":"A1236944-4942-40E4-9BA1-029FEAE94BBC"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:3227u:*:*:*:*:*:*:*","matchCriteriaId":"086CAB4B-A10A-4165-BC33-33CADCD23C0F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:3229y:*:*:*:*:*:*:*","matchCriteriaId":"B1A6A1EB-B3AB-4CB4-827E-CCAAD783F8E0"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:3240:*:*:*:*:*:*:*","matchCriteriaId":"AAFB6B30-BFB0-4397-9E16-37D1A772E639"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:3240t:*:*:*:*:*:*:*","matchCriteriaId":"DFCB9D7B-7D0A-435D-8499-C16BE09E19FB"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:3245:*:*:*:*:*:*:*","matchCriteriaId":"64277594-9713-436B-8056-542CFA9F4CFC"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:3250:*:*:*:*:*:*:*","matchCriteriaId":"589BB170-7CBA-4F28-99E3-9242B62E2918"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:3250t:*:*:*:*:*:*:*","matchCriteriaId":"91B9C4D9-DA09-4377-9DCD-225857BD9FA7"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4000m:*:*:*:*:*:*:*","matchCriteriaId":"03D0265F-840B-45A1-90BD-9ED8846A9F63"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4005u:*:*:*:*:*:*:*","matchCriteriaId":"74BAC0EC-2B38-4553-A399-4BD5483C4753"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4010u:*:*:*:*:*:*:*","matchCriteriaId":"4477EBA6-F0A7-452B-96E8-BA788370CCA8"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4010y:*:*:*:*:*:*:*","matchCriteriaId":"1285D817-B5B8-4940-925D-FCDD24810AE6"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4012y:*:*:*:*:*:*:*","matchCriteriaId":"D289F7B4-27CD-4433-BB45-06AF98A59B7A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4020y:*:*:*:*:*:*:*","matchCriteriaId":"00168903-6012-4414-87D1-2EE52AA6D78E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4025u:*:*:*:*:*:*:*","matchCriteriaId":"6AE8D524-577E-4994-8A4B-D15022C84D7F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4030u:*:*:*:*:*:*:*","matchCriteriaId":"75977B0B-C44D-43BC-8D7A-AF966CDB1901"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4030y:*:*:*:*:*:*:*","matchCriteriaId":"AE7F5D52-9F41-49A4-B941-E0D777203FF7"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4100e:*:*:*:*:*:*:*","matchCriteriaId":"52B5B3FD-5BEA-4DE8-B010-55FED1547167"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4100m:*:*:*:*:*:*:*","matchCriteriaId":"167B1B04-5823-4038-A019-3975A3B447C9"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4100u:*:*:*:*:*:*:*","matchCriteriaId":"F6C7A4EA-0B5E-47CD-8924-3B1B60EB4BE4"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4102e:*:*:*:*:*:*:*","matchCriteriaId":"1BA096E0-5480-47CB-822B-D11D7E20F69F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4110e:*:*:*:*:*:*:*","matchCriteriaId":"30357469-0B8F-4385-A282-2F50181EA442"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4110m:*:*:*:*:*:*:*","matchCriteriaId":"3BE70772-7796-4594-880A-6AAD046E4D8D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4112e:*:*:*:*:*:*:*","matchCriteriaId":"1A9E2F8D-2974-4833-9EC2-233CEE257C26"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4120u:*:*:*:*:*:*:*","matchCriteriaId":"17EE3078-454F-48F8-B201-3847DB40D5C4"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4130:*:*:*:*:*:*:*","matchCriteriaId":"EE32C500-55C2-41A7-8621-14EBF793BF11"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4130t:*:*:*:*:*:*:*","matchCriteriaId":"52D3DF52-501A-4656-98F1-8DD51D04F31F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4150:*:*:*:*:*:*:*","matchCriteriaId":"3EA603AD-6CF1-44B2-876D-6F1C0B7EF2C9"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4150t:*:*:*:*:*:*:*","matchCriteriaId":"09578301-CF39-4C24-951A-535743E277EF"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4158u:*:*:*:*:*:*:*","matchCriteriaId":"1F4D14AA-7DBF-4B73-BDEF-6248EF5C0F7A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4160:*:*:*:*:*:*:*","matchCriteriaId":"5A65F303-96C8-4884-8D6F-F439B86BA30C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4160t:*:*:*:*:*:*:*","matchCriteriaId":"1E046105-9DF5-425F-A97E-16081D54613C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4170:*:*:*:*:*:*:*","matchCriteriaId":"B2987BCF-39E6-49B6-8DEE-963A38F12B07"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4170t:*:*:*:*:*:*:*","matchCriteriaId":"7AEDE2B7-9AA2-4A14-8A02-9A2BFF0DDCBF"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4330:*:*:*:*:*:*:*","matchCriteriaId":"5AD92AD8-033A-4AAD-91E5-CB446CCE9732"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4330t:*:*:*:*:*:*:*","matchCriteriaId":"77E0E73A-F1B4-4E70-B9F1-EE97785B8891"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4330te:*:*:*:*:*:*:*","matchCriteriaId":"61D6E3CC-79B1-4995-9A76-41683C7F254A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4340:*:*:*:*:*:*:*","matchCriteriaId":"F9CEB2B1-BD1A-4B89-8E03-4F90F04A0F0E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4340te:*:*:*:*:*:*:*","matchCriteriaId":"6FE5773D-3CD1-4E63-8983-E0105C46D185"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4350:*:*:*:*:*:*:*","matchCriteriaId":"2A7C307A-6576-4A0A-8F4E-0981C9EE2901"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4350t:*:*:*:*:*:*:*","matchCriteriaId":"18B3A53B-902C-46A5-8CE7-B55102703278"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4360:*:*:*:*:*:*:*","matchCriteriaId":"AB843479-729A-4E58-8027-0FC586F051AA"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4360t:*:*:*:*:*:*:*","matchCriteriaId":"1AF5A233-1E77-49FD-AC2C-60D185481E28"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4370:*:*:*:*:*:*:*","matchCriteriaId":"18519CF2-B0DA-42DD-8A3E-9084298C210A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4370t:*:*:*:*:*:*:*","matchCriteriaId":"329D5FCF-7EC5-4471-906B-3619A180BD52"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:5005u:*:*:*:*:*:*:*","matchCriteriaId":"0DD43EAA-F3A5-4748-9187-A6E6707ACD11"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:5010u:*:*:*:*:*:*:*","matchCriteriaId":"C6F3C14D-4BFC-4205-8781-95E6B28C83C1"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:5015u:*:*:*:*:*:*:*","matchCriteriaId":"20942AD8-ADB7-4A50-BDBE-DB36249F4F52"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:5020u:*:*:*:*:*:*:*","matchCriteriaId":"1EC6ED02-134B-4322-AB72-75A0AB22701E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:5157u:*:*:*:*:*:*:*","matchCriteriaId":"6FA74EEE-54CC-4F80-B1D3-99F7771335ED"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:6006u:*:*:*:*:*:*:*","matchCriteriaId":"B6B859F7-0373-4ADD-92B3-0FAB42FCF23C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:6098p:*:*:*:*:*:*:*","matchCriteriaId":"AAC76F31-00A5-4719-AA50-92F773919B3C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:6100:*:*:*:*:*:*:*","matchCriteriaId":"49996F5A-51B2-4D4E-AE04-E98E093A76CC"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:6100e:*:*:*:*:*:*:*","matchCriteriaId":"9F8406B0-D1E5-4633-B17E-53DC99FE7622"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:6100h:*:*:*:*:*:*:*","matchCriteriaId":"3D49435C-7C33-454B-9F43-9C10F28A28A1"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:6100t:*:*:*:*:*:*:*","matchCriteriaId":"D17E1A0F-1150-4899-81BC-BE84E4EF5FA3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:6100te:*:*:*:*:*:*:*","matchCriteriaId":"EADD98AE-BAB0-440D-AB9F-2D76BE5109E2"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:6100u:*:*:*:*:*:*:*","matchCriteriaId":"ED44A404-8548-4EDC-8928-4094D05A6A38"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:6102e:*:*:*:*:*:*:*","matchCriteriaId":"3A6E4AA3-BEBC-4B14-9A52-A8F8B2954D64"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:6157u:*:*:*:*:*:*:*","matchCriteriaId":"D2AAD8F0-0D31-4806-8A88-A30E5BE43630"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:6167u:*:*:*:*:*:*:*","matchCriteriaId":"8164EE5F-6ABA-4365-8718-2F98C2E57A0F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:6300:*:*:*:*:*:*:*","matchCriteriaId":"C7110AF9-A407-4EE2-9C46-E5F1E3638E9A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:6300t:*:*:*:*:*:*:*","matchCriteriaId":"2A06696D-37F0-427D-BFC5-1606E7441C31"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:6320:*:*:*:*:*:*:*","matchCriteriaId":"E9F8A5FC-5EFE-42EC-A49B-D3A312FB5F6F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:8100:*:*:*:*:*:*:*","matchCriteriaId":"68A76015-0A05-4EC7-B136-DC13B55D881F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:8350k:*:*:*:*:*:*:*","matchCriteriaId":"C352DCE8-E8D9-40D3-AFE9-B5FB84F7ED33"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:430m:*:*:*:*:*:*:*","matchCriteriaId":"54464F6C-9B2D-46BA-AC44-506389F3EE0C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:430um:*:*:*:*:*:*:*","matchCriteriaId":"8FA11017-EA58-45EE-8408-FCCCF7183643"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:450m:*:*:*:*:*:*:*","matchCriteriaId":"8A5098A5-E4E8-47E4-8CD0-F607FF0C0C90"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:460m:*:*:*:*:*:*:*","matchCriteriaId":"442AD778-D56F-4C30-BBF8-749D6AAC4737"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:470um:*:*:*:*:*:*:*","matchCriteriaId":"AF7D3F31-AF4D-4C50-8590-A763AAC7AF07"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:480m:*:*:*:*:*:*:*","matchCriteriaId":"445BFC2E-38FA-4130-8550-0866EC4EDA33"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:520e:*:*:*:*:*:*:*","matchCriteriaId":"A6DC2746-CE41-40C9-8CFA-23231BBCAE77"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:520m:*:*:*:*:*:*:*","matchCriteriaId":"3C3A8976-5E4D-490A-A87D-A47D1B2B903C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:520um:*:*:*:*:*:*:*","matchCriteriaId":"0C8535E6-220E-4747-8992-45B6EAFC555C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:540m:*:*:*:*:*:*:*","matchCriteriaId":"C7479B49-F484-4DF2-86CB-E52EE89FA238"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:540um:*:*:*:*:*:*:*","matchCriteriaId":"B6D68512-746D-4E95-857B-13A0B6313C5E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:560m:*:*:*:*:*:*:*","matchCriteriaId":"4312BA84-F9A0-4BD4-8438-058E1E7D6C0C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:560um:*:*:*:*:*:*:*","matchCriteriaId":"60E52DF5-C713-4BC4-B587-FF6BDA8509CC"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:580m:*:*:*:*:*:*:*","matchCriteriaId":"304ADCAC-9E49-42BD-BC92-58D9B2AD52E0"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:650:*:*:*:*:*:*:*","matchCriteriaId":"2AB02172-B9A7-4801-88F2-98BF5843184A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:655k:*:*:*:*:*:*:*","matchCriteriaId":"5141380E-BD18-47C1-A84C-384BA821773D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:660:*:*:*:*:*:*:*","matchCriteriaId":"1AE6C49E-2359-4E44-9979-7D34F8460E35"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:661:*:*:*:*:*:*:*","matchCriteriaId":"C004B75F-37AF-4E61-98F3-1B09A7062DDB"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:670:*:*:*:*:*:*:*","matchCriteriaId":"F7126D19-C6D9-43CB-8809-647B1A20E7DE"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:680:*:*:*:*:*:*:*","matchCriteriaId":"9CC98503-A80A-4114-8BF2-E016659BE84E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:750:*:*:*:*:*:*:*","matchCriteriaId":"01E6F4A7-24BE-4AA0-9CDD-84FBC56FE9BB"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:750s:*:*:*:*:*:*:*","matchCriteriaId":"3821412D-B010-49C4-A7B4-6C5FB6C603B1"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:760:*:*:*:*:*:*:*","matchCriteriaId":"A34CA5CC-9EB1-4063-8B9D-3F566C1EFF76"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:2300:*:*:*:*:*:*:*","matchCriteriaId":"5CEB5D2D-FF54-4BDB-9E9C-8C1B2719FC9A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:2310:*:*:*:*:*:*:*","matchCriteriaId":"6AD5B51A-AEA0-4DA2-BA60-94A2D5605352"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:2320:*:*:*:*:*:*:*","matchCriteriaId":"F96C6CA0-434D-428F-B629-A971C2937628"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:2380p:*:*:*:*:*:*:*","matchCriteriaId":"301AB72A-A6F2-42C8-A931-94EF2271443F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:2390t:*:*:*:*:*:*:*","matchCriteriaId":"59414B5A-05B8-49AF-A197-2A31729DDB65"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:2400:*:*:*:*:*:*:*","matchCriteriaId":"0BFDD380-692F-41D7-996F-F97FC74DC7CF"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:2400s:*:*:*:*:*:*:*","matchCriteriaId":"49602828-2BFC-4571-9F05-6210FD263DF2"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:2405s:*:*:*:*:*:*:*","matchCriteriaId":"87E03978-E16D-4A9B-8AE7-9F4F1171C14A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:2410m:*:*:*:*:*:*:*","matchCriteriaId":"03096A9A-5758-47E6-81E2-BCFE847C41F4"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:2430m:*:*:*:*:*:*:*","matchCriteriaId":"150CC865-7975-45EC-BFF7-A94146442BA8"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:2435m:*:*:*:*:*:*:*","matchCriteriaId":"C8FA1308-589B-432B-80F9-9A499D083ED5"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:2450m:*:*:*:*:*:*:*","matchCriteriaId":"6ED2453E-30E1-4620-BEC5-21B0083449E2"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:2450p:*:*:*:*:*:*:*","matchCriteriaId":"0FE8DD05-D700-4F89-9B01-D489029DF7A8"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:2467m:*:*:*:*:*:*:*","matchCriteriaId":"050957CA-6191-4F9F-9D07-48B342B3B1B8"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:2500:*:*:*:*:*:*:*","matchCriteriaId":"DACBF998-8B11-45C7-9017-486AED4FAE6C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:2500k:*:*:*:*:*:*:*","matchCriteriaId":"C9F2F3C4-FC94-414A-A208-913A43D57D75"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:2500s:*:*:*:*:*:*:*","matchCriteriaId":"641152EC-F4B4-4E5E-B396-AC4CAAB805BF"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:2500t:*:*:*:*:*:*:*","matchCriteriaId":"4911E332-B8BA-4336-A448-3F70D2BBB147"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:2510e:*:*:*:*:*:*:*","matchCriteriaId":"330EC403-3174-4543-9BBE-CEC0ABC1575D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:2515e:*:*:*:*:*:*:*","matchCriteriaId":"5EF585D0-507E-491E-9C3B-78EE26F2F070"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:2520m:*:*:*:*:*:*:*","matchCriteriaId":"DD00F7C6-6762-4DC9-9F6C-5EAC4ACB1C54"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:2537m:*:*:*:*:*:*:*","matchCriteriaId":"1F5D885A-85C4-4A11-B061-61EFF6B6E329"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:2540m:*:*:*:*:*:*:*","matchCriteriaId":"0502B59F-933C-4E25-A2EC-9296B197E139"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:2550k:*:*:*:*:*:*:*","matchCriteriaId":"99D9C0A9-2DFF-4760-8FED-AC2DA7968E51"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:2557m:*:*:*:*:*:*:*","matchCriteriaId":"B5A1BAEC-18BF-4607-BFB7-48102E75186A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:3210m:*:*:*:*:*:*:*","matchCriteriaId":"D49ED138-F42D-4451-A350-0B2DD5AB9444"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:3230m:*:*:*:*:*:*:*","matchCriteriaId":"5ED91472-90FC-4AC8-96D5-1550A8502411"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:3317u:*:*:*:*:*:*:*","matchCriteriaId":"57CEEFA6-CEED-4CA3-8DDC-B6601D69FB7C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:3320m:*:*:*:*:*:*:*","matchCriteriaId":"2FD25ECD-0605-4CD7-9DC5-294ACD7EF1B0"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:3330:*:*:*:*:*:*:*","matchCriteriaId":"2784E2AF-A5E5-4960-830C-B3EFB84043D0"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:3330s:*:*:*:*:*:*:*","matchCriteriaId":"9112FA50-5527-4B20-80F5-2DE9E66D09F6"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:3337u:*:*:*:*:*:*:*","matchCriteriaId":"73CE4E2E-B2BF-409E-B18C-D67DA810FE9B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:3339y:*:*:*:*:*:*:*","matchCriteriaId":"E2B84D67-0B1D-4B74-BC85-AF8F933D8429"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:3340:*:*:*:*:*:*:*","matchCriteriaId":"BCA05A18-1523-4EED-9D2E-0A258A33F24F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:3340m:*:*:*:*:*:*:*","matchCriteriaId":"C34E70EB-92F0-43F6-8883-FE422BE1A3FC"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:3340s:*:*:*:*:*:*:*","matchCriteriaId":"78D301F1-20C2-4756-9A90-37F14835CE14"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:3350p:*:*:*:*:*:*:*","matchCriteriaId":"B2EEC8B5-1CAB-4FBE-BBA2-D2FFA3EF9489"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:3360m:*:*:*:*:*:*:*","matchCriteriaId":"BA63B803-4D48-42E8-A793-F92ABCB8BFC9"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:3380m:*:*:*:*:*:*:*","matchCriteriaId":"129DB9CB-E878-4856-A954-15FFE1428636"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:3427u:*:*:*:*:*:*:*","matchCriteriaId":"730DB4AA-FD7D-40C6-8D7F-19937832EF9A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:3437u:*:*:*:*:*:*:*","matchCriteriaId":"07E86978-4820-422A-8C7C-FF0697DAED05"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:3439y:*:*:*:*:*:*:*","matchCriteriaId":"8A7A9DB5-F544-4FD8-A9CC-0BD6257516AF"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:3450:*:*:*:*:*:*:*","matchCriteriaId":"AF813AD9-D296-4915-861C-8DE929E45FE3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:3450s:*:*:*:*:*:*:*","matchCriteriaId":"04A65469-083F-40B5-86C5-A2EAE5B2F00A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:3470:*:*:*:*:*:*:*","matchCriteriaId":"8F1AA82E-BD86-40F5-B417-71DF6AF53A37"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:3470s:*:*:*:*:*:*:*","matchCriteriaId":"B71A6DB0-5EB0-4712-8480-CF427F521D33"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:3470t:*:*:*:*:*:*:*","matchCriteriaId":"8223D5A1-ADF1-43C6-AF91-EE5C413BCB37"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:3475s:*:*:*:*:*:*:*","matchCriteriaId":"4DD69605-F52B-4623-921A-983A5A408ECA"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:3550:*:*:*:*:*:*:*","matchCriteriaId":"B1D5685F-6FFE-4A6A-9FF8-940C8DA36499"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:3550s:*:*:*:*:*:*:*","matchCriteriaId":"B94062D9-8DDA-4B4A-B3B5-07F71F5B97E7"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:3570:*:*:*:*:*:*:*","matchCriteriaId":"3832D0A6-419D-4876-B5C4-920578F713F3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:3570k:*:*:*:*:*:*:*","matchCriteriaId":"E1AA5C8A-83A8-4F96-9D7C-7A50ADDB2341"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:3570s:*:*:*:*:*:*:*","matchCriteriaId":"404E38E6-9EB3-41D0-97A7-DC579688BFB0"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:3570t:*:*:*:*:*:*:*","matchCriteriaId":"40E4A921-AB28-47B7-B5A3-EB82193D15BA"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:3610me:*:*:*:*:*:*:*","matchCriteriaId":"B0357E48-2300-47B4-B9E5-9FE813A2FC09"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4200h:*:*:*:*:*:*:*","matchCriteriaId":"96CC28B6-57D1-4919-AA55-A262CC16AFE6"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4200m:*:*:*:*:*:*:*","matchCriteriaId":"0EB4C54D-1265-425A-B507-E1099844875A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4200u:*:*:*:*:*:*:*","matchCriteriaId":"97362147-3A71-430D-9064-4435D45C3B8C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4200y:*:*:*:*:*:*:*","matchCriteriaId":"89212CF3-4E99-4389-94CE-F4211DDCA01B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4202y:*:*:*:*:*:*:*","matchCriteriaId":"FBEA4DA3-0AFB-4FCE-92DB-5B316775BB17"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4210h:*:*:*:*:*:*:*","matchCriteriaId":"611C0A0A-1FA3-42F9-82E8-BFCB71A077DD"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4210m:*:*:*:*:*:*:*","matchCriteriaId":"36F027D9-DCB4-4A3D-8987-41F2941DBD45"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4210u:*:*:*:*:*:*:*","matchCriteriaId":"E23BCEC9-2BFB-4B41-9A7A-18B1347C6202"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4210y:*:*:*:*:*:*:*","matchCriteriaId":"4924CE39-A846-4DB4-9547-6322FC5AD6B3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4220y:*:*:*:*:*:*:*","matchCriteriaId":"6C9E2C9A-94A1-456B-90D5-54932DF64C22"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4250u:*:*:*:*:*:*:*","matchCriteriaId":"AC04C652-B2D8-4002-A50E-8AFE83204A25"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4258u:*:*:*:*:*:*:*","matchCriteriaId":"10D413F0-CDBC-4A63-B9A7-9E7725BA1E83"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4260u:*:*:*:*:*:*:*","matchCriteriaId":"754A8826-59F7-4A71-B74B-737BE9C7DE4F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4278u:*:*:*:*:*:*:*","matchCriteriaId":"FADB6BDA-6825-489B-AB39-7729BA45DFD8"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4288u:*:*:*:*:*:*:*","matchCriteriaId":"7913F57E-E600-4767-AF51-D045E1898E72"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4300m:*:*:*:*:*:*:*","matchCriteriaId":"BD3783F4-5A05-45AA-9791-A681011FD78C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4300u:*:*:*:*:*:*:*","matchCriteriaId":"01E3114D-31D2-4DBF-A664-F4049D8B6266"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4300y:*:*:*:*:*:*:*","matchCriteriaId":"D8EE6578-981D-470C-BB24-4960B3CB1478"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4302y:*:*:*:*:*:*:*","matchCriteriaId":"E3320D50-C5C9-4D75-BF1A-5BB7BCBFE2BD"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4308u:*:*:*:*:*:*:*","matchCriteriaId":"7EE59839-8EB9-47FE-88E2-F0D54BE787A2"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4310m:*:*:*:*:*:*:*","matchCriteriaId":"75694A3D-080A-4AA7-97DF-5A5833C9D9F7"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4310u:*:*:*:*:*:*:*","matchCriteriaId":"19C5E27D-BBAB-4395-8FC6-8E3D4FB9A1EE"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4330m:*:*:*:*:*:*:*","matchCriteriaId":"6E996176-3DEA-46E6-93B7-9C0DF32B59D3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4340m:*:*:*:*:*:*:*","matchCriteriaId":"4417007D-126A-478B-87EA-039D088A4515"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4350u:*:*:*:*:*:*:*","matchCriteriaId":"F78C2825-F6A3-4188-9D25-59EAEC8A7B0A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4360u:*:*:*:*:*:*:*","matchCriteriaId":"EF2FA85D-B117-410D-B247-8C5A3479319A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4400e:*:*:*:*:*:*:*","matchCriteriaId":"3A041D27-132C-4B15-976F-1750C039A89F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4402e:*:*:*:*:*:*:*","matchCriteriaId":"5D495E06-BF2B-4C5A-881D-94C93CD2BA2B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4402ec:*:*:*:*:*:*:*","matchCriteriaId":"7C31DFB8-8D8C-47D6-AAFF-BAE829A3D965"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4410e:*:*:*:*:*:*:*","matchCriteriaId":"088BC395-06D5-4156-85EB-63C4A9552898"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4422e:*:*:*:*:*:*:*","matchCriteriaId":"33A220A2-A6D2-46A7-B168-607400EEDCE3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4430:*:*:*:*:*:*:*","matchCriteriaId":"1E79232F-7196-440B-82D4-165885251232"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4430s:*:*:*:*:*:*:*","matchCriteriaId":"ED866954-77AB-4CA8-8AED-4252C595FC4D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4440:*:*:*:*:*:*:*","matchCriteriaId":"28A1F516-B180-45D4-8EB1-754B7497CB2B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4440s:*:*:*:*:*:*:*","matchCriteriaId":"36758A04-64D3-4150-A004-CF042FA31CD9"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4460:*:*:*:*:*:*:*","matchCriteriaId":"1E01752E-F1DD-400A-A917-216CAF15B0F9"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4460s:*:*:*:*:*:*:*","matchCriteriaId":"AD47EC58-F776-4F59-8F15-4B208904CF4B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4460t:*:*:*:*:*:*:*","matchCriteriaId":"2D3781F4-2123-4FA1-8AF5-D0D1E6C1A5B9"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4570:*:*:*:*:*:*:*","matchCriteriaId":"94565E35-8A58-4CB6-A489-C796DCB97FC5"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4570r:*:*:*:*:*:*:*","matchCriteriaId":"49964D35-5323-4412-BD54-661630F9A8CB"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4570s:*:*:*:*:*:*:*","matchCriteriaId":"F0A37E7D-1BF6-4A2A-BF52-5F0EC4B4F341"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4570t:*:*:*:*:*:*:*","matchCriteriaId":"A0F66468-87D0-41FC-934B-5924BE2956CB"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4570te:*:*:*:*:*:*:*","matchCriteriaId":"3E0F93E1-4607-4DF4-AC6E-4B7254D4A8DE"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4590:*:*:*:*:*:*:*","matchCriteriaId":"45C0D99E-443E-4AB1-A07A-900A09FE177E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4590s:*:*:*:*:*:*:*","matchCriteriaId":"C6D0FD76-C1FB-43D0-8511-FC0BA6DA7960"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4590t:*:*:*:*:*:*:*","matchCriteriaId":"A9DAEE52-09C3-4A09-9958-9D6807B2700B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4670:*:*:*:*:*:*:*","matchCriteriaId":"B97690D4-E814-4D40-B170-BE56D7AE2C1B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4670k:*:*:*:*:*:*:*","matchCriteriaId":"89804F2C-D32D-4444-ABEA-5B241153D096"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4670r:*:*:*:*:*:*:*","matchCriteriaId":"2AAAAF9C-B29B-4020-BAFF-C87B1A08294A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4670s:*:*:*:*:*:*:*","matchCriteriaId":"ECE60E1E-AB8D-46E4-A779-A54F2D20B5D5"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4670t:*:*:*:*:*:*:*","matchCriteriaId":"EB958A28-7C9A-4BD0-B002-4E1A65CDB0A4"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4690:*:*:*:*:*:*:*","matchCriteriaId":"7C27B318-2AC1-423D-B0C8-583BB1800D5A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4690k:*:*:*:*:*:*:*","matchCriteriaId":"9E58E3D0-1154-4B13-BA16-67CE67DF0637"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4690s:*:*:*:*:*:*:*","matchCriteriaId":"32D2ACB3-B906-4944-A021-03C4645965BD"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4690t:*:*:*:*:*:*:*","matchCriteriaId":"8FFF834A-D7F0-4E48-AD3D-DD0BCE6DEC0E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:5200u:*:*:*:*:*:*:*","matchCriteriaId":"8E1A41BA-A1D6-484A-BAD2-68DF85598354"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:5250u:*:*:*:*:*:*:*","matchCriteriaId":"11260C9D-69A9-4D81-9CCF-2E116DD75F7C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:5257u:*:*:*:*:*:*:*","matchCriteriaId":"1C020F06-FD27-46E3-A48F-3F60F33BB969"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:5287u:*:*:*:*:*:*:*","matchCriteriaId":"03C74F10-6A7F-4F68-8A34-E981E1760DE5"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:5300u:*:*:*:*:*:*:*","matchCriteriaId":"24741B98-8D0E-4307-AAEF-A14B2531DCA9"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:5350h:*:*:*:*:*:*:*","matchCriteriaId":"8D4FA4BA-4304-4A70-9F86-120F2A3D8148"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:5350u:*:*:*:*:*:*:*","matchCriteriaId":"367FC8BA-F046-4264-A049-49E933E7698F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:5575r:*:*:*:*:*:*:*","matchCriteriaId":"DE9B68D3-1DFB-4468-85C4-AC13E6CBC111"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:5675c:*:*:*:*:*:*:*","matchCriteriaId":"C966A016-B650-44D9-B8C4-1ED50AB318DA"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:5675r:*:*:*:*:*:*:*","matchCriteriaId":"DC448FF0-6D3F-4609-864B-4191905EE2B9"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:6200u:*:*:*:*:*:*:*","matchCriteriaId":"0FC246FE-4CA6-4B2D-83C3-D50A386C24A0"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:6260u:*:*:*:*:*:*:*","matchCriteriaId":"758A14DB-1BAF-442A-BA7C-5E9C67847BEA"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:6267u:*:*:*:*:*:*:*","matchCriteriaId":"61309100-CFA7-4607-A236-8910838AA057"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:6287u:*:*:*:*:*:*:*","matchCriteriaId":"82D76265-7BD0-4C51-AE77-22B22524DE81"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:6300hq:*:*:*:*:*:*:*","matchCriteriaId":"DE38B195-BB8D-4747-881D-E8033760B4C8"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:6300u:*:*:*:*:*:*:*","matchCriteriaId":"1AA8BE76-168D-48A3-8DF6-E91F44600408"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:6350hq:*:*:*:*:*:*:*","matchCriteriaId":"3B656975-5D71-4712-9820-BDB7BC248AFA"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:6360u:*:*:*:*:*:*:*","matchCriteriaId":"FA045267-114D-4587-B6D7-E273C28DC9B1"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:6400:*:*:*:*:*:*:*","matchCriteriaId":"77018415-E122-406E-896D-1BC6CF790BE3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:6400t:*:*:*:*:*:*:*","matchCriteriaId":"3ADF37F1-546B-4EF0-8DEC-DC3B9F5309FF"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:6402p:*:*:*:*:*:*:*","matchCriteriaId":"D7469256-1A64-46FF-8F5A-A8E9E3CF5BE5"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:6440eq:*:*:*:*:*:*:*","matchCriteriaId":"7F9069B9-9FE3-4AD5-9A8E-55C0F73BD756"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:6440hq:*:*:*:*:*:*:*","matchCriteriaId":"F4E1C012-3E05-44DB-B6D2-BFD619C034B4"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:6442eq:*:*:*:*:*:*:*","matchCriteriaId":"15D689D6-8594-42F2-8EEF-DCAEBA885A67"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:6500:*:*:*:*:*:*:*","matchCriteriaId":"A6446000-0494-4DC5-ABAA-F20A44546068"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:6500t:*:*:*:*:*:*:*","matchCriteriaId":"99B94EEC-6690-45D0-B086-F4A5B25C25CB"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:6500te:*:*:*:*:*:*:*","matchCriteriaId":"8B767B6E-B3E6-4424-97A6-89A7E7EB0EEB"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:6585r:*:*:*:*:*:*:*","matchCriteriaId":"832AB3CD-E3A1-4CCB-A210-287973563D0E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:6600:*:*:*:*:*:*:*","matchCriteriaId":"5A26C0CC-68AD-40F5-96B8-87E6C643F6F8"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:6600k:*:*:*:*:*:*:*","matchCriteriaId":"99C4221A-9994-43B3-9C7A-E13815A50A10"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:6600t:*:*:*:*:*:*:*","matchCriteriaId":"20070B1D-B91C-40BA-A9D8-E80170A2933F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:6685r:*:*:*:*:*:*:*","matchCriteriaId":"A70129C9-371F-4542-A388-C095869E593A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:8250u:*:*:*:*:*:*:*","matchCriteriaId":"6C4DE25F-168A-4C67-8B66-09F61F072BD4"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:8350u:*:*:*:*:*:*:*","matchCriteriaId":"58157F24-D89E-4552-8CE6-2F01E98BD1E5"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:8400:*:*:*:*:*:*:*","matchCriteriaId":"BC7FFD78-1E1C-4246-BBD3-73FAC06AA46B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:8600k:*:*:*:*:*:*:*","matchCriteriaId":"45ACBBEA-EC95-4F3E-B585-893DB6D21A0F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:7y75:*:*:*:*:*:*:*","matchCriteriaId":"7DEC55DF-1950-45E5-A5F2-B5604AFA1CBD"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:610e:*:*:*:*:*:*:*","matchCriteriaId":"A6A5EC79-1B21-4BB3-8791-73507BC8D4DC"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:620le:*:*:*:*:*:*:*","matchCriteriaId":"FCB4AFC3-FE30-4F46-ADC1-D03EB14E757D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:620lm:*:*:*:*:*:*:*","matchCriteriaId":"E0387587-AAB6-4284-8516-4DA3E3582D30"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:620m:*:*:*:*:*:*:*","matchCriteriaId":"A238C975-9196-449F-9C15-ABB2E9FD1D06"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:620ue:*:*:*:*:*:*:*","matchCriteriaId":"6F17F4A5-120B-4E00-97C8-8A85841ACBC9"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:620um:*:*:*:*:*:*:*","matchCriteriaId":"2537F047-64C9-4E73-B82C-310253184183"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:640lm:*:*:*:*:*:*:*","matchCriteriaId":"3A55857C-649D-46CE-AEDA-6E553E554FC1"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:640m:*:*:*:*:*:*:*","matchCriteriaId":"7BA4892D-AFDF-4441-821E-5EBF7F64C9F9"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:640um:*:*:*:*:*:*:*","matchCriteriaId":"327E06A3-7F0E-4498-8811-10C8D15398FE"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:660lm:*:*:*:*:*:*:*","matchCriteriaId":"1624E6D6-858E-4085-B0B9-362B819EFD88"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:660ue:*:*:*:*:*:*:*","matchCriteriaId":"50D61F4A-40F0-477C-8326-7359D3626E77"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:660um:*:*:*:*:*:*:*","matchCriteriaId":"1455B4DE-7F1C-4CF2-AE02-2EDD20025D62"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:680um:*:*:*:*:*:*:*","matchCriteriaId":"5B215788-860B-46CD-9A08-43AFF98FAEAA"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:720qm:*:*:*:*:*:*:*","matchCriteriaId":"2B92FAD5-CA6E-48F7-9613-3A4CE90F5F54"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:740qm:*:*:*:*:*:*:*","matchCriteriaId":"E4EB132B-000C-4A17-AFB3-19F40A73D2CC"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:820qm:*:*:*:*:*:*:*","matchCriteriaId":"5C4815AE-B635-4545-83C2-5EC4E0128337"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:840qm:*:*:*:*:*:*:*","matchCriteriaId":"C0046C06-E3E6-4674-A4D1-332DD29D9552"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:860:*:*:*:*:*:*:*","matchCriteriaId":"2C191851-3DC3-41C7-AD89-81F091CCC83A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:860s:*:*:*:*:*:*:*","matchCriteriaId":"21126922-8E81-47F4-82D4-CBCDDACEC4FA"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:870:*:*:*:*:*:*:*","matchCriteriaId":"209E18B0-BBB5-4C65-B336-44340F7740DE"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:870s:*:*:*:*:*:*:*","matchCriteriaId":"C867C0B8-91A4-482A-B7DD-54AB9599AE52"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:875k:*:*:*:*:*:*:*","matchCriteriaId":"30F03843-8A51-4CE1-BE6C-994BDE3A8F97"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:880:*:*:*:*:*:*:*","matchCriteriaId":"09854948-2657-4261-A32A-0523058F072E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:920:*:*:*:*:*:*:*","matchCriteriaId":"D13904A5-266D-481C-A42A-734C3823A238"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:920xm:*:*:*:*:*:*:*","matchCriteriaId":"ACC82FCB-0541-45C4-8B7E-CB612D7F702A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:930:*:*:*:*:*:*:*","matchCriteriaId":"6C18BD84-5E9C-4C9E-B0AA-2CEB0D7A58C3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:940:*:*:*:*:*:*:*","matchCriteriaId":"0F5ABC7E-C4E0-4850-A1E6-07EBCF4A87D3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:940xm:*:*:*:*:*:*:*","matchCriteriaId":"501E9355-0CDD-4951-BCC3-47962788BCCB"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:950:*:*:*:*:*:*:*","matchCriteriaId":"B3D976D9-62F0-43C3-8359-E51E26B6CD87"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:960:*:*:*:*:*:*:*","matchCriteriaId":"02AFBCD0-9B4B-4CA3-8FA9-D8B6ECB24894"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:965:*:*:*:*:*:*:*","matchCriteriaId":"64ADE9AF-196F-4E0B-BC66-7DE0183F9032"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:970:*:*:*:*:*:*:*","matchCriteriaId":"C90CCA48-1705-4564-AAF9-271201BD5113"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:975:*:*:*:*:*:*:*","matchCriteriaId":"0B82BAFF-17F5-465C-8032-67D5ECAB2921"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:980:*:*:*:*:*:*:*","matchCriteriaId":"1F694FEC-B97D-4BDA-ADFA-751E8BFB7CD2"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:980x:*:*:*:*:*:*:*","matchCriteriaId":"F831371E-7437-48D7-8281-1F406215041B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:990x:*:*:*:*:*:*:*","matchCriteriaId":"BC4F06B5-615A-464A-A0C4-7AABEE8530CD"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:2600:*:*:*:*:*:*:*","matchCriteriaId":"92AF503A-A2B1-4FC3-858B-264049ADF0F8"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:2600k:*:*:*:*:*:*:*","matchCriteriaId":"E702C7EC-B1D9-4BDF-B334-2004CD76B52B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:2600s:*:*:*:*:*:*:*","matchCriteriaId":"E39F31D6-DC4B-46FE-BE5D-EA612D915A96"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:2610ue:*:*:*:*:*:*:*","matchCriteriaId":"51CB8036-5F36-4CD4-9B3E-D2401F2E64F6"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:2617m:*:*:*:*:*:*:*","matchCriteriaId":"F9849BA3-3990-4E30-B99B-ADD043314CDA"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:2620m:*:*:*:*:*:*:*","matchCriteriaId":"A20FB18A-D3DA-4DE9-BEFF-75B7AB9B9A55"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:2629m:*:*:*:*:*:*:*","matchCriteriaId":"7A67CD6F-5E4F-4E69-A2A9-A4033DCE08EA"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:2630qm:*:*:*:*:*:*:*","matchCriteriaId":"A0A22E92-1EA7-45D9-AC86-EC3D9664C294"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:2635qm:*:*:*:*:*:*:*","matchCriteriaId":"D7FA2911-6561-47BF-BEE8-DDA31642C346"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:2637m:*:*:*:*:*:*:*","matchCriteriaId":"1FA6CA23-6F2B-44D5-B2DA-4F142BA3E48A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:2640m:*:*:*:*:*:*:*","matchCriteriaId":"0F829DED-4D92-401A-BD80-C070DE57FC7C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:2649m:*:*:*:*:*:*:*","matchCriteriaId":"F560575C-FD8E-485D-B50A-572604BBE903"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:2655le:*:*:*:*:*:*:*","matchCriteriaId":"6ED8C51B-AE59-46DC-85F9-6D3B2891CB3F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:2657m:*:*:*:*:*:*:*","matchCriteriaId":"1A38D00A-B9DC-44DF-8247-70355FF9A6EF"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:2670qm:*:*:*:*:*:*:*","matchCriteriaId":"381EFC43-D5D9-4D10-90BE-4C333A9BA074"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:2675qm:*:*:*:*:*:*:*","matchCriteriaId":"CBEDED18-2755-4C55-A1A1-04B4D5F40276"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:2677m:*:*:*:*:*:*:*","matchCriteriaId":"F04B57EC-0731-40C8-939F-1C686A65A0FC"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:2700k:*:*:*:*:*:*:*","matchCriteriaId":"2AB301FB-EB3E-4F5F-868D-5B66CC7E1E6B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:2710qe:*:*:*:*:*:*:*","matchCriteriaId":"CE1D28F9-B135-441B-A9BF-792DD356E374"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:2715qe:*:*:*:*:*:*:*","matchCriteriaId":"4D01CE3E-5C89-4FC0-9097-CAC483ACD441"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:2720qm:*:*:*:*:*:*:*","matchCriteriaId":"7BDD55C4-AFCD-4DF2-921C-DDC1D7556DA3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:2760qm:*:*:*:*:*:*:*","matchCriteriaId":"8F52334F-BE6A-4FD4-9F63-AE9BB017115B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:2820qm:*:*:*:*:*:*:*","matchCriteriaId":"C7C9BCC3-B9A6-4195-BF2F-E7BBCE8DC269"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:2860qm:*:*:*:*:*:*:*","matchCriteriaId":"2A4DFFA7-AA0E-4D7E-97B8-13389FD47D4A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:2920xm:*:*:*:*:*:*:*","matchCriteriaId":"707F6671-57AC-4DF4-8024-444502E5C92E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:2960xm:*:*:*:*:*:*:*","matchCriteriaId":"3C1FCE07-F9E8-4B14-95CE-01784D472128"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:3517u:*:*:*:*:*:*:*","matchCriteriaId":"C208711F-FC06-46C8-8849-27054DC1B264"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:3517ue:*:*:*:*:*:*:*","matchCriteriaId":"25AB8041-F201-4BB3-AAD9-199B06697DF3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:3520m:*:*:*:*:*:*:*","matchCriteriaId":"D75C474C-D5EF-42D6-9B2A-A504BEFCB982"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:3537u:*:*:*:*:*:*:*","matchCriteriaId":"1F566CD3-3649-492B-B0AB-A107E51675B9"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:3540m:*:*:*:*:*:*:*","matchCriteriaId":"BB9F3D74-AE72-4FC5-83E9-890781AF3093"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:3555le:*:*:*:*:*:*:*","matchCriteriaId":"0E8EA6A7-4AB8-487E-B5DD-9989CC5F1CD8"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:3610qe:*:*:*:*:*:*:*","matchCriteriaId":"DF63DDC8-A0C1-482B-92F2-CF6135E8C2A5"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:3610qm:*:*:*:*:*:*:*","matchCriteriaId":"C69918C6-7AAD-4AA5-AB72-C275367B1008"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:3612qe:*:*:*:*:*:*:*","matchCriteriaId":"06155B0B-A5AD-4A82-8C02-D264981687A6"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:3612qm:*:*:*:*:*:*:*","matchCriteriaId":"F76C19A4-FA26-432A-9443-9F92B2A946EB"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:3615qe:*:*:*:*:*:*:*","matchCriteriaId":"99BEE9BE-E49A-489B-B333-95D0993F8FA3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:3615qm:*:*:*:*:*:*:*","matchCriteriaId":"7427A678-EC47-4030-B905-619DD95F5A82"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:3630qm:*:*:*:*:*:*:*","matchCriteriaId":"86749716-1C9F-4C2A-B2A7-E62DEC10EA30"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:3632qm:*:*:*:*:*:*:*","matchCriteriaId":"FD000B53-06DA-4ED4-B0EE-9CB201B75C8D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:3635qm:*:*:*:*:*:*:*","matchCriteriaId":"A8424463-C329-4BAA-8AA1-25CD8B63292E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:3667u:*:*:*:*:*:*:*","matchCriteriaId":"52727E62-0048-4C56-BC8C-B3450D257B21"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:3687u:*:*:*:*:*:*:*","matchCriteriaId":"9D8223AA-F077-45FD-A7E3-3C2C1A8F6E91"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:3689y:*:*:*:*:*:*:*","matchCriteriaId":"FAA34B50-2330-4D77-BF1A-6F05F3EF222C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:3720qm:*:*:*:*:*:*:*","matchCriteriaId":"F6421F69-1076-43D2-B273-DE80FB2D5F72"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:3740qm:*:*:*:*:*:*:*","matchCriteriaId":"C1EDA9E2-CFE7-4917-BE48-A83208BDF0F3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:3770:*:*:*:*:*:*:*","matchCriteriaId":"9A34E7FC-93A4-45F2-A7B6-4A8ABFCAB0F9"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:3770k:*:*:*:*:*:*:*","matchCriteriaId":"7E611EDD-D44C-4311-B681-431D7C574528"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:3770s:*:*:*:*:*:*:*","matchCriteriaId":"C5E1B6AA-2F9A-43A8-9147-2BD9474E54C7"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:3770t:*:*:*:*:*:*:*","matchCriteriaId":"1886D007-85B6-4E5A-968D-A1FD476A08A8"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:3820qm:*:*:*:*:*:*:*","matchCriteriaId":"BDDDCB65-4404-49BC-9515-ECECD58A667F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:3840qm:*:*:*:*:*:*:*","matchCriteriaId":"1B8D3E00-64C3-407A-9B00-8B6E383F73FA"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4500u:*:*:*:*:*:*:*","matchCriteriaId":"CB1B00A1-9C15-47C2-9F57-66586DEACC7D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4510u:*:*:*:*:*:*:*","matchCriteriaId":"CB5BF932-459F-4DD2-B160-5FE0371C7D83"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4550u:*:*:*:*:*:*:*","matchCriteriaId":"A58ACE96-F1BE-4261-8F94-FC3C6E7C7561"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4558u:*:*:*:*:*:*:*","matchCriteriaId":"783D6EA7-C016-4314-A87B-4FED1DC7114B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4578u:*:*:*:*:*:*:*","matchCriteriaId":"7AD0176F-FFAE-4A85-9327-CE72FE059E90"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4600m:*:*:*:*:*:*:*","matchCriteriaId":"A56970C7-F8D3-41B2-A78B-0C7F4A2A4E0A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4600u:*:*:*:*:*:*:*","matchCriteriaId":"26D4CE1F-86C8-4E48-9146-9DB57BF540FB"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4610m:*:*:*:*:*:*:*","matchCriteriaId":"CB7F9D65-5537-4C25-B02B-2393F60D1299"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4610y:*:*:*:*:*:*:*","matchCriteriaId":"F09C8A92-820D-4572-A797-180E17A7DEB6"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4650u:*:*:*:*:*:*:*","matchCriteriaId":"CA7D77A2-0D9A-4D0D-B0DC-152757917BE6"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4700ec:*:*:*:*:*:*:*","matchCriteriaId":"A07D3F1A-16CE-461F-A2F4-80FE5F841CB3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4700eq:*:*:*:*:*:*:*","matchCriteriaId":"0C04557A-C508-4FAD-A535-1C0AEFF08075"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4700hq:*:*:*:*:*:*:*","matchCriteriaId":"6AFAE489-6679-4705-BF9C-BB6D385A1DC3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4700mq:*:*:*:*:*:*:*","matchCriteriaId":"429A99C8-BC55-4887-893C-7124C1A5DB08"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4702ec:*:*:*:*:*:*:*","matchCriteriaId":"E3A2B709-CC19-4116-A5BE-5DB5C8B45A12"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4702hq:*:*:*:*:*:*:*","matchCriteriaId":"D79DAC74-1F28-4EC8-B417-3FAFFB74C4BB"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4702mq:*:*:*:*:*:*:*","matchCriteriaId":"6F1F1377-6220-43FB-BEF9-BAA7B0158147"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4710hq:*:*:*:*:*:*:*","matchCriteriaId":"18422CA8-3000-46B1-9065-2369E6B0BE16"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4710mq:*:*:*:*:*:*:*","matchCriteriaId":"5D558C66-E80E-4FC7-A0DF-485466390C46"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4712hq:*:*:*:*:*:*:*","matchCriteriaId":"E23EA9AE-9E70-47B5-AD9B-0DF13A0939E0"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4712mq:*:*:*:*:*:*:*","matchCriteriaId":"860F22F6-4C87-47C5-965E-02A1AFF41A72"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4720hq:*:*:*:*:*:*:*","matchCriteriaId":"19A2CA86-BFA8-4C78-987D-AD26F32622F7"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4722hq:*:*:*:*:*:*:*","matchCriteriaId":"EEF64E0A-CDB0-427E-A96F-095EFEBA0A3D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4750hq:*:*:*:*:*:*:*","matchCriteriaId":"425F6D34-EE60-464B-8EA6-8116EDAA1219"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4760hq:*:*:*:*:*:*:*","matchCriteriaId":"CEB9F657-1239-4424-A2E8-F8BD98C0095E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4765t:*:*:*:*:*:*:*","matchCriteriaId":"F631403C-0A67-42CB-815C-133EB87E0C95"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4770:*:*:*:*:*:*:*","matchCriteriaId":"6A4A5A57-B1A2-4BBA-AC36-7EA7DF9CDE06"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4770hq:*:*:*:*:*:*:*","matchCriteriaId":"0453C0EA-BA67-49D5-964F-35493F97D905"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4770k:*:*:*:*:*:*:*","matchCriteriaId":"4D4D237E-ACB7-4382-AF5B-D27E634BF867"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4770r:*:*:*:*:*:*:*","matchCriteriaId":"B5461EB2-2958-4923-86AF-C74D449120B5"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4770s:*:*:*:*:*:*:*","matchCriteriaId":"45C22141-E698-4E38-AF50-9CE04C1168FE"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4770t:*:*:*:*:*:*:*","matchCriteriaId":"49D0E470-427D-4A68-AFD2-982A4F7CE2D7"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4770te:*:*:*:*:*:*:*","matchCriteriaId":"43AB50F3-14AC-44BD-B7F0-A683C5FD1A3F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4771:*:*:*:*:*:*:*","matchCriteriaId":"713C4B7A-C38A-4818-A258-D07DEDEC906E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4785t:*:*:*:*:*:*:*","matchCriteriaId":"C59740BE-FC30-4400-B978-1DB41282971C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4790:*:*:*:*:*:*:*","matchCriteriaId":"839728F0-5F23-462F-B493-C37EE4C874F9"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4790k:*:*:*:*:*:*:*","matchCriteriaId":"6F1B47DA-BA53-4D7A-9B5B-582238D5E99A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4790s:*:*:*:*:*:*:*","matchCriteriaId":"D452F1BF-1FA5-463C-8F13-6357509FB5D1"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4790t:*:*:*:*:*:*:*","matchCriteriaId":"EF6D1F4C-B396-468C-BA32-9367A68C95DD"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4800mq:*:*:*:*:*:*:*","matchCriteriaId":"B76A812F-D77A-49C8-B7A5-0C08258D4BBD"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4810mq:*:*:*:*:*:*:*","matchCriteriaId":"6E001AAB-07EC-47BF-BDE9-BB927872781D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4850hq:*:*:*:*:*:*:*","matchCriteriaId":"D1DF11F5-61E8-4A98-86C8-49D6B3224FCC"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4860hq:*:*:*:*:*:*:*","matchCriteriaId":"AED153E7-99A2-4C02-B81B-C3DDF8FAE1A0"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4870hq:*:*:*:*:*:*:*","matchCriteriaId":"D024802A-EA60-4D9B-B04C-027A0703EABD"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4900mq:*:*:*:*:*:*:*","matchCriteriaId":"BA731F3C-1F04-4EE2-83EC-9486F5032903"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4910mq:*:*:*:*:*:*:*","matchCriteriaId":"544A59F6-E731-43C8-8455-69256933E71D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4950hq:*:*:*:*:*:*:*","matchCriteriaId":"624258EE-7FFF-4432-9B6D-4D60AA73CD9A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4960hq:*:*:*:*:*:*:*","matchCriteriaId":"69A2701A-35A8-4268-B9CF-40BA3219373B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4980hq:*:*:*:*:*:*:*","matchCriteriaId":"15E671F6-8DED-4735-BE97-58A60E5B5C13"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:5500u:*:*:*:*:*:*:*","matchCriteriaId":"3FC68B2A-8570-4311-BB60-49DBBDAF7430"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:5550u:*:*:*:*:*:*:*","matchCriteriaId":"9826FA02-937E-4323-B9D5-8AE059ADBE95"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:5557u:*:*:*:*:*:*:*","matchCriteriaId":"9B8630BB-48AA-4688-A6F0-212C1BB4D14C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:5600u:*:*:*:*:*:*:*","matchCriteriaId":"9AC98D35-D7D5-4C24-B47E-EDE2A80B2B9E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:5650u:*:*:*:*:*:*:*","matchCriteriaId":"A2F8ABCB-12C3-4C45-844E-B07F77DA2DE9"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:5700eq:*:*:*:*:*:*:*","matchCriteriaId":"326105AC-3926-437E-8AFF-916960107050"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:5700hq:*:*:*:*:*:*:*","matchCriteriaId":"866E1275-7541-4B80-8FDF-53246A204C15"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:5750hq:*:*:*:*:*:*:*","matchCriteriaId":"E190929D-D3CC-46E1-A903-0848829061DF"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:5775c:*:*:*:*:*:*:*","matchCriteriaId":"81E4EBCB-B660-4F6A-AD73-81B9D8964162"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:5775r:*:*:*:*:*:*:*","matchCriteriaId":"55D58CC5-CB46-464D-93B8-6AD5A19AF097"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:5850eq:*:*:*:*:*:*:*","matchCriteriaId":"16541D3E-EBBD-4D92-96D8-F169733377AE"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:5850hq:*:*:*:*:*:*:*","matchCriteriaId":"3F08D257-F570-4D39-A6E8-0F60E55472E6"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:5950hq:*:*:*:*:*:*:*","matchCriteriaId":"C20ED667-2BFB-41C7-82BA-9F0C0044DA08"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:7500u:*:*:*:*:*:*:*","matchCriteriaId":"6158ED8A-007E-48B7-99BF-8BA03BF584BD"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:7560u:*:*:*:*:*:*:*","matchCriteriaId":"DBA7096A-F321-49A0-911A-F9683ABE6E6A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:7567u:*:*:*:*:*:*:*","matchCriteriaId":"6A471395-7F8F-4BA5-962D-4D8F271FAB47"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:7600u:*:*:*:*:*:*:*","matchCriteriaId":"B9484380-92B9-44DB-8E20-DC8DE02D1CA6"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:7660u:*:*:*:*:*:*:*","matchCriteriaId":"8010808D-805D-4CA3-9EA2-55EB1E57964C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:7700:*:*:*:*:*:*:*","matchCriteriaId":"9716FE9F-A056-42A3-A241-F2FE37A6386A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:7700hq:*:*:*:*:*:*:*","matchCriteriaId":"F73422A3-ECA0-4C41-9AA5-CF7D77885CF6"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:7700k:*:*:*:*:*:*:*","matchCriteriaId":"7A96A5AF-C9EF-4DED-AE25-4540A2B02915"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:7700t:*:*:*:*:*:*:*","matchCriteriaId":"D5115B12-053A-4866-A833-D6EC88D8F93E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:7820eq:*:*:*:*:*:*:*","matchCriteriaId":"C5619D4D-9685-4595-8A5F-A18273FE4213"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:7820hk:*:*:*:*:*:*:*","matchCriteriaId":"B77E00E7-0EA4-4E32-A693-0E0F66BA4C57"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:7820hq:*:*:*:*:*:*:*","matchCriteriaId":"DAA3457E-7E1A-4878-9752-79382E954A66"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:7920hq:*:*:*:*:*:*:*","matchCriteriaId":"68630C63-4457-4E12-B7BD-AD456B237FC5"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:8550u:*:*:*:*:*:*:*","matchCriteriaId":"F6FB5695-2950-4CEC-81B4-FD280F835330"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:8650u:*:*:*:*:*:*:*","matchCriteriaId":"9F340AF8-508F-449D-9AFA-4E55F069B4F3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:8700:*:*:*:*:*:*:*","matchCriteriaId":"E944410E-D674-4141-B50C-9F55090325FF"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:8700k:*:*:*:*:*:*:*","matchCriteriaId":"A6438E07-0AC0-4BF9-B0F2-9072CA9639D6"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_m:5y10:*:*:*:*:*:*:*","matchCriteriaId":"5079AA70-C864-4AE2-809C-52B50632F2B3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_m:5y10a:*:*:*:*:*:*:*","matchCriteriaId":"5D124BCB-D8C3-49F5-B05C-E09B3CEBEBCD"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_m:5y10c:*:*:*:*:*:*:*","matchCriteriaId":"6A86291B-C986-4320-BCEF-9F5AD8B309D3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_m:5y31:*:*:*:*:*:*:*","matchCriteriaId":"1227659F-1393-4189-978B-CC3DC53BF407"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_m:5y51:*:*:*:*:*:*:*","matchCriteriaId":"4C2DB843-638F-41EF-B486-409318AA2DE9"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_m:5y70:*:*:*:*:*:*:*","matchCriteriaId":"A0004D8A-A186-4DA2-A7AB-18A6456438FF"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_m:5y71:*:*:*:*:*:*:*","matchCriteriaId":"75B6BE9F-F113-4976-951D-53F2E183A95A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_m3:6y30:*:*:*:*:*:*:*","matchCriteriaId":"DEB005F1-9719-4985-B9D9-2140C962ADD1"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_m3:7y30:*:*:*:*:*:*:*","matchCriteriaId":"A94D0C1B-F30F-4724-915E-192C53FAE58A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_m3:7y32:*:*:*:*:*:*:*","matchCriteriaId":"3F247860-1D2C-415C-AFBD-26BD875AAF02"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_m5:6y54:*:*:*:*:*:*:*","matchCriteriaId":"9697EDCD-A742-4AC6-876E-1080AD684207"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_m5:6y57:*:*:*:*:*:*:*","matchCriteriaId":"6E73924A-875B-44D0-8F7C-A822B0488126"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_m7:6y75:*:*:*:*:*:*:*","matchCriteriaId":"03751B92-EE07-4F16-A476-BD25561810BC"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:pentium_j:j2850:*:*:*:*:*:*:*","matchCriteriaId":"A3A630E1-6CAE-4809-AB18-5002F158AE90"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:pentium_j:j2900:*:*:*:*:*:*:*","matchCriteriaId":"A67750FF-EF4B-414F-8ED4-299CAF33B0DF"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:pentium_j:j3710:*:*:*:*:*:*:*","matchCriteriaId":"5A82D885-82F5-4755-BC11-5899E28CEE42"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:pentium_j:j4205:*:*:*:*:*:*:*","matchCriteriaId":"88AF1366-8A14-4741-8146-886C31D8D347"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:pentium_n:n3510:*:*:*:*:*:*:*","matchCriteriaId":"7FD75301-E29C-47DC-B53F-DC44EA0C1885"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:pentium_n:n3520:*:*:*:*:*:*:*","matchCriteriaId":"8C944024-BEAA-43AF-A339-FD69C75E8240"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:pentium_n:n3530:*:*:*:*:*:*:*","matchCriteriaId":"435C69D1-3932-4379-8D18-B1E12D558325"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:pentium_n:n3540:*:*:*:*:*:*:*","matchCriteriaId":"3572B700-73C0-41D1-95FD-FE9D5B0C1F80"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:pentium_n:n3700:*:*:*:*:*:*:*","matchCriteriaId":"97A40DC9-0D4E-4C91-8D1B-3CED95B3952E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:pentium_n:n3710:*:*:*:*:*:*:*","matchCriteriaId":"16FB3E4B-05F8-411A-8C86-4ACE03815553"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:pentium_n:n4200:*:*:*:*:*:*:*","matchCriteriaId":"8E55EBC1-6F96-47CD-9503-7855EFB07240"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:e5502:*:*:*:*:*:*:*","matchCriteriaId":"4208DBA1-7F85-4876-9B6C-D1B43EAAB2AD"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:e5503:*:*:*:*:*:*:*","matchCriteriaId":"F5ADC8E5-1CE7-4481-A9B5-61BFC6B4FF50"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:e5504:*:*:*:*:*:*:*","matchCriteriaId":"A1789924-FADB-4076-8874-120B29EE6B86"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:e5506:*:*:*:*:*:*:*","matchCriteriaId":"BC246667-2F6F-4024-9EAA-2CE3018235C3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:e5507:*:*:*:*:*:*:*","matchCriteriaId":"B21BA7F8-D4B5-4E6B-8FCE-04BBD3501AA5"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:e5520:*:*:*:*:*:*:*","matchCriteriaId":"1341A5D4-A5CE-4D31-A178-01C3069D7A55"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:e5530:*:*:*:*:*:*:*","matchCriteriaId":"86A5C199-92E5-435C-AC40-175849285104"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:e5540:*:*:*:*:*:*:*","matchCriteriaId":"67589F54-0A54-4DE7-9A47-A73DD05F7965"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:e5603:*:*:*:*:*:*:*","matchCriteriaId":"DDC34C8E-1BB9-43CC-9D89-9E6DC435B7EB"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:e5606:*:*:*:*:*:*:*","matchCriteriaId":"8BE5163E-9BCF-4BF8-BCB9-B48C4E7E1564"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:e5607:*:*:*:*:*:*:*","matchCriteriaId":"92C5DC8C-3318-440B-8B29-4827F343927B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:e5620:*:*:*:*:*:*:*","matchCriteriaId":"0ECC47D8-F602-4CEA-B19A-209CE76C9D36"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:e5630:*:*:*:*:*:*:*","matchCriteriaId":"7514ADD3-DECC-4CC2-9421-A609E526FDC6"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:e5640:*:*:*:*:*:*:*","matchCriteriaId":"6ED2EC97-8B2D-47A9-8EC7-D1E0ACBB6C52"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:e5645:*:*:*:*:*:*:*","matchCriteriaId":"691097C3-F91B-499B-BAEB-4E7E9C43B517"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:e5649:*:*:*:*:*:*:*","matchCriteriaId":"0B3DB1ED-017B-43EF-92A3-A8A88669FBC2"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:e6510:*:*:*:*:*:*:*","matchCriteriaId":"19A49AAF-0F08-4151-8F74-4EF9C3415B00"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:e6540:*:*:*:*:*:*:*","matchCriteriaId":"3F7A2018-BB4D-4DC1-813D-A4AA3F270893"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:e7520:*:*:*:*:*:*:*","matchCriteriaId":"A95D91C4-C539-4458-A6C9-8AE17207AE30"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:e7530:*:*:*:*:*:*:*","matchCriteriaId":"37F9D218-8198-42C7-88FE-7C5382138324"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:e7540:*:*:*:*:*:*:*","matchCriteriaId":"CF8FDD81-95EE-4241-93C8-925085A4CE7B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:ec5509:*:*:*:*:*:*:*","matchCriteriaId":"614D9E35-10E0-4CCB-B817-C7C8C3947BE4"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:ec5539:*:*:*:*:*:*:*","matchCriteriaId":"F75F987E-F4DB-46FF-B048-21B4A4C07B10"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:ec5549:*:*:*:*:*:*:*","matchCriteriaId":"05376F2C-30B6-406D-90F7-6C2E00E85171"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:l3406:*:*:*:*:*:*:*","matchCriteriaId":"CCDD3DF6-24BF-4C13-8F07-AF07327E5622"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:l3426:*:*:*:*:*:*:*","matchCriteriaId":"B1520A64-2157-45D7-A135-F900798C4EB5"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:l5506:*:*:*:*:*:*:*","matchCriteriaId":"05A30F85-5367-4369-B7A5-176D71279FC3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:l5508:*:*:*:*:*:*:*","matchCriteriaId":"B8803FF9-48D7-4AB0-8A17-4590CABD0BFD"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:l5518:*:*:*:*:*:*:*","matchCriteriaId":"1DC63B6B-5D6D-477B-9125-007F835981B4"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:l5520:*:*:*:*:*:*:*","matchCriteriaId":"BF385AC9-963E-4670-95A6-BE1EBC3890B7"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:l5530:*:*:*:*:*:*:*","matchCriteriaId":"943FA088-2902-45A9-A1BA-D612B46A50D9"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:l5609:*:*:*:*:*:*:*","matchCriteriaId":"8C80902D-9A6C-47D4-B56F-35C378FC0E63"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:l5618:*:*:*:*:*:*:*","matchCriteriaId":"1100B46C-8485-4048-BFF8-2BAB311EC04A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:l5630:*:*:*:*:*:*:*","matchCriteriaId":"4B9E1646-E154-41BA-B9FA-0839A898023D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:l5638:*:*:*:*:*:*:*","matchCriteriaId":"03F4C8E6-0043-41A8-94EA-EEBAA1A081E7"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:l5640:*:*:*:*:*:*:*","matchCriteriaId":"31C10985-CBF7-4717-A7D6-2594887D7CB7"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:l7545:*:*:*:*:*:*:*","matchCriteriaId":"8C49886C-B6A0-4D95-8533-329FE5A66F6B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:l7555:*:*:*:*:*:*:*","matchCriteriaId":"0788CF23-3FAF-44C9-9AAA-96E4818A1AEC"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:lc5518:*:*:*:*:*:*:*","matchCriteriaId":"24AF7001-64D1-4BFB-9280-0BA0FAD97A0A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:lc5528:*:*:*:*:*:*:*","matchCriteriaId":"8C6E420E-16DA-4FB1-9968-C93E229614FA"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:w3670:*:*:*:*:*:*:*","matchCriteriaId":"07469E04-B3D2-41FE-A2E4-E25A977026CD"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:w3680:*:*:*:*:*:*:*","matchCriteriaId":"60FF402E-5E4F-414A-A3AB-149548303616"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:w3690:*:*:*:*:*:*:*","matchCriteriaId":"79E2B875-A270-45C0-A1B1-041264E5B290"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:w5580:*:*:*:*:*:*:*","matchCriteriaId":"8C828C8C-7ECB-4167-87A9-0F522C400C66"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:w5590:*:*:*:*:*:*:*","matchCriteriaId":"0C2C887F-1EF7-468A-A6AE-440793C78DAC"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:x3430:*:*:*:*:*:*:*","matchCriteriaId":"6F2F3D7F-D884-4ACD-A103-060F57A9867B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:x3440:*:*:*:*:*:*:*","matchCriteriaId":"BD1FCAAD-7072-45EC-9ACB-08556458BAF6"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:x3450:*:*:*:*:*:*:*","matchCriteriaId":"C4446224-40E8-4AD0-8197-921D3473E19B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:x3460:*:*:*:*:*:*:*","matchCriteriaId":"4EA159D9-8C7F-4BE5-9093-A21C7D00F7EA"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:x3470:*:*:*:*:*:*:*","matchCriteriaId":"B92B68FD-771A-4401-8B1D-B1A252356F62"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:x3480:*:*:*:*:*:*:*","matchCriteriaId":"1B933941-0BE3-4EEB-8FDD-2DAA63343EE5"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:x5550:*:*:*:*:*:*:*","matchCriteriaId":"8D060EF0-B29C-4B54-86A0-FD5CFF7B80BB"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:x5560:*:*:*:*:*:*:*","matchCriteriaId":"36F737C1-6011-42D2-9690-CA81EA0A283C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:x5570:*:*:*:*:*:*:*","matchCriteriaId":"19CA7EB6-D1C9-48D9-A69A-2618800A6CE6"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:x5647:*:*:*:*:*:*:*","matchCriteriaId":"0CA1F3E5-ED7F-4E4C-AD0D-0EEC542A9E51"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:x5650:*:*:*:*:*:*:*","matchCriteriaId":"ED6E3C9B-A661-4B37-B76D-A3F7BD638D4A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:x5660:*:*:*:*:*:*:*","matchCriteriaId":"56C909B0-8FB2-4220-AF93-EECB8D650CC3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:x5667:*:*:*:*:*:*:*","matchCriteriaId":"FF36BAD0-A762-4F84-BE0B-060FE666ED67"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:x5670:*:*:*:*:*:*:*","matchCriteriaId":"007337CD-94FB-4ED9-B4A3-9E0EC52D79B2"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:x5672:*:*:*:*:*:*:*","matchCriteriaId":"BCDFA137-F1FC-46BD-9872-D62671B1434D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:x5675:*:*:*:*:*:*:*","matchCriteriaId":"2E6DBCB3-E912-43A1-914B-5C7CCFAADE25"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:x5677:*:*:*:*:*:*:*","matchCriteriaId":"0FCF36E2-0B42-4F23-97D6-9E79ECCA8FAD"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:x5680:*:*:*:*:*:*:*","matchCriteriaId":"E2C67312-E128-4833-A91E-D7A9F96A7AD5"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:x5687:*:*:*:*:*:*:*","matchCriteriaId":"3F19F408-FABD-4A68-8CDC-C763F0321FB1"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:x5690:*:*:*:*:*:*:*","matchCriteriaId":"68A06EC2-E491-4CD5-9904-61A88EBB7FD5"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:x6550:*:*:*:*:*:*:*","matchCriteriaId":"789A8CAE-8D9E-4244-880D-FBE28EC53AED"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:x7542:*:*:*:*:*:*:*","matchCriteriaId":"F901EE11-D0C9-46F6-8316-D8F4F1D50260"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:x7550:*:*:*:*:*:*:*","matchCriteriaId":"E549F600-B9CE-4843-A772-2DACC528903E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:x7560:*:*:*:*:*:*:*","matchCriteriaId":"3F28E733-87ED-4610-A8EE-BD37BED7685B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_bronze_3104:-:*:*:*:*:*:*:*","matchCriteriaId":"5DB488DD-D97C-4E21-A055-E6CECBBBC34E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_bronze_3106:-:*:*:*:*:*:*:*","matchCriteriaId":"9DC12C97-9966-40E2-8B23-B4453EC9EA6A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e-1105c:-:*:*:*:*:*:*:*","matchCriteriaId":"2832E8BF-7AC7-444C-B297-66F770860571"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3:1505m_v6:*:*:*:*:*:*:*","matchCriteriaId":"44AA72FB-E78D-419E-AA82-B0538C6504D3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3:1515m_v5:*:*:*:*:*:*:*","matchCriteriaId":"687C3BF3-D71A-49AD-8A05-EAC07CBCD949"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3:1535m_v5:*:*:*:*:*:*:*","matchCriteriaId":"90AF90D9-16C4-4F8A-9868-3E2823E3445C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3:1535m_v6:*:*:*:*:*:*:*","matchCriteriaId":"3C063C53-8970-45B1-85F8-FB2080BF4695"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3:1545m_v5:*:*:*:*:*:*:*","matchCriteriaId":"64596ED7-794A-4D23-987B-D9AD59D48EA5"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3:1558l_v5:*:*:*:*:*:*:*","matchCriteriaId":"C2E52BA6-2F2F-4CD2-A601-5B0ADDE5E23F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3:1565l_v5:*:*:*:*:*:*:*","matchCriteriaId":"3FDA48F0-0F35-4A8F-8117-B0B28E00AB95"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3:1575m_v5:*:*:*:*:*:*:*","matchCriteriaId":"A561A8E8-79E2-4071-B57D-590C22EF86A8"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3:1578l_v5:*:*:*:*:*:*:*","matchCriteriaId":"92E46658-60AB-4758-9236-3AC0E6464383"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3:1585_v5:*:*:*:*:*:*:*","matchCriteriaId":"207B8FBA-E2FF-485A-9AD9-E604AE0FB903"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3:1585l_v5:*:*:*:*:*:*:*","matchCriteriaId":"33F99640-C753-40BE-A0A1-4C2D92E7DB09"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1105c_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"BA1EC6D3-01CD-4CAB-817D-AE2E72FD0D03"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1125c:-:*:*:*:*:*:*:*","matchCriteriaId":"6F98247B-1839-4676-855B-827A4B6C016B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1125c_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"FDBA35BD-1048-4B6E-96B2-1CFF615EB49A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1220:-:*:*:*:*:*:*:*","matchCriteriaId":"E6CEEEE2-D6A2-4342-8A73-934093948824"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1220_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"979FEE9F-A957-43B6-BB6D-1A851D6FA11C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1220_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"1A7AF59D-D05E-47F9-B493-B5CD6781FDDD"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1220_v5:-:*:*:*:*:*:*:*","matchCriteriaId":"7EF7EC93-0170-45A9-86C7-5460320B2AE9"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1220_v6:-:*:*:*:*:*:*:*","matchCriteriaId":"A8A7B1C2-D2CE-485A-9376-27E14F3FA05A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_12201:-:*:*:*:*:*:*:*","matchCriteriaId":"B5F803AC-DCC7-43FC-BEB3-AA7984E0506C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_12201_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"560993AA-299D-42B7-B77F-1BD0D2114CCB"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1220l_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"1C582B1C-1DAC-48FD-82DD-7334C10A2175"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1225:-:*:*:*:*:*:*:*","matchCriteriaId":"D7862B0C-2C44-4110-A62A-083116129612"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1225_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"048C5996-F719-4338-B148-0DD1C13E02FF"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1225_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"0196DA2F-CFA7-44D0-BDF5-37C7403E3B9F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1225_v5:-:*:*:*:*:*:*:*","matchCriteriaId":"4B9FF7FB-AB5A-4549-8C15-E69458C649E2"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1225_v6:-:*:*:*:*:*:*:*","matchCriteriaId":"1CEF6608-B650-4C77-9823-0AD57B3484F1"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1226_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"4BE6A2D7-901C-45F9-B487-D674047D522E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1230:-:*:*:*:*:*:*:*","matchCriteriaId":"DCFCAC5E-6CF1-4EC1-A24C-688DD1016A96"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1230_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"1ADCB509-5B0E-4592-8B23-EC25A3F79D41"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1230_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"FB51691F-089F-4016-B25E-238074B06C0D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1230_v5:-:*:*:*:*:*:*:*","matchCriteriaId":"EBAAC728-6A0F-4675-9677-AAF7DD5D38ED"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1230_v6:-:*:*:*:*:*:*:*","matchCriteriaId":"DB3BFEFD-3D0D-48B0-A5AE-6F3C2D791CE1"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1230l_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"BC7E1AFD-9BCE-4487-A8DE-F9C60529CA7A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1231_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"7EA37503-FD3D-4220-933C-234631D6EDEF"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1235:-:*:*:*:*:*:*:*","matchCriteriaId":"72992831-2A76-456B-A80C-944BDD8591E4"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1235l_v5:-:*:*:*:*:*:*:*","matchCriteriaId":"A79C2131-5566-4CC2-B6ED-38E3F6964500"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1240:-:*:*:*:*:*:*:*","matchCriteriaId":"60BFDAA6-3DFC-4908-BC33-B05BAB462F94"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1240_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"B6266056-770A-4E2D-A4FC-F1475257648E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1240_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"929AA8F3-8BDF-4614-9806-6D4231735616"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1240_v5:-:*:*:*:*:*:*:*","matchCriteriaId":"605D7552-8184-4B11-96FD-FE501A6C97DD"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1240_v6:-:*:*:*:*:*:*:*","matchCriteriaId":"3144BBDE-CC96-4408-AA02-ECC3BF902A34"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1240l_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"1B8BA77A-34E3-4B9E-822A-7B7A90D35790"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1240l_v5:-:*:*:*:*:*:*:*","matchCriteriaId":"E7165B43-ED22-4714-8FA4-1E201D1BFA69"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1241_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"67CFB133-FAF0-431A-9765-8A9738D6D87C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1245:-:*:*:*:*:*:*:*","matchCriteriaId":"2975B0F2-DB7C-4257-985A-482ED2725883"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1245_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"70221E07-3C2E-4A82-8259-AD583EB5CDDD"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1245_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"427DFD78-56CD-43C4-948E-F53AF9D669F3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1245_v5:-:*:*:*:*:*:*:*","matchCriteriaId":"3E3E6F5F-6B82-43D9-BD6E-D22F9B991DB4"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1245_v6:-:*:*:*:*:*:*:*","matchCriteriaId":"75AD7649-3FEA-4971-9886-6C9312B937A1"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1246_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"B4EE972C-6BAE-4342-BA01-1D685487F9C3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1258l_v4:-:*:*:*:*:*:*:*","matchCriteriaId":"27CDFE3B-C064-49A9-BD43-3F7612257A74"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1260l:-:*:*:*:*:*:*:*","matchCriteriaId":"3BD0EEC1-D695-41A5-8CD6-9E987A547CC4"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1260l_v5:-:*:*:*:*:*:*:*","matchCriteriaId":"C35AA9AC-28B3-49C2-A9B5-5D26DFEDB723"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1265l_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"4DBF25B8-D474-4C6B-8E45-F57DDC7074E7"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1265l_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"3DF18FD1-6670-4C3C-8000-A079C69D575E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1265l_v4:-:*:*:*:*:*:*:*","matchCriteriaId":"D760EEAF-5CF5-4F25-8FA2-D4F75F4F5A91"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1268l_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"921EB5A5-F911-4FCE-A6F1-C66818B34678"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1268l_v5:-:*:*:*:*:*:*:*","matchCriteriaId":"13878C13-1C7C-4B83-AF27-4998E8F659DC"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1270:-:*:*:*:*:*:*:*","matchCriteriaId":"023063E1-2DD7-487C-A8A7-939FAEE666A9"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1270_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"77255CE6-D7B7-4B48-993C-7100A1170BC6"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1270_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"B40AC368-3A14-4EFF-A8D0-7EFB4C83045D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1270_v5:-:*:*:*:*:*:*:*","matchCriteriaId":"3472AA7B-C0CF-4D65-8A6C-B1D52D27F0CB"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1270_v6:-:*:*:*:*:*:*:*","matchCriteriaId":"C07E80D5-70A5-49C9-9044-D683C7ECCFF5"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1271_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"63668AF4-F29C-4424-8EC5-2F0A5950DD58"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1275:-:*:*:*:*:*:*:*","matchCriteriaId":"E86616FE-0C3F-4984-A364-8A6A9F01DAD1"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1275_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"09C1C7CD-538D-4D7A-A81C-10DF5376A479"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1275_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"5922F749-2B23-44B8-8A46-F31BCAEAD279"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1275_v5:-:*:*:*:*:*:*:*","matchCriteriaId":"2C48BBAF-6B27-43D6-B86B-40CD8E7BA056"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1275_v6:-:*:*:*:*:*:*:*","matchCriteriaId":"D75D0EEB-707C-4C86-A569-E91E9F00BA77"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1275l_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"F0FB0E20-0243-40A1-8DEF-37150791222E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1276_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"68CFF26D-8AD3-4179-9E4C-F06D7C858C9A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1278l_v4:-:*:*:*:*:*:*:*","matchCriteriaId":"7541572C-229F-4963-B7F0-06EB3323E53B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1280:-:*:*:*:*:*:*:*","matchCriteriaId":"85DE669C-27FD-4196-8B8C-1DA4EE4C1D6C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1280_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"479F7C77-D16F-4E40-9026-3EB8422E0401"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1280_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"7A242AC2-9AA6-43FD-90F4-5BF6E80DBB5E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1280_v5:-:*:*:*:*:*:*:*","matchCriteriaId":"04DB08C8-0018-4A8E-A206-097BDDF83B08"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1280_v6:-:*:*:*:*:*:*:*","matchCriteriaId":"B7193E85-30BE-42D5-A26B-3F88817F3574"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1281_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"446E8515-45FC-4B8B-8D12-60643D64C07F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1285_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"EBBDF6B2-D388-4639-87D8-064AA3F6B6FC"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1285_v4:-:*:*:*:*:*:*:*","matchCriteriaId":"00AAB8B6-B614-4EAA-BA90-C5326CB5D07A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1285_v6:-:*:*:*:*:*:*:*","matchCriteriaId":"2A371DF9-E224-404F-99C2-C2A4607E62D8"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1285l_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"0F40E356-365D-44B7-8C38-A0C89DDD6D3E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1285l_v4:-:*:*:*:*:*:*:*","matchCriteriaId":"A3132029-89F8-4359-A0DC-A275785266A1"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1286_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"B02F5685-0636-48AB-B222-434CA1F3B336"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1286l_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"E51FDD60-88E5-4A86-BB8E-4C2D7EDEFA03"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1290:-:*:*:*:*:*:*:*","matchCriteriaId":"3ED4693C-DECF-4434-90C0-56158F102E7E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1290_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"BB408A6B-0842-43DA-9180-B0A299FCBCE6"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1501l_v6:-:*:*:*:*:*:*:*","matchCriteriaId":"6215EBAC-7C75-4647-9970-482120897F1F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1501m_v6:-:*:*:*:*:*:*:*","matchCriteriaId":"3357FCAC-B6C4-4E3E-A40B-AB5084A7F9B2"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1505l_v5:-:*:*:*:*:*:*:*","matchCriteriaId":"3B1BD2B6-1AF6-4AD4-94FA-94B453A21908"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1505l_v6:-:*:*:*:*:*:*:*","matchCriteriaId":"8D1FD6E8-80EC-461F-9ED1-CE5912399E80"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1505m_v5:-:*:*:*:*:*:*:*","matchCriteriaId":"E96F585E-BDEF-45EE-B0AB-94FE23753AC5"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2650l_v4:*:*:*:*:*:*:*","matchCriteriaId":"3279C067-3058-4D46-A739-05404FD0E9B5"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2658:*:*:*:*:*:*:*","matchCriteriaId":"DB4DF0A7-8BC2-48AE-9036-FED6EEC57DF3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2658_v2:*:*:*:*:*:*:*","matchCriteriaId":"C0855225-F501-486A-BD03-2A86FD252B5A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2658_v3:*:*:*:*:*:*:*","matchCriteriaId":"214C7B0C-C438-4000-9F9B-6D83294243AA"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2658_v4:*:*:*:*:*:*:*","matchCriteriaId":"4C91AA2E-4BB2-49C8-9364-4E363DF42CB0"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2658a_v3:*:*:*:*:*:*:*","matchCriteriaId":"DA26781F-5A1C-4DA5-835E-D984D697F22B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2660:*:*:*:*:*:*:*","matchCriteriaId":"2EEA4222-F25D-4457-80AA-6D05CA918D68"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2660_v2:*:*:*:*:*:*:*","matchCriteriaId":"9F3E60D1-5CF9-4F96-9EDB-D87F8CF57272"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2660_v3:*:*:*:*:*:*:*","matchCriteriaId":"F4D321BC-6B1D-4C71-8E16-5A1319CEFD6C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2660_v4:*:*:*:*:*:*:*","matchCriteriaId":"6777AC35-9D1F-4153-94AC-B25627D730E6"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2665:*:*:*:*:*:*:*","matchCriteriaId":"A5F063F4-8994-4E46-BA7B-A12A112009BD"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2667:*:*:*:*:*:*:*","matchCriteriaId":"4D6F2DE5-AF11-439A-8D37-30CB882ECD58"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2667_v2:*:*:*:*:*:*:*","matchCriteriaId":"E213DD86-5419-42C8-BF38-7795DDB3C582"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2667_v3:*:*:*:*:*:*:*","matchCriteriaId":"A972291E-5231-439D-873B-2F87BCAF800A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2667_v4:*:*:*:*:*:*:*","matchCriteriaId":"C089CC54-3229-43D7-AA15-73CFA1A43EE3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2670:*:*:*:*:*:*:*","matchCriteriaId":"EF268D83-C15D-4559-A46F-844E1D9264F0"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2670_v2:*:*:*:*:*:*:*","matchCriteriaId":"CFE97C0D-3EA1-4314-A74A-7845C7778FB7"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2670_v3:*:*:*:*:*:*:*","matchCriteriaId":"34293F29-F327-4ADD-BF62-78F63F79BB96"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2680:*:*:*:*:*:*:*","matchCriteriaId":"528C0A46-1CC4-4882-985A-0BB41525BC6B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2680_v2:*:*:*:*:*:*:*","matchCriteriaId":"643F3522-A452-4927-944D-532574EC4243"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2680_v3:*:*:*:*:*:*:*","matchCriteriaId":"58F40B78-4DBA-44EE-8420-086789EFF53D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2680_v4:*:*:*:*:*:*:*","matchCriteriaId":"423BFD8F-4B50-43DA-9979-75FD18FBC953"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2683_v3:*:*:*:*:*:*:*","matchCriteriaId":"8BAD4A68-0481-476F-BBBD-3D515331368C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2683_v4:*:*:*:*:*:*:*","matchCriteriaId":"838CEB7C-7C4C-416C-86CE-6E8DD47EF25B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2687w:*:*:*:*:*:*:*","matchCriteriaId":"CC7D021F-3C97-45B3-B1F7-0AC26959F22B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2687w_v2:*:*:*:*:*:*:*","matchCriteriaId":"4A31AEF3-448D-417B-9589-4BA0A06F2FE8"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2687w_v3:*:*:*:*:*:*:*","matchCriteriaId":"F7A1D96F-7FFD-413F-ABCE-4530C3D63040"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2687w_v4:*:*:*:*:*:*:*","matchCriteriaId":"FDB2B08B-D3C7-4B82-B170-471D6CDEFAE5"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2690:*:*:*:*:*:*:*","matchCriteriaId":"4B8343FE-1320-40AE-A37F-70EF1A4AC4B7"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2690_v2:*:*:*:*:*:*:*","matchCriteriaId":"CD42BA5A-7DA0-409D-8685-E43CF9B61D9F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2690_v3:*:*:*:*:*:*:*","matchCriteriaId":"A5FF80E9-CF28-4EF6-9CFE-4B500A434674"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2690_v4:*:*:*:*:*:*:*","matchCriteriaId":"7896A6C6-5918-4C27-85AF-6FEEFC7F8FD6"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2695_v2:*:*:*:*:*:*:*","matchCriteriaId":"647B77A4-2F49-4989-AF43-961D69037370"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2695_v3:*:*:*:*:*:*:*","matchCriteriaId":"805B1E33-F279-4303-9DF3-C81039A40C1C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2695_v4:*:*:*:*:*:*:*","matchCriteriaId":"B971EA9E-AE5C-4A1D-AD55-8241F7B38C9C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2697_v2:*:*:*:*:*:*:*","matchCriteriaId":"DE7E0AAE-6539-4024-9055-BE0BAD702143"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2697_v3:*:*:*:*:*:*:*","matchCriteriaId":"7F1A8828-0765-4799-AD6C-143F45FAAD23"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2697_v4:*:*:*:*:*:*:*","matchCriteriaId":"12D34618-1CCA-405B-A49C-EB384A09C2C6"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2697a_v4:*:*:*:*:*:*:*","matchCriteriaId":"575D6061-66BC-4862-BC84-ECD82D436E2A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2698_v3:*:*:*:*:*:*:*","matchCriteriaId":"56B6EE64-1AD4-46B2-BA65-BB6282E56EB0"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2698_v4:*:*:*:*:*:*:*","matchCriteriaId":"11650B45-0BDA-42BF-AEF3-83B48DD6A71D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2699_v3:*:*:*:*:*:*:*","matchCriteriaId":"BD3C92BA-827B-48AF-BBB3-FB60A9053C22"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2699_v4:*:*:*:*:*:*:*","matchCriteriaId":"AC097E24-F6C9-40D9-95E9-7EFDFA61AFF5"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2699a_v4:*:*:*:*:*:*:*","matchCriteriaId":"5EB44CA7-DFE6-4B1A-9A63-97AE30017E49"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2699r_v4:*:*:*:*:*:*:*","matchCriteriaId":"4B305EFA-6226-412C-90EE-F0691F2DDDE0"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4603:*:*:*:*:*:*:*","matchCriteriaId":"7F3874FA-63CB-4B5D-8B64-CE920320A4E6"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4603_v2:*:*:*:*:*:*:*","matchCriteriaId":"0800ED17-50E4-43F3-B46C-591DFA818BA5"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4607:*:*:*:*:*:*:*","matchCriteriaId":"A46B0405-F301-4209-8766-6E12EAFAD157"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4607_v2:*:*:*:*:*:*:*","matchCriteriaId":"F99F9F1F-A967-4884-96CF-4488102DC0A2"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4610:*:*:*:*:*:*:*","matchCriteriaId":"DA9B37AD-4599-425B-B39F-E571F4975266"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4610_v2:*:*:*:*:*:*:*","matchCriteriaId":"C5A5F1CF-A1E6-45F1-8B09-36566778DB57"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4610_v3:*:*:*:*:*:*:*","matchCriteriaId":"698C8A49-888B-4675-B3B0-25EDE2FD515E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4610_v4:*:*:*:*:*:*:*","matchCriteriaId":"70D98F97-8EF4-48B5-84BE-C3CC27031FDA"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4617:*:*:*:*:*:*:*","matchCriteriaId":"B473D1FA-909B-492E-9C5B-94B0E20E1C0E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4620:*:*:*:*:*:*:*","matchCriteriaId":"BFD5EA7E-322E-4CE6-89D4-7DB1055C9034"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4620_v2:*:*:*:*:*:*:*","matchCriteriaId":"67836379-4E1A-45CD-9506-7D3F612E47C8"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4620_v3:*:*:*:*:*:*:*","matchCriteriaId":"5B1BBC61-8664-4452-93A7-DDB4D2E4C802"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4620_v4:*:*:*:*:*:*:*","matchCriteriaId":"C4F1B50C-FC5F-47F4-87BC-60E1BD3DD1F2"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4624l_v2:*:*:*:*:*:*:*","matchCriteriaId":"044F0375-DF2F-4D9B-AD7E-473D34165E8C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4627_v2:*:*:*:*:*:*:*","matchCriteriaId":"2CEE9B72-5C4C-40C0-A8A7-9DF11655DA43"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4627_v3:*:*:*:*:*:*:*","matchCriteriaId":"4A0655CA-A88C-4632-9A18-560E3F63B2F7"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4627_v4:*:*:*:*:*:*:*","matchCriteriaId":"8C1454DD-DA51-4CBC-8BB2-09D5AB5777DB"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4628l_v4:*:*:*:*:*:*:*","matchCriteriaId":"C6965851-3B29-4C21-9556-97FD731EAA85"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4640:*:*:*:*:*:*:*","matchCriteriaId":"52984FD2-44E0-4E91-B290-0376737EEF6F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4640_v2:*:*:*:*:*:*:*","matchCriteriaId":"4C5D92E2-E718-4247-BA5D-DFE86C0F6AAE"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4640_v3:*:*:*:*:*:*:*","matchCriteriaId":"DF933366-7503-4F8D-B7AA-F6A16210EC37"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4640_v4:*:*:*:*:*:*:*","matchCriteriaId":"4E2DAF5D-5BB7-49C6-8426-8B547505B6FC"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4648_v3:*:*:*:*:*:*:*","matchCriteriaId":"3EABB21D-D021-434B-B147-CAF687097A5B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4650:*:*:*:*:*:*:*","matchCriteriaId":"7609424D-95F1-4493-A20C-B1BA4EC6439D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4650_v2:*:*:*:*:*:*:*","matchCriteriaId":"966DC636-C802-4D9F-8162-652AFB931203"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4650_v3:*:*:*:*:*:*:*","matchCriteriaId":"A75794EB-A5AF-43F0-985F-D9E36F04C6D4"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4650_v4:*:*:*:*:*:*:*","matchCriteriaId":"31C2CFF0-98FD-4A0D-8949-D554B2FE53D4"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4650l:*:*:*:*:*:*:*","matchCriteriaId":"05F9217F-5028-4659-AA8E-F60548DE4D52"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4655_v3:*:*:*:*:*:*:*","matchCriteriaId":"4AC769DC-CF2E-4A3C-A610-264F024E6279"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4655_v4:*:*:*:*:*:*:*","matchCriteriaId":"9B2B1CBF-D155-49BC-81A4-4172F177A5C2"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4657l_v2:*:*:*:*:*:*:*","matchCriteriaId":"370B2B32-519E-4373-8A04-5C5025D688BB"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4660_v3:*:*:*:*:*:*:*","matchCriteriaId":"83D9B562-C279-4A55-A347-F28FC4F9CD12"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4660_v4:*:*:*:*:*:*:*","matchCriteriaId":"2A8C2BA0-48A8-4107-8681-A7C34C553D8C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4667_v3:*:*:*:*:*:*:*","matchCriteriaId":"B1B009DE-A82F-4569-9B42-EC1EC4DA8A40"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4667_v4:*:*:*:*:*:*:*","matchCriteriaId":"683B6E83-37FF-4F9B-915F-059EBB29DB53"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4669_v3:*:*:*:*:*:*:*","matchCriteriaId":"E218718F-4BE6-48B0-A204-9DD4A932A654"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4669_v4:*:*:*:*:*:*:*","matchCriteriaId":"FB0AB327-B60A-473C-9D36-97766EE62D7D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_1428l:-:*:*:*:*:*:*:*","matchCriteriaId":"3DA249EE-4786-4E27-8787-5E8B88C2AEB9"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_1428l_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"CEBD0529-1CF3-44E5-85B3-19A3323C9493"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_1428l_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"D664EE97-07EC-410F-94C3-AEAB2C6A627D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_1620:-:*:*:*:*:*:*:*","matchCriteriaId":"D31DB981-03B1-4A84-8D87-CD407C3C149F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_1620_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"0CBD155D-89D9-4677-A621-4D7613BE65C6"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_1620_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"D02BD0D4-FFFD-4355-97D8-170362F10B9F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_1620_v4:-:*:*:*:*:*:*:*","matchCriteriaId":"6635781A-2651-4EF2-A5AC-AEEEE63FDE6D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_1630_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"8DCE6930-760A-48C0-B964-1E3ED6A8517C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_1630_v4:-:*:*:*:*:*:*:*","matchCriteriaId":"9E52DE90-DF96-4CE7-B8D1-226BA50E4D09"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_1650:-:*:*:*:*:*:*:*","matchCriteriaId":"C8EB40E7-9B91-4106-B303-2B70AF395BFA"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_1650_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"EAB0D5CD-8AF3-409D-96A7-718641D4B90D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_1650_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"6E420B0B-0CD5-41C7-B25A-3DB856055F9E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_1650_v4:-:*:*:*:*:*:*:*","matchCriteriaId":"8B0C295B-0D63-4BE7-830D-D927E00C301C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_1660:-:*:*:*:*:*:*:*","matchCriteriaId":"605C340D-2220-4669-B827-9009CB099E8B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_1660_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"8791879D-2908-4F57-8DB3-6D24100A9108"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_1660_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"CEBEDBBA-0427-4DE0-BA8D-737DE7DF80E6"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_1660_v4:-:*:*:*:*:*:*:*","matchCriteriaId":"E823DC5B-98BE-4656-BFBF-3A7018F8F213"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_1680_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"64E8D558-ADE0-4358-9C76-7BD77BF23AA1"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_1680_v4:-:*:*:*:*:*:*:*","matchCriteriaId":"7973B3D0-F244-4E26-88F5-A2D9BF2E4503"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2403:-:*:*:*:*:*:*:*","matchCriteriaId":"68E6BAB9-CBA4-4362-BC82-00D2C5CC6FB4"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2403_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"CD3F4BFF-3CBE-4E4B-8B29-B203F99CFD8A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2407:-:*:*:*:*:*:*:*","matchCriteriaId":"3F5CB567-4F86-4466-BE4D-BFF557ACAE0A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2407_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"8A52611B-6583-4660-90D7-C9472728072B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2408l_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"E80C6E89-B57C-47BB-8B95-50C03DFB3B96"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2418l:-:*:*:*:*:*:*:*","matchCriteriaId":"A9AB685B-FEE1-41EF-A046-1B34619E12A1"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2418l_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"DB9F6724-967A-4AF0-9896-12BF6164B2CB"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2418l_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"FC1116BF-12D7-47CC-98DB-18B200CF9C16"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2420:-:*:*:*:*:*:*:*","matchCriteriaId":"9FBB28DE-726B-4AF0-88A5-35987E1E648B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2420_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"5EA1DB22-8FBF-4CF6-AA96-5B68EE28877D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2428l:-:*:*:*:*:*:*:*","matchCriteriaId":"1880E2B8-5E0E-4603-8D17-3ABA43D28179"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2428l_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"2FAFBB92-1917-4238-832B-195FBE418271"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2428l_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"91DFDF3F-9A3F-42B8-99A1-A3F76B198358"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2430:-:*:*:*:*:*:*:*","matchCriteriaId":"8778F972-BF34-482F-9FA7-71A77F6138E1"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2430_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"8F288BB0-FE7A-4900-B227-BE80E4F4AADF"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2430l:-:*:*:*:*:*:*:*","matchCriteriaId":"3A8DC53A-90C6-47FE-89F1-A1FE8B1C07A9"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2430l_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"57E16338-A094-4CA9-B77F-6FE42D3B422C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2438l_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"4E07AB33-5351-487D-9602-495489C7C0B8"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2440:-:*:*:*:*:*:*:*","matchCriteriaId":"22115ED6-1707-4840-B0D1-AD36BC0C75A8"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2440_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"C7C633BC-831F-4CB7-9D62-16693444B216"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2448l:-:*:*:*:*:*:*:*","matchCriteriaId":"9CF5EE7E-F41B-44EC-9F69-7963B1BF1FB0"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2448l_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"6DD501E1-E78F-44C6-8A13-C29337B07EBE"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2450:-:*:*:*:*:*:*:*","matchCriteriaId":"9085BA0B-B7E2-4908-90C0-B4183891C718"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2450_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"F2267CB8-0EE9-4DBD-AD5F-8A13BB62673C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2450l:-:*:*:*:*:*:*:*","matchCriteriaId":"81971C2F-137A-4F11-8C93-3B99D4CD1B58"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2450l_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"98E0BDAC-398E-406B-B2DB-AE049D6E98B1"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2470:-:*:*:*:*:*:*:*","matchCriteriaId":"FCB66D7E-B465-4A8B-8CBD-7E93CCA2CD6F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2470_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"86AFDE6C-DE58-4C4D-882E-474EF6C3D934"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2603:-:*:*:*:*:*:*:*","matchCriteriaId":"950C6BF9-AA47-4287-AC01-D183237490FA"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2603_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"2355181D-D8EE-4F80-8280-13D5CBCF4779"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2603_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"5209343F-66B0-4DC0-9111-E2E64CFF7409"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2603_v4:-:*:*:*:*:*:*:*","matchCriteriaId":"720109A6-B79E-48E1-9AE7-7708B154788E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2608l_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"82FF0DBD-AE13-4232-80F7-F4C2E2CC9721"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2608l_v4:-:*:*:*:*:*:*:*","matchCriteriaId":"E5E944ED-8C02-46B8-BF95-0CE4C352753B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2609:-:*:*:*:*:*:*:*","matchCriteriaId":"77AEA3D1-4846-46E2-9B80-20B19F00DC11"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2609_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"1576978F-E93D-4A47-90B6-6A4E3A7DE558"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2609_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"0D339FE5-001F-4005-88A5-CFFE37F9B63E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2609_v4:-:*:*:*:*:*:*:*","matchCriteriaId":"1BDABA86-497E-497E-A5BA-46F913A4840A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2618l_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"DD886F4C-DB6F-4DDD-9807-8BCBB625C226"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2618l_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"9E16912A-7F6A-4A2B-B70F-D1FCD34BC7DB"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2618l_v4:-:*:*:*:*:*:*:*","matchCriteriaId":"F4C454B7-E5F4-4AAE-B577-FD71FA002C8A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2620:-:*:*:*:*:*:*:*","matchCriteriaId":"38BE2781-3A06-4D62-AC8B-68B721DA526B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2620_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"E9AE4EA5-B8C8-4AE2-9614-F9DBDB4D79DC"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2620_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"2DA23772-2EB8-4BEE-8703-26D967EC4503"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2620_v4:-:*:*:*:*:*:*:*","matchCriteriaId":"72DC766A-B1F9-4B83-9F9B-CF603EE476BD"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2623_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"EA594740-43C5-4F42-BA5B-00CA8AE7BB60"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2623_v4:-:*:*:*:*:*:*:*","matchCriteriaId":"572B16E2-8118-43A0-9A80-5D96831D55FD"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2628l_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"9FB5C551-BADC-4A3A-93E5-2EBCA0704C51"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2628l_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"5383B7A3-1569-4FEB-B299-B87CE8C8A87B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2628l_v4:-:*:*:*:*:*:*:*","matchCriteriaId":"A05BBDE0-6C47-4489-9455-7DA7D230ECA1"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2630:-:*:*:*:*:*:*:*","matchCriteriaId":"1789AA69-EA31-44D1-82E6-228E48E18586"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2630_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"B4A7D5FF-3B1F-4C64-BB81-7A349765520D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2630_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"D93A92E9-C8D2-4F6E-A5CA-E8AFFEEC7E13"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2630_v4:-:*:*:*:*:*:*:*","matchCriteriaId":"0F0498B3-393A-4C32-B338-E6014B956755"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2630l:-:*:*:*:*:*:*:*","matchCriteriaId":"C451F752-6869-4AFA-BAE5-5C9A54427BF2"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2630l_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"83710FD1-099B-436D-9640-061D515E10BA"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2630l_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"517B71CE-6156-40E1-B068-A2B733E205E3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2630l_v4:-:*:*:*:*:*:*:*","matchCriteriaId":"11DEEEE5-5055-4CE1-962C-C5F075F4CC02"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2637:-:*:*:*:*:*:*:*","matchCriteriaId":"8718DDAB-3208-48CF-9BCE-54DA1257C16A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2637_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"FE1AA901-E822-4240-9D82-C9311E4F87B2"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2637_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"C1CDE3DF-8E79-4997-94EB-B517FFCAE55C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2637_v4:-:*:*:*:*:*:*:*","matchCriteriaId":"12A0DE13-EB0B-493B-BC84-3AEB3D454776"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2640:-:*:*:*:*:*:*:*","matchCriteriaId":"1727697B-1F59-4E29-B036-C32E9076C523"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2640_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"E69E827C-C0D0-46C7-913A-1C1E02CEAACE"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2640_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"2528F3F9-34DC-41DA-8926-382CB3EF5560"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2640_v4:-:*:*:*:*:*:*:*","matchCriteriaId":"E452C262-5A8D-4D97-BC7F-A4F5FF53A659"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2643:-:*:*:*:*:*:*:*","matchCriteriaId":"9D57BF69-D750-4278-98AA-976B0D28E347"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2643_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"76ADAE30-6CAD-4F5B-B6F7-C18953144C63"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2643_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"8A25D792-E21D-43EE-8B9D-67DE066DE5DE"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2643_v4:-:*:*:*:*:*:*:*","matchCriteriaId":"2C669783-C058-4B4F-BB9A-84B2C4682247"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2648l:-:*:*:*:*:*:*:*","matchCriteriaId":"159B088B-9A85-4CAA-854A-AA080E528F95"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2648l_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"FBE74A94-FE8F-4749-A35A-AB7D57E24913"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2648l_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"990AC341-0E67-4A81-87E9-EE3EFD9E847E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2648l_v4:-:*:*:*:*:*:*:*","matchCriteriaId":"53BC18B0-58F1-4477-9978-CA7383C197FB"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2650:-:*:*:*:*:*:*:*","matchCriteriaId":"474992FB-842D-4661-A565-44AF2CD78693"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2650_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"476E1B79-5342-4895-96D7-E97DFC1F5334"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2650_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"EBD318D5-89A6-4E28-939C-C5B61396806B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2650_v4:-:*:*:*:*:*:*:*","matchCriteriaId":"981AD3FF-1D14-4ECD-8B6F-BCEB7F2409AF"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2650l:-:*:*:*:*:*:*:*","matchCriteriaId":"A32C7E89-32ED-4328-9313-FA7D3DDBDC58"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2650l_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"2792EED8-2CBD-478E-BC09-05FE830B3147"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2650l_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"97B1AF2F-6E48-4DBD-A60E-3088CA4C3771"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:2803:*:*:*:*:*:*:*","matchCriteriaId":"34E1691D-65B3-45E4-A544-8B29E38D569D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:2820:*:*:*:*:*:*:*","matchCriteriaId":"E42F2703-B8AB-410E-AF7B-CD0BE777F061"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:2830:*:*:*:*:*:*:*","matchCriteriaId":"31244C94-00A3-499C-A91A-1BEF2FB0E6B9"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:2850:*:*:*:*:*:*:*","matchCriteriaId":"878FF6E8-8A6D-44CE-9DD1-2C912AB8A193"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:2850_v2:*:*:*:*:*:*:*","matchCriteriaId":"5078A95B-2BD8-4A37-A356-F53D1A53CB37"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:2860:*:*:*:*:*:*:*","matchCriteriaId":"0BFE67CD-DE53-4C4E-8245-35902AEFA6E8"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:2870:*:*:*:*:*:*:*","matchCriteriaId":"9F231D31-3AAD-4C5D-A225-D2DF94486718"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:2870_v2:*:*:*:*:*:*:*","matchCriteriaId":"5998DF5D-E785-45EC-B8D0-1F4EC4F96D50"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:2880_v2:*:*:*:*:*:*:*","matchCriteriaId":"EADFD013-0BFB-427C-98E6-F9E4774DCBC9"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:2890_v2:*:*:*:*:*:*:*","matchCriteriaId":"58620B10-FEA6-456D-B6B5-2745F5DBE82D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:4807:*:*:*:*:*:*:*","matchCriteriaId":"E8F698B1-D9CF-4FE5-933D-EFCEA3056E3D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:4809_v2:*:*:*:*:*:*:*","matchCriteriaId":"4858A1F0-97F2-4258-AB98-027BF1EC5117"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:4809_v3:*:*:*:*:*:*:*","matchCriteriaId":"3C961A8B-EAFD-4F66-9432-BCC0D154ECCE"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:4809_v4:*:*:*:*:*:*:*","matchCriteriaId":"052DE6CD-A1E7-4E81-B476-66EF451061C4"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:4820:*:*:*:*:*:*:*","matchCriteriaId":"3BE1AE1E-6FC0-41D8-857C-C5A99CAF5823"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:4820_v2:*:*:*:*:*:*:*","matchCriteriaId":"751B3AC8-D45E-46B6-83D5-311B693F3C0D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:4820_v3:*:*:*:*:*:*:*","matchCriteriaId":"9588277A-0B97-4408-9CF7-11271CDAADD6"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:4820_v4:*:*:*:*:*:*:*","matchCriteriaId":"479FE854-85E5-4ED0-BFAF-2618C9053082"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:4830:*:*:*:*:*:*:*","matchCriteriaId":"E048B9BF-77C8-49F7-9F2D-9999F79BA264"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:4830_v2:*:*:*:*:*:*:*","matchCriteriaId":"6CD16D4D-E816-486D-96F4-5A2BF75B959F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:4830_v3:*:*:*:*:*:*:*","matchCriteriaId":"169C558E-1A83-47D5-A66B-035BD1DD56FF"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:4830_v4:*:*:*:*:*:*:*","matchCriteriaId":"D683E509-3FB2-4175-BCAB-4EB1B5C04958"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:4850:*:*:*:*:*:*:*","matchCriteriaId":"6FCFA915-5445-4732-9F8F-D7561BA4177F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:4850_v2:*:*:*:*:*:*:*","matchCriteriaId":"63A9FD98-C22D-48F6-87A1-60791C818A1E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:4850_v3:*:*:*:*:*:*:*","matchCriteriaId":"85F99F24-1783-4E6E-BE61-04C2E80356ED"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:4850_v4:*:*:*:*:*:*:*","matchCriteriaId":"74CC7EB9-3F59-4C0A-B3A1-984BCCFB25BD"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:4860:*:*:*:*:*:*:*","matchCriteriaId":"85289E4C-C813-4677-867D-EE8E98F4A1A3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:4860_v2:*:*:*:*:*:*:*","matchCriteriaId":"27C8150F-BEFA-406D-9F0D-E7CB187E26AB"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:4870:*:*:*:*:*:*:*","matchCriteriaId":"1E807F90-819F-4103-B1F7-4CE46971BD63"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:4870_v2:*:*:*:*:*:*:*","matchCriteriaId":"CD93203F-71B9-4F87-B5D8-FD273451C8A2"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:4880_v2:*:*:*:*:*:*:*","matchCriteriaId":"1E652C74-C48D-4F29-9E85-09325632443F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:4890_v2:*:*:*:*:*:*:*","matchCriteriaId":"99158191-3013-4182-8A53-5DFCA1E2C60A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:8830:*:*:*:*:*:*:*","matchCriteriaId":"F7E39A3E-7EAE-47C9-930B-58A980B73FC5"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:8837:*:*:*:*:*:*:*","matchCriteriaId":"FFDA54BA-C00D-4890-9B7F-328257607B21"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:8850:*:*:*:*:*:*:*","matchCriteriaId":"1F5EFB1E-334C-4B55-8E2E-6AE19B34774D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:8850_v2:*:*:*:*:*:*:*","matchCriteriaId":"B8260DCA-2F0C-45F7-B35F-D489AF5639F2"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:8857_v2:*:*:*:*:*:*:*","matchCriteriaId":"7778F81B-6D05-4666-B1D4-53DB0EC16858"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:8860:*:*:*:*:*:*:*","matchCriteriaId":"5DC6706A-61F7-4AA0-B2FF-0FFDF739A644"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:8860_v3:*:*:*:*:*:*:*","matchCriteriaId":"7EF1B16B-02F2-4ECA-938E-B5CDCFC67816"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:8860_v4:*:*:*:*:*:*:*","matchCriteriaId":"3C5501D8-1B0D-4F5A-AFD7-C63181D3281F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:8867_v3:*:*:*:*:*:*:*","matchCriteriaId":"1751F0CE-A0D3-40E2-8EEC-D31141FE33A8"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:8867_v4:*:*:*:*:*:*:*","matchCriteriaId":"5FF9AFA7-BBE8-4229-94CB-5A9596728BA5"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:8867l:*:*:*:*:*:*:*","matchCriteriaId":"E23A777F-68A4-4217-A75A-4D8A27E6451A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:8870:*:*:*:*:*:*:*","matchCriteriaId":"2CA27DFB-CDD1-4F52-86B3-DB2320A9C7B2"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:8870_v2:*:*:*:*:*:*:*","matchCriteriaId":"392A4337-11F6-4980-A138-4FDBCAD0EBA4"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:8870_v3:*:*:*:*:*:*:*","matchCriteriaId":"E2E9BB67-F1FF-4190-889F-78B965CCE934"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:8870_v4:*:*:*:*:*:*:*","matchCriteriaId":"F4185A70-5D10-448E-A9AB-AA9D5CDF0FF8"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:8880_v2:*:*:*:*:*:*:*","matchCriteriaId":"35607317-0928-4297-A33E-D44BEE1BBEC9"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:8880_v3:*:*:*:*:*:*:*","matchCriteriaId":"D48323B1-7FEB-451F-A064-23E7CE7F6403"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:8880_v4:*:*:*:*:*:*:*","matchCriteriaId":"29EF4E8A-EF37-4DCC-B5D4-DA89AF31DD18"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:8880l_v2:*:*:*:*:*:*:*","matchCriteriaId":"F5763189-7980-4A72-92C9-1908FE9E15EF"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:8880l_v3:*:*:*:*:*:*:*","matchCriteriaId":"C53ACD49-DA21-4DDE-A0AA-FCCD59D29886"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:8890_v2:*:*:*:*:*:*:*","matchCriteriaId":"4326D350-EBC2-48E6-A2C6-0499F6826CEE"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:8890_v3:*:*:*:*:*:*:*","matchCriteriaId":"8594E6FE-B6DB-4343-B3DD-AEC19923DAF9"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:8890_v4:*:*:*:*:*:*:*","matchCriteriaId":"5BCADA00-E453-414D-9933-FCB43D21BBC3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:8891_v2:*:*:*:*:*:*:*","matchCriteriaId":"E62212D9-F707-4A8E-AB2A-A3985E7A4049"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:8891_v3:*:*:*:*:*:*:*","matchCriteriaId":"561755A8-8AAD-4F41-8266-747EFDAF2D55"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:8891_v4:*:*:*:*:*:*:*","matchCriteriaId":"E6F4BB0F-DAF4-479B-B78A-7929C151AA1B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:8893_v2:*:*:*:*:*:*:*","matchCriteriaId":"A207312E-1D35-4464-A111-22C4C793E146"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:8893_v3:*:*:*:*:*:*:*","matchCriteriaId":"E9B16E32-07D5-445B-BAA5-4E4A0881BFC1"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:8893_v4:*:*:*:*:*:*:*","matchCriteriaId":"7CF08F6B-2ECB-414C-82D7-C06085BF8B10"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:8894_v4:*:*:*:*:*:*:*","matchCriteriaId":"21032BE3-74D8-4C3F-B461-158F475B6853"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_gold:5115:*:*:*:*:*:*:*","matchCriteriaId":"2F9AC992-59B7-44EE-9FF3-567AC48938AA"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_gold:5118:*:*:*:*:*:*:*","matchCriteriaId":"B44B3BFF-649A-4C1E-9564-EFA007FA2BD5"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_gold:5119t:*:*:*:*:*:*:*","matchCriteriaId":"C04EDD71-15B3-4085-828C-BB7A43DBDCC0"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_gold:5120:*:*:*:*:*:*:*","matchCriteriaId":"CC1BA7AC-989B-4093-841A-C6D5978BF17F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_gold:5120t:*:*:*:*:*:*:*","matchCriteriaId":"1874F848-B15B-4369-A164-5FA11D2B9AFE"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_gold:5122:*:*:*:*:*:*:*","matchCriteriaId":"9E46F934-9765-43ED-88A7-A4778C99A976"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_gold:6126:*:*:*:*:*:*:*","matchCriteriaId":"380A8F4F-7D1F-4F79-B555-E5AE18EF9F5F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_gold:6126f:*:*:*:*:*:*:*","matchCriteriaId":"E8D5217E-9520-4FDB-9330-C8DC2CDDAA70"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_gold:6126t:*:*:*:*:*:*:*","matchCriteriaId":"B206674F-1A34-470B-820C-05F9C37792CF"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_gold:6128:*:*:*:*:*:*:*","matchCriteriaId":"63AE2051-9F8E-4477-8E1E-38A1E06AD247"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_gold:6130:*:*:*:*:*:*:*","matchCriteriaId":"6B39281F-990C-4AA3-9287-CCB5BA7E8AC8"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_gold:6130f:*:*:*:*:*:*:*","matchCriteriaId":"3EDC0FCF-BD22-42AD-8044-9A64215B91CA"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_gold:6130t:*:*:*:*:*:*:*","matchCriteriaId":"7E0ED8AA-56D8-4CB6-A765-706BE87C9E30"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_gold:6132:*:*:*:*:*:*:*","matchCriteriaId":"AA890C07-7940-4DF4-96FB-8F71A2EFE5C0"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_gold:6134:*:*:*:*:*:*:*","matchCriteriaId":"E95A34F0-0B74-4031-BC9E-CBC93665BE68"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_gold:6134m:*:*:*:*:*:*:*","matchCriteriaId":"4CD3CF38-0DDD-4C1C-B420-4DE0B1C932CF"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_gold:6136:*:*:*:*:*:*:*","matchCriteriaId":"0BB22DF7-15CE-4340-A05F-BD39FCA41F50"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_gold:6138:*:*:*:*:*:*:*","matchCriteriaId":"7BA72DC8-2E4E-453A-A3FB-20F31D32B973"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_gold:6138f:*:*:*:*:*:*:*","matchCriteriaId":"758E45B6-7C7A-432D-891D-CB99077AE3B5"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_gold:6138t:*:*:*:*:*:*:*","matchCriteriaId":"06B3CDFF-B055-4BB4-98FB-DFF4B2E63A29"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_gold:6140:*:*:*:*:*:*:*","matchCriteriaId":"26D7A401-BCE1-4673-93C9-67F009B75A39"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_gold:6140m:*:*:*:*:*:*:*","matchCriteriaId":"6E62119B-2A65-4473-B570-F118614B0ED6"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_gold:6142:*:*:*:*:*:*:*","matchCriteriaId":"5E5319E0-909C-4688-AAA6-6A0B5D19FFDF"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_gold:6142f:*:*:*:*:*:*:*","matchCriteriaId":"8F83F9F9-D2DB-4D40-AD61-29E66B050B45"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_gold:6142m:*:*:*:*:*:*:*","matchCriteriaId":"91BE6238-312E-4CF7-9E74-48CB5603B0FF"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_gold:6144:*:*:*:*:*:*:*","matchCriteriaId":"AC09EB6D-7FAC-4B61-83A5-B0DC18D54EB3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_gold:6146:*:*:*:*:*:*:*","matchCriteriaId":"33BA1BE0-0A78-4E94-A619-35735C913180"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_gold:6148:*:*:*:*:*:*:*","matchCriteriaId":"3FDD838C-8037-49E1-BAB4-C1D7D29BB9D5"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_gold:6148f:*:*:*:*:*:*:*","matchCriteriaId":"24CA40FE-80C5-4A20-8219-CEF51F3162FD"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_gold:6150:*:*:*:*:*:*:*","matchCriteriaId":"B10305C5-0C2C-48B7-A0AD-2B24AD722EBC"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_gold:6152:*:*:*:*:*:*:*","matchCriteriaId":"33E8F127-6EAE-4302-BD52-7C3FCCA307D4"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_gold:6154:*:*:*:*:*:*:*","matchCriteriaId":"8D675EA9-33E7-45ED-B6A9-7117AD2FEE26"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_phi:7210:*:*:*:*:*:*:*","matchCriteriaId":"F6E468FE-73BE-4B20-B774-58EC7CD20CDB"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_phi:7210f:*:*:*:*:*:*:*","matchCriteriaId":"0FF6B19B-7D45-44B3-8524-407253B93EEE"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_phi:7230:*:*:*:*:*:*:*","matchCriteriaId":"2B803FAD-E54D-49FE-A078-029B8FFBBB98"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_phi:7230f:*:*:*:*:*:*:*","matchCriteriaId":"CC511505-ED67-45B4-B76C-56AB750C4408"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_phi:7235:*:*:*:*:*:*:*","matchCriteriaId":"A430C232-79EB-4264-AE24-41D4A2A5D990"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_phi:7250:*:*:*:*:*:*:*","matchCriteriaId":"3A9E3D4B-A3DF-4858-8C64-0316B6E57435"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_phi:7250f:*:*:*:*:*:*:*","matchCriteriaId":"19108672-E1AA-41CC-B86C-061D3721C8B8"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_phi:7285:*:*:*:*:*:*:*","matchCriteriaId":"200D36CF-AEDE-4183-8C54-748E6E5A3218"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_phi:7290:*:*:*:*:*:*:*","matchCriteriaId":"4CF13A44-5163-4282-8EE8-7DC05499B5E0"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_phi:7290f:*:*:*:*:*:*:*","matchCriteriaId":"827C12CE-D87D-489D-ABA7-BE0405EC33D4"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_phi:7295:*:*:*:*:*:*:*","matchCriteriaId":"16AA78F7-520B-4FFC-838C-DC74FEE8E13F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_platinum:8153:*:*:*:*:*:*:*","matchCriteriaId":"8CB2949C-4699-49EF-83EB-31199E0CE2DF"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_platinum:8156:*:*:*:*:*:*:*","matchCriteriaId":"66C169DC-EEFE-4DE6-A3D0-65B606527240"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_platinum:8158:*:*:*:*:*:*:*","matchCriteriaId":"FD28227A-8888-43B2-BC41-8D54B49DA58C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_platinum:8160:*:*:*:*:*:*:*","matchCriteriaId":"7984BAEA-4518-4E17-830E-B34D09648BD8"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_platinum:8160f:*:*:*:*:*:*:*","matchCriteriaId":"2C2214E5-491E-448F-A4B6-A497FB44D722"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_platinum:8160m:*:*:*:*:*:*:*","matchCriteriaId":"2AE93013-C262-46A5-8E77-D647881EE632"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_platinum:8160t:*:*:*:*:*:*:*","matchCriteriaId":"85B53CEC-943F-4966-8EC1-CB2C6AD6A15B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_platinum:8164:*:*:*:*:*:*:*","matchCriteriaId":"EEAC04A3-EBE3-406B-B784-A3547162ECE4"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_platinum:8168:*:*:*:*:*:*:*","matchCriteriaId":"15720FFE-B2A4-4347-BCD7-DFA6774C0B8F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_platinum:8170:*:*:*:*:*:*:*","matchCriteriaId":"50F46B0E-C746-44B4-B343-E3DCAB4B98DE"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_platinum:8170m:*:*:*:*:*:*:*","matchCriteriaId":"5AE30903-4F75-4D71-A8BB-44D1099E9837"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_platinum:8176:*:*:*:*:*:*:*","matchCriteriaId":"98311EAA-26C8-4092-8BE5-4E7BEAA68DD4"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_platinum:8176f:*:*:*:*:*:*:*","matchCriteriaId":"DB8CF348-811C-4342-ACB9-AFCABCC34331"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_platinum:8176m:*:*:*:*:*:*:*","matchCriteriaId":"71998EC5-EC0F-496C-B658-3CD91D824944"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_platinum:8180:*:*:*:*:*:*:*","matchCriteriaId":"A1F19B2A-E7A1-4B97-AC40-02B0D3673555"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_silver:4108:*:*:*:*:*:*:*","matchCriteriaId":"CB6387C9-C0A8-4B26-BC62-802775CD0AD3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_silver:4109t:*:*:*:*:*:*:*","matchCriteriaId":"EFEB0164-77C2-4EC2-92FD-5FCE246119CB"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_silver:4110:*:*:*:*:*:*:*","matchCriteriaId":"FDB20210-337C-4220-8CA1-F4B2BC54EBC3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_silver:4112:*:*:*:*:*:*:*","matchCriteriaId":"F699569F-4F52-4CC0-90D9-CC4CBC32428A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_silver:4114:*:*:*:*:*:*:*","matchCriteriaId":"CBAED22B-D097-49C4-ADDF-4B3F3E1262D6"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_silver:4114t:*:*:*:*:*:*:*","matchCriteriaId":"ACF5C3C2-EE69-4DE7-A76C-C797192EE7A1"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_silver:4116:*:*:*:*:*:*:*","matchCriteriaId":"7756B588-5A63-4508-8BDD-92DB8CB0F4AD"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_silver:4116t:*:*:*:*:*:*:*","matchCriteriaId":"316E26AE-67A5-4E75-8F9B-ECF4A03AED51"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*","matchCriteriaId":"CB66DB75-2B16-4EBF-9B93-CE49D8086E41"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*","matchCriteriaId":"815D70A8-47D3-459C-A32C-9FEACA0659D1"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","matchCriteriaId":"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*","matchCriteriaId":"588D4F37-0A56-47A4-B710-4D5F3D214FB9"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*","matchCriteriaId":"9070C9D8-A14A-467F-8253-33B966C16886"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:local_service_management_system:13.1:*:*:*:*:*:*:*","matchCriteriaId":"668E2252-2290-41B5-95AB-95FB6092FF8F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:local_service_management_system:13.2:*:*:*:*:*:*:*","matchCriteriaId":"DBD9A6A2-3AE0-46A5-A953-1ADC280C16E3"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:local_service_management_system:13.3:*:*:*:*:*:*:*","matchCriteriaId":"7511381A-142F-4EC4-9399-86BA8218A6AC"},{"vulnerable":true,"criteria":"cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*","matchCriteriaId":"964B57CD-CB8A-4520-B358-1C93EC5EF2DC"},{"vulnerable":true,"criteria":"cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*","matchCriteriaId":"79A602C5-61FE-47BA-9786-F045B6C6DBA8"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:synology:router_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"1.1","versionEndExcluding":"1.1.7-6941-1","matchCriteriaId":"521AB96C-3C60-44E1-935E-C6037343A3DC"},{"vulnerable":true,"criteria":"cpe:2.3:a:synology:skynas:-:*:*:*:*:*:*:*","matchCriteriaId":"7C997777-BE79-4F77-90D7-E1A71D474D88"},{"vulnerable":true,"criteria":"cpe:2.3:a:synology:virtual_machine_manager:*:*:*:*:*:*:*:*","versionEndExcluding":"6.2-23739","matchCriteriaId":"2F53AB67-1CFA-467B-B2B1-D2447886FECE"},{"vulnerable":true,"criteria":"cpe:2.3:o:synology:diskstation_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"5.2","versionEndExcluding":"6.2.2-24922","matchCriteriaId":"4FB76C76-94F1-4109-9BA0-2390112816B3"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:synology:vs960hd_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"3D0C5120-B961-440F-B454-584BC54B549C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:synology:vs960hd:-:*:*:*:*:*:*:*","matchCriteriaId":"1CCBDFF9-AF42-4681-879B-CF789EBAD130"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:synology:vs360hd_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"66FC24F8-1B82-40EC-856A-2EA1736FFE5D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:synology:vs360hd:-:*:*:*:*:*:*:*","matchCriteriaId":"C8E2100A-F6C2-4B86-A4D0-08D998BEC86B"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*","matchCriteriaId":"1EA337A3-B9A3-4962-B8BD-8E0C7C5B28EB"},{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*","matchCriteriaId":"5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:suse_linux_enterprise_desktop:12:sp2:*:*:*:*:*:*","matchCriteriaId":"3C04C1B2-B0C7-402D-B79E-B0157E011B28"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:suse_linux_enterprise_desktop:12:sp3:*:*:*:*:*:*","matchCriteriaId":"E6334AF0-79FD-444D-BD41-DC8BF90A4109"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp4:*:*:*:*:*:*","matchCriteriaId":"41E76620-EC14-4D2B-828F-53F26DEA5DDC"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:suse_linux_enterprise_server:12:sp2:*:*:*:*:*:*","matchCriteriaId":"5A7ED7DD-A7D2-4A71-8415-26103530AB2E"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:suse_linux_enterprise_server:12:sp2:*:*:*:*:raspberry_pi:*","matchCriteriaId":"CE80FF2C-0075-4F00-938F-C2C267E950D0"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:suse_linux_enterprise_server:12:sp3:*:*:*:*:*:*","matchCriteriaId":"CEF98D6C-3C80-4A42-B14B-22D69BC1F4C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:suse_linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*","matchCriteriaId":"50E90625-DEB3-49D3-89B6-E9EEFFABD975"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:suse_linux_enterprise_software_development_kit:12:sp2:*:*:*:*:*:*","matchCriteriaId":"6E24E90D-6E89-439A-8418-440910C3F07C"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:suse_linux_enterprise_software_development_kit:12:sp3:*:*:*:*:*:*","matchCriteriaId":"33AFC27C-16AF-4742-9891-2240A73C6602"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:arm:cortex-r7_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"93C10475-AE35-4134-BB87-45544A62C942"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:arm:cortex-r7:-:*:*:*:*:*:*:*","matchCriteriaId":"044039A3-2AC7-4685-B671-C9B9FFD4ED6E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:arm:cortex-r8_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"477B6938-2314-487E-BB35-354B335AC642"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:arm:cortex-r8:-:*:*:*:*:*:*:*","matchCriteriaId":"AE2F2C6D-3F41-4C42-81E2-01A52AD035B8"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:arm:cortex-a8_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"D44EBD85-6140-41CD-8D26-29554CD2FBA7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:arm:cortex-a8:-:*:*:*:*:*:*:*","matchCriteriaId":"87BC54A8-6CF9-453F-9008-72CBA8C62BC4"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:arm:cortex-a9_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"17DD7CB1-76E8-41C3-86B8-E43ECBB5E6CB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:arm:cortex-a9:-:*:*:*:*:*:*:*","matchCriteriaId":"4437E468-F93D-4CE3-A156-06F631030A41"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:arm:cortex-a12_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"03311F2A-30E6-474E-824A-281ED3DE86AB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:arm:cortex-a12:-:*:*:*:*:*:*:*","matchCriteriaId":"40B4D5CE-8DC1-4300-BCF0-71CFB4331B71"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:arm:cortex-a15_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"23EADA1F-73E8-4E70-AF90-CE8D26552687"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:arm:cortex-a15:-:*:*:*:*:*:*:*","matchCriteriaId":"F8FDE279-49C3-452A-B9B0-36199C221F95"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:arm:cortex-a17_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"D591F3BE-13BB-4006-BE46-E975779DE5E6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:arm:cortex-a17:-:*:*:*:*:*:*:*","matchCriteriaId":"5D90DFDC-0B90-4431-9A23-194A5BC651F2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:arm:cortex-a57_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"68D895EC-B0A9-4292-AC64-60673F72C765"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:arm:cortex-a57:-:*:*:*:*:*:*:*","matchCriteriaId":"B00CD88D-5649-403F-A55A-BD49427D30FA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:arm:cortex-a72_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"38768B2B-F1A3-4A76-8716-9520CA075F3D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:arm:cortex-a72:-:*:*:*:*:*:*:*","matchCriteriaId":"16E23102-964E-485D-8EFF-4B1BBFE6EDE4"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:arm:cortex-a73_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"7173A6DC-4D4E-424C-A922-C16D67627834"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:arm:cortex-a73:-:*:*:*:*:*:*:*","matchCriteriaId":"33B1374D-59E8-4FE5-AC6C-0323AB1DD60D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:arm:cortex-a75_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"7A891447-2F1D-48B4-AA47-3CB7EA4FDC7C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:arm:cortex-a75:-:*:*:*:*:*:*:*","matchCriteriaId":"7C1DF922-1F46-41A6-A367-E56DD8C4163D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:arm:cortex-a76_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"08CC4E5E-2794-4893-9B45-E14A3F4CF159"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:arm:cortex-a76:-:*:*:*:*:*:*:*","matchCriteriaId":"9E4FCA77-71D3-495E-BA2A-2953369E5DCC"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:pepperl-fuchs:visunet_rm_shell:-:*:*:*:*:*:*:*","matchCriteriaId":"F926EFFA-6C44-4D99-B1EB-C9EAB63B6768"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:pepperl-fuchs:btc12_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"D1F44360-2B5D-4154-9D58-8ACEEF99DF15"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:pepperl-fuchs:btc12:-:*:*:*:*:*:*:*","matchCriteriaId":"1574ACD1-F5EC-47C9-97C5-A456E2C1D7F6"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:pepperl-fuchs:btc14_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"5DD89499-E4BE-4ACD-878C-06EB2BD59FC5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:pepperl-fuchs:btc14:-:*:*:*:*:*:*:*","matchCriteriaId":"9111BA3B-6A12-4974-9B94-548F6968BB8C"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:hci:-:*:*:*:*:*:*:*","matchCriteriaId":"8A6E548F-62E9-40CB-85DA-FDAA0F0096C6"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*","matchCriteriaId":"A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:bl_ppc_1000_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"AAAE5EC4-9BB6-42EB-9B20-9CC3FADB1C8D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:bl_ppc_1000:-:*:*:*:*:*:*:*","matchCriteriaId":"D74B2ACC-6043-40F3-AAEC-BAEC804C7C65"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:bl_ppc12_1000_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"ABE50478-AEA1-4DE3-9032-289DC6955634"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:bl_ppc12_1000:-:*:*:*:*:*:*:*","matchCriteriaId":"8EDAE7D8-7902-46C6-AE2B-8AA76E84417F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:bl_ppc15_1000_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"F5D8E919-CFBD-466A-A519-9B509A4E3663"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:bl_ppc15_1000:-:*:*:*:*:*:*:*","matchCriteriaId":"DCA09162-3331-49F6-A183-DDBE51C7F0FE"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:bl_ppc17_1000_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"AB43A6C2-20DD-437D-AE6C-00A20C760CFB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:bl_ppc17_1000:-:*:*:*:*:*:*:*","matchCriteriaId":"9F230367-F012-459C-AA19-38B2856C12A6"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:bl_bpc_2000_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"E8C44C9C-BA5D-42DD-968C-7D75795A1ABC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:bl_bpc_2000:-:*:*:*:*:*:*:*","matchCriteriaId":"F51A0C40-1A6E-4955-A498-F94EBDCCE0A2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:bl_bpc_2001_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"91424832-CC0F-454D-A77B-3D438D17CAB2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:bl_bpc_2001:-:*:*:*:*:*:*:*","matchCriteriaId":"C9544FE3-45A5-4803-A682-305C7BE488E8"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:bl_bpc_3000_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"B2498F2D-5A4B-4893-84E3-1144C6A16F01"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:bl_bpc_3000:-:*:*:*:*:*:*:*","matchCriteriaId":"FDE01550-016B-4BBA-9E56-FC18F0D52C82"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:bl_bpc_3001_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"4B39DD6E-EB5B-46AE-9F7E-C3AB8744DC33"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:bl_bpc_3001:-:*:*:*:*:*:*:*","matchCriteriaId":"8DA86326-3959-40AE-8984-F01B6C49C846"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:bl_ppc15_3000_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"34215265-15D4-4662-9D8A-20E8F48560BF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:bl_ppc15_3000:-:*:*:*:*:*:*:*","matchCriteriaId":"AE66F952-2BDD-4700-AA3B-6CEF7EFBA4F7"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:bl_ppc17_3000_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"A6EF7D36-9416-4634-AC9F-4115560E450F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:bl_ppc17_3000:-:*:*:*:*:*:*:*","matchCriteriaId":"2A4D7BA0-3715-4E91-A63F-AEA251BA35F3"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:bl_bpc_7000_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"88F9519E-5640-45EF-8D4D-65E81797B967"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:bl_bpc_7000:-:*:*:*:*:*:*:*","matchCriteriaId":"7E5A7C1F-3F46-4374-9F62-DC7B28020D86"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:bl_bpc_7001_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"236A1006-7E56-4D2A-A9AF-C11E98EFBA56"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:bl_bpc_7001:-:*:*:*:*:*:*:*","matchCriteriaId":"6ED51E38-43DC-4214-8011-A223D6C03486"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:bl_ppc_7000_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"9901BBE2-F9C3-4F5E-82FF-9C84691BF148"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:bl_ppc_7000:-:*:*:*:*:*:*:*","matchCriteriaId":"1E67487D-73DA-4105-B4F8-41A1D54640DA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:bl_ppc15_7000_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"772FFDA5-B054-4F97-A399-9A8E4B4830FD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:bl_ppc15_7000:-:*:*:*:*:*:*:*","matchCriteriaId":"FF2DB741-F0D0-4607-A40B-4A9BB97231BE"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:bl_ppc17_7000_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"3B647A88-B245-4796-BE42-EEE78D06F500"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:bl_ppc17_7000:-:*:*:*:*:*:*:*","matchCriteriaId":"3622D879-BA40-48B1-89D5-608AA99333A1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:bl_rackmount_2u_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"624F92AA-903D-4ADC-83BE-35B4EAE7F740"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:bl_rackmount_2u:-:*:*:*:*:*:*:*","matchCriteriaId":"783D5428-AC98-4C58-AD6F-0D518B695529"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:bl_rackmount_4u_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"69097B1F-C3EC-42FA-8C69-32D9DC430611"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:bl_rackmount_4u:-:*:*:*:*:*:*:*","matchCriteriaId":"A3F1000E-ECF5-4952-BE18-53DEB7BA8135"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:bl2_bpc_1000_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"12165D80-E3BA-4254-A3C0-F9785ECEE6A6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:bl2_bpc_1000:-:*:*:*:*:*:*:*","matchCriteriaId":"8631B12E-CE9A-41D2-BE3E-1C2FAF513468"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:bl2_ppc_1000_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"2378F6D3-FF9D-45AD-932C-9ED4B3FE8CFE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:bl2_ppc_1000:-:*:*:*:*:*:*:*","matchCriteriaId":"CF9E21E1-C9C6-4790-9C8F-153A0AA2120C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:bl2_bpc_2000_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"F999652C-BCCA-4EFC-B859-4D6D995267D6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:bl2_bpc_2000:-:*:*:*:*:*:*:*","matchCriteriaId":"DA4BAB42-0A0A-480D-9DF2-7E99E45A12E8"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:bl2_ppc_2000_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"86F3E671-D5BC-4FDC-9878-A6FB248E2D1D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:bl2_ppc_2000:-:*:*:*:*:*:*:*","matchCriteriaId":"1E838BFB-784F-4E36-990E-F50F554FCD15"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:bl2_bpc_7000_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"9E9E5307-7E77-4002-95EF-7FE4AB32EBCE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:bl2_bpc_7000:-:*:*:*:*:*:*:*","matchCriteriaId":"A537819A-95AD-406A-960B-A56DF4199B0A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:bl2_ppc_7000_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"962E3CCD-39B6-43DB-A922-CBFE1CA5431D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:bl2_ppc_7000:-:*:*:*:*:*:*:*","matchCriteriaId":"F097E450-3E21-429E-8EDE-A20A32E205E6"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:dl_ppc15_1000_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"60030678-EC0C-4B4C-97DF-8B8EBE1DED97"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:dl_ppc15_1000:-:*:*:*:*:*:*:*","matchCriteriaId":"5A2FE4D0-D0BB-407E-9270-88269BE962C9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:dl_ppc15m_7000_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"012D6DF0-E257-48B0-AF01-3226E6065590"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:dl_ppc15m_7000:-:*:*:*:*:*:*:*","matchCriteriaId":"C5EFEB19-FCBB-4B6B-BAD2-786608E95E07"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:dl_ppc18.5m_7000_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"21FDD77C-F607-48A0-9D03-29CC232213D6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:dl_ppc18.5m_7000:-:*:*:*:*:*:*:*","matchCriteriaId":"A21D272B-5DA1-48C4-9C29-60FD1DA3B560"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:dl_ppc21.5m_7000_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"ADFF99F0-4651-4CC4-8CD5-01DF8929B10E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:dl_ppc21.5m_7000:-:*:*:*:*:*:*:*","matchCriteriaId":"13C2D96C-0AC1-476A-9674-957745E134C3"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:el_ppc_1000_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"D06CE4B7-C9DE-4EAF-8F94-2381AC559959"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:el_ppc_1000:-:*:*:*:*:*:*:*","matchCriteriaId":"F5EF7960-4750-4ADA-B0A6-5B454A6A77E4"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:el_ppc_1000\\/wt_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"6EC378F8-533D-4F7C-99A3-0C2394C99172"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:el_ppc_1000\\/wt:-:*:*:*:*:*:*:*","matchCriteriaId":"7A942215-96BB-4E0C-AFBE-3FF70719B15F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:el_ppc_1000\\/m_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"8559D73D-1275-4275-93FD-77E252C5E4C5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:el_ppc_1000\\/m:-:*:*:*:*:*:*:*","matchCriteriaId":"7F8F8B95-79EB-437E-A9CB-B5C0A9E395F9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:valueline_ipc_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"525798C3-7035-43D1-99FE-653797DECA3E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:valueline_ipc:-:*:*:*:*:*:*:*","matchCriteriaId":"9797EACE-8534-486F-A48B-7509F7906CA5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:vl_bpc_1000_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"658A8B84-8735-4CB8-9E9F-702786DD630B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:vl_bpc_1000:-:*:*:*:*:*:*:*","matchCriteriaId":"BC14F03D-4C8C-4EB5-A4B9-D1D7364796D5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:vl_bpc_2000_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"7B25B0B2-FFA4-43E4-B61B-EC322E39B084"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:vl_bpc_2000:-:*:*:*:*:*:*:*","matchCriteriaId":"92563152-F7DF-456A-828A-F225271F4B43"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:vl_ppc_2000_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"CAC1465C-D4E4-40A8-BC36-FC5FD3F84EB6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:vl_ppc_2000:-:*:*:*:*:*:*:*","matchCriteriaId":"717629B0-0981-4233-89AB-AF234847B639"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:vl_bpc_3000_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"B3684354-FC1C-47A7-9AD7-00AF992B7605"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:vl_bpc_3000:-:*:*:*:*:*:*:*","matchCriteriaId":"1B804BA1-9CD7-45AE-B28D-01337A800213"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:vl_ppc_3000_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"054E26F9-188E-4F15-BB1A-8056639C69FF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:vl_ppc_3000:-:*:*:*:*:*:*:*","matchCriteriaId":"0C7A6530-9CBF-432D-BA7B-45772C325A02"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:vl_ipc_p7000_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"9EE73860-B3B8-4A96-8129-9AF45686F966"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:vl_ipc_p7000:-:*:*:*:*:*:*:*","matchCriteriaId":"D68B1755-4154-4648-980E-3B998B9621C2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:vl2_bpc_1000_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"5CFA0714-60D4-4D6E-95A6-3195F84F3F2E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:vl2_bpc_1000:-:*:*:*:*:*:*:*","matchCriteriaId":"18B811D9-EC0D-4623-AD5C-2757AD27604F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:vl2_ppc_1000_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"B6C25A38-9F53-4AB9-A11F-9DF08D7CC9E0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:vl2_ppc_1000:-:*:*:*:*:*:*:*","matchCriteriaId":"CF2F5EFC-6FB1-44CC-A9FD-BAD6D6A29CD5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:vl2_bpc_2000_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"C712CB21-C5C6-47E3-9C6A-E5E280E87062"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:vl2_bpc_2000:-:*:*:*:*:*:*:*","matchCriteriaId":"51D201C6-1DFD-4A0A-BCD7-024E5ADAFA0C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:vl2_ppc_2000_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"1B8CC783-4144-422D-A154-72CC83D83E14"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:vl2_ppc_2000:-:*:*:*:*:*:*:*","matchCriteriaId":"2FCEF736-BE5C-4BA9-80E0-304D55073F36"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:vl2_bpc_3000_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"592BE162-B9B4-4CCD-A5CB-4C316B14BFB1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:vl2_bpc_3000:-:*:*:*:*:*:*:*","matchCriteriaId":"4548FEDD-22AF-4753-A805-0FAA8BA22410"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:vl2_ppc_3000_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"7DD2E38F-01EA-4396-AE9E-B723FFA0E8D9"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:vl2_ppc_3000:-:*:*:*:*:*:*:*","matchCriteriaId":"9DEB26DA-6CA5-4694-AB96-4E376C0D4018"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:vl2_bpc_7000_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"AE2EE280-6E1D-49C5-90B8-FA1940CC6E77"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:vl2_bpc_7000:-:*:*:*:*:*:*:*","matchCriteriaId":"A0ED092A-9CCC-4794-B8CC-531572B32F0B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:vl2_ppc_7000_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"A2596D20-A6F7-4FE7-9E94-11965188DB68"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:vl2_ppc_7000:-:*:*:*:*:*:*:*","matchCriteriaId":"AF7632B9-340A-4249-91B3-0C93232B3108"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:vl2_bpc_9000_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"9BD42607-7668-4ACC-94F3-E4C1F510EE38"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:vl2_bpc_9000:-:*:*:*:*:*:*:*","matchCriteriaId":"DC743E65-BFC2-4149-AB51-F529AB934296"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:vl2_ppc_9000_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"AB0A1D10-B700-40A2-9A89-DDBD809294DC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:vl2_ppc_9000:-:*:*:*:*:*:*:*","matchCriteriaId":"CBED3056-BE7E-47DA-9818-4D57E29E7586"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:vl2_ppc7_1000_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"67B75497-625B-44D2-8552-F8AA597EA6D0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:vl2_ppc7_1000:-:*:*:*:*:*:*:*","matchCriteriaId":"AA9B7B72-413E-4B2E-A68C-D5A748CA4CBD"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:vl2_ppc9_1000_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"766B3429-8B60-4774-BFCA-349F59846D6D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:vl2_ppc9_1000:-:*:*:*:*:*:*:*","matchCriteriaId":"1EC738BF-9BDB-4969-B00E-253D47C583D3"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:vl2_ppc12_1000_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"3452BB23-7A21-48F5-971F-9D8C92697B36"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:vl2_ppc12_1000:-:*:*:*:*:*:*:*","matchCriteriaId":"45335605-EBA7-4C20-A334-A427656FD261"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:siemens:simatic_itc1500_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.1","matchCriteriaId":"766841A0-9E9F-48A6-B815-467734AD7D68"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:siemens:simatic_itc1500:v3:*:*:*:*:*:*:*","matchCriteriaId":"CD355D0B-151A-457B-B0C9-7A6314315364"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:siemens:simatic_itc1500_pro_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.1","matchCriteriaId":"E1511A71-8E8B-4985-8A39-69C801D48BFC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:siemens:simatic_itc1500_pro:v3:*:*:*:*:*:*:*","matchCriteriaId":"F8D4A368-64AF-412B-B5BB-AD6BC84F95C3"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:siemens:simatic_itc1900_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.1","matchCriteriaId":"13EA8C25-9918-456E-B0F5-206081207E98"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:siemens:simatic_itc1900:v3:*:*:*:*:*:*:*","matchCriteriaId":"070D8D5D-0703-41BC-8D44-8379409D7CFB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:siemens:simatic_itc1900_pro_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.1","matchCriteriaId":"0D54BE23-10D8-4FD2-9C0F-49785E55E28D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:siemens:simatic_itc1900_pro:v3:*:*:*:*:*:*:*","matchCriteriaId":"1402705D-BB4B-4639-92A8-B939B6AB3173"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:siemens:simatic_itc2200_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.1","matchCriteriaId":"482C1848-4840-4CE4-B8C1-E387CA672AB3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:siemens:simatic_itc2200:v3:*:*:*:*:*:*:*","matchCriteriaId":"41507D57-119A-4EE6-8F3C-7DB635298F1F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:siemens:simatic_itc2200_pro_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.1","matchCriteriaId":"DDA0CBED-0140-4319-817C-CAE812EA5815"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:siemens:simatic_itc2200_pro:v3:*:*:*:*:*:*:*","matchCriteriaId":"74DC92AC-246D-4DA2-85B3-B33EA5839310"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:siemens:simatic_winac_rtx_\\(f\\)_2010_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2010","matchCriteriaId":"E9C4333E-242B-472B-88A6-41669FCE48E4"},{"vulnerable":true,"criteria":"cpe:2.3:o:siemens:simatic_winac_rtx_\\(f\\)_2010_firmware:2010:-:*:*:*:*:*:*","matchCriteriaId":"E84371B8-69B9-4C60-B1AE-9EA89E25961B"},{"vulnerable":true,"criteria":"cpe:2.3:o:siemens:simatic_winac_rtx_\\(f\\)_2010_firmware:2010:sp1:*:*:*:*:*:*","matchCriteriaId":"4CBC4304-6AD9-4C12-B814-76CCCF9EBF0C"},{"vulnerable":true,"criteria":"cpe:2.3:o:siemens:simatic_winac_rtx_\\(f\\)_2010_firmware:2010:sp2:*:*:*:*:*:*","matchCriteriaId":"222D35AE-B32B-4167-9A6D-E88CCF3C823C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:siemens:simatic_winac_rtx_\\(f\\)_2010:-:*:*:*:*:*:*:*","matchCriteriaId":"E6034789-ABD1-4035-8378-F0BA7157B087"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0","versionEndExcluding":"8.5.9","matchCriteriaId":"20740117-8BC1-47B8-AA10-8ADF91F1CA86"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*","versionStartIncluding":"12.0.0","versionEndExcluding":"12.5.8","matchCriteriaId":"133DFB76-70D7-4480-B409-2A657DF3B6AD"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:-:*:*:*:*:*:*","matchCriteriaId":"B66C5256-6863-4B81-BC82-B76320467449"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201312101:*:*:*:*:*:*","matchCriteriaId":"5D98B374-B2FC-47C3-8376-B9F45664C436"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201312102:*:*:*:*:*:*","matchCriteriaId":"B75207AF-2BB8-4D6B-AF4C-BEB25895BA2B"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201312401:*:*:*:*:*:*","matchCriteriaId":"4091C844-6778-46D2-B135-CD4E3FAA0714"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201312402:*:*:*:*:*:*","matchCriteriaId":"7A3308A7-AF6A-4519-92E2-EF5FE6F9C78B"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201403101:*:*:*:*:*:*","matchCriteriaId":"BB2F377F-7260-47FE-9F50-40374EA1ED9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201403102:*:*:*:*:*:*","matchCriteriaId":"B73A27AE-5483-4F59-9D03-1E65CEFB5EBE"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201403201:*:*:*:*:*:*","matchCriteriaId":"67E6B861-B758-48C6-9B4E-CA348D4A8D11"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201403202:*:*:*:*:*:*","matchCriteriaId":"25D9AB99-4AD7-4765-9832-44180E038BB6"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201403203:*:*:*:*:*:*","matchCriteriaId":"0AB2650C-DF46-498E-AD6E-549649A20849"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201403204:*:*:*:*:*:*","matchCriteriaId":"CE7D5CA7-2D77-4B44-AE53-DF07A9D3E43F"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201403205:*:*:*:*:*:*","matchCriteriaId":"7E9270E3-F4FC-43ED-BA80-67F321BF33C4"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201403206:*:*:*:*:*:*","matchCriteriaId":"B687FC8F-DE82-446B-8EB1-3F3193735D26"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201403207:*:*:*:*:*:*","matchCriteriaId":"1B710A10-5076-4473-88AE-CA4A9935DF77"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201403208:*:*:*:*:*:*","matchCriteriaId":"432C66F0-03FA-4E0A-805F-7505B92C348B"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201403209:*:*:*:*:*:*","matchCriteriaId":"4B0B6D86-60E9-4193-8E8B-F07DF7410746"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201403210:*:*:*:*:*:*","matchCriteriaId":"D17F3263-3107-4785-BF6B-8A62A13FC720"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201403211:*:*:*:*:*:*","matchCriteriaId":"5A86BD5F-3858-4E50-995A-CEBE0C0FC19C"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201404401:*:*:*:*:*:*","matchCriteriaId":"0FB7F12A-3C70-41DC-B64F-990316118A07"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201404402:*:*:*:*:*:*","matchCriteriaId":"A1CF97B6-E3AE-47A6-A49F-3BFE66CB87F7"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201404403:*:*:*:*:*:*","matchCriteriaId":"A644757F-6A6F-49F5-9B81-06F10C5E34EC"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201404420:*:*:*:*:*:*","matchCriteriaId":"D84D5E4F-DDBA-42B7-974B-02DCB780E8CB"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201406401:*:*:*:*:*:*","matchCriteriaId":"979169D0-0C6E-4B4A-8FEA-FEBE33B09D0E"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201407101:*:*:*:*:*:*","matchCriteriaId":"20EB85A2-0051-430F-85B8-C2DA446E0AC0"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201407102:*:*:*:*:*:*","matchCriteriaId":"12156ABC-3724-4F3E-9E38-7C2C896C48EC"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201407401:*:*:*:*:*:*","matchCriteriaId":"BC573DAD-46D1-473A-B530-862DD301F287"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201407402:*:*:*:*:*:*","matchCriteriaId":"08A9F95B-6B7A-4CDE-94AC-3235ED59B1E3"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201407403:*:*:*:*:*:*","matchCriteriaId":"05F30A0A-DC59-4BDE-9060-BE25E35A21BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201407404:*:*:*:*:*:*","matchCriteriaId":"A6B31963-6FA3-4EC8-9F95-A999EB95B3F0"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201407405:*:*:*:*:*:*","matchCriteriaId":"B7DE1928-2F1F-442C-9E10-080AD9BD8D48"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201409101:*:*:*:*:*:*","matchCriteriaId":"D52E2286-239F-4486-9FB1-40ABF2C3A4D8"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201409201:*:*:*:*:*:*","matchCriteriaId":"7D8617AE-22D6-4A9A-864B-6B104AE19826"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201409202:*:*:*:*:*:*","matchCriteriaId":"9AE60429-3163-4621-9973-9569C489D0F5"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201409203:*:*:*:*:*:*","matchCriteriaId":"946564F5-90DF-47FB-B704-434222171F72"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201409204:*:*:*:*:*:*","matchCriteriaId":"7B371375-2F70-4A5C-81A1-3D24236EE06C"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201409205:*:*:*:*:*:*","matchCriteriaId":"2D89D1FB-354B-4F47-9B68-BC88266C603D"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201409206:*:*:*:*:*:*","matchCriteriaId":"990EA9A7-AA65-41D9-BFC3-987DEB875AF0"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201409207:*:*:*:*:*:*","matchCriteriaId":"45930839-7669-46B1-88A8-EC7448CFAA1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201410101:*:*:*:*:*:*","matchCriteriaId":"116EC72C-1639-4E89-8DA5-14F326D8E91D"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201410401:*:*:*:*:*:*","matchCriteriaId":"56ED6A51-50F6-4181-9FFB-411854102B44"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201410402:*:*:*:*:*:*","matchCriteriaId":"013566F1-27AD-408A-9ADE-3D88865FC560"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201410403:*:*:*:*:*:*","matchCriteriaId":"B924FE54-CA68-4C95-A9DA-DD37F2B8D851"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201410404:*:*:*:*:*:*","matchCriteriaId":"953DC00C-C694-4AFF-AC8D-3EF8F7B2EA9E"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201410405:*:*:*:*:*:*","matchCriteriaId":"71726A09-D9DE-4063-8B83-35F5E1C15C4A"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201410406:*:*:*:*:*:*","matchCriteriaId":"466ADBAF-9B8A-4F46-A061-3892CDFE0BE9"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201501101:*:*:*:*:*:*","matchCriteriaId":"A5E9B1C7-54CF-4761-ACC4-85D706ECE6FB"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201501401:*:*:*:*:*:*","matchCriteriaId":"7870F2CD-247B-4F1F-BE7E-B0A73210CB7D"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201501402:*:*:*:*:*:*","matchCriteriaId":"21D439E5-9283-41F2-A68E-48C27648A4F0"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201501403:*:*:*:*:*:*","matchCriteriaId":"FE762CF7-9B71-4E79-AF1F-077FF2584F3C"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201501404:*:*:*:*:*:*","matchCriteriaId":"A86BD94F-D60A-4E5C-808D-F129B2C221F9"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201501405:*:*:*:*:*:*","matchCriteriaId":"91CA06BB-2978-48E7-974C-AE588D0B773B"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201502401:*:*:*:*:*:*","matchCriteriaId":"AEC96D0F-56B5-4582-8519-5CFD59276221"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201504201:*:*:*:*:*:*","matchCriteriaId":"D8285D4D-9962-42CC-95C6-F5452EA62B11"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201505101:*:*:*:*:*:*","matchCriteriaId":"C715C51F-F1FC-4B92-BF77-EC75882CFE02"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201505401:*:*:*:*:*:*","matchCriteriaId":"F1BA0B41-E7B7-469F-BEB1-73A6A3315BA8"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201505402:*:*:*:*:*:*","matchCriteriaId":"26E44694-3121-4F50-9052-BAB42D6B45C6"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201505403:*:*:*:*:*:*","matchCriteriaId":"CF156298-D57B-4F30-8895-C3DCE5D8FA7B"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201505404:*:*:*:*:*:*","matchCriteriaId":"2485CC85-A58A-41A3-A0C3-F52C82D772A1"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201509101:*:*:*:*:*:*","matchCriteriaId":"3CB9206E-98ED-472F-8272-3DA2FEA82696"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201509102:*:*:*:*:*:*","matchCriteriaId":"83FEB3AF-DB9D-4958-AC26-04C694F0416A"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201509201:*:*:*:*:*:*","matchCriteriaId":"62A760D9-FEA2-49AD-8250-3A830398ECD6"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201509202:*:*:*:*:*:*","matchCriteriaId":"43E6E75D-D814-4DAA-9759-6948955501DC"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201509203:*:*:*:*:*:*","matchCriteriaId":"BEFD9527-F0CA-493B-A894-4BB26AB65F54"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201509204:*:*:*:*:*:*","matchCriteriaId":"9DC241D3-4352-4339-8C81-BA7878FD5062"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201509205:*:*:*:*:*:*","matchCriteriaId":"D2E50F31-00DB-4724-982E-E39E55E75FBB"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201509206:*:*:*:*:*:*","matchCriteriaId":"1099C9B4-11A1-4545-8054-5CC247286617"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201509207:*:*:*:*:*:*","matchCriteriaId":"8F018232-8B68-4496-A38B-6E1B84F1AA28"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201509208:*:*:*:*:*:*","matchCriteriaId":"D0F66CE5-E0BD-41B4-9D36-1C626FFF2141"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201509209:*:*:*:*:*:*","matchCriteriaId":"08CB5270-1BD3-48D0-AB8C-B3CF0C52499F"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201509210:*:*:*:*:*:*","matchCriteriaId":"EC263338-15D1-4F8C-8BE7-494971F31682"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201509211:*:*:*:*:*:*","matchCriteriaId":"061C95B9-845F-4235-9ABE-7BD5F555209C"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201509212:*:*:*:*:*:*","matchCriteriaId":"75EB3FC3-C4C1-4841-88E6-922CADC9B402"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201509213:*:*:*:*:*:*","matchCriteriaId":"FE0F78D7-2139-46AD-9C69-229BA94896D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201510401:*:*:*:*:*:*","matchCriteriaId":"A630790E-2F77-4C05-91BD-06AB8894A28E"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201512101:*:*:*:*:*:*","matchCriteriaId":"6A96EA60-16A8-4129-8E2E-B8B5C4F83D39"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201512102:*:*:*:*:*:*","matchCriteriaId":"A30EE76C-594A-4DD2-95D5-8E8D8B6D3185"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201512401:*:*:*:*:*:*","matchCriteriaId":"D9A31A47-DE48-42AA-B7CD-4661624A50A0"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201512402:*:*:*:*:*:*","matchCriteriaId":"B0CC39CC-45DF-4461-9219-808CBE68592A"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201512403:*:*:*:*:*:*","matchCriteriaId":"4FAC6817-6316-4592-8510-02772D3EFF3E"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201512404:*:*:*:*:*:*","matchCriteriaId":"711F5017-AEC2-4649-AA8A-6A596591F11C"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201601401:*:*:*:*:*:*","matchCriteriaId":"A12209C7-0027-46B1-A8D8-535A631A4FA9"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201602401:*:*:*:*:*:*","matchCriteriaId":"8D09CF29-38FD-487F-8597-518F206531BC"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201608101:*:*:*:*:*:*","matchCriteriaId":"D35EAA15-0DEA-42D8-AEFE-F4CB6BC6CFEC"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201608102:*:*:*:*:*:*","matchCriteriaId":"BEC12F16-071D-4648-A044-1274CBACE988"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201608401:*:*:*:*:*:*","matchCriteriaId":"0763BDFC-0D5D-43E0-BD3C-F6A7D41F53C6"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201608402:*:*:*:*:*:*","matchCriteriaId":"57160A54-9049-4F31-AF1A-28A18F0EFF95"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201608403:*:*:*:*:*:*","matchCriteriaId":"54AD4072-BFAE-4941-8CC3-6DE5E3222DAD"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201608404:*:*:*:*:*:*","matchCriteriaId":"9109EB3E-C635-4B99-9BE5-B9FD9C4B5D6E"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201608405:*:*:*:*:*:*","matchCriteriaId":"2E01FEF6-8D64-428E-AFB0-FFEB21CCDC39"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201609101:*:*:*:*:*:*","matchCriteriaId":"910B3A6A-F418-4A0E-B612-DECD4900BB14"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201609102:*:*:*:*:*:*","matchCriteriaId":"A6B5E386-0BFC-4F1B-9D1A-E2F31C8A05BB"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201609401:*:*:*:*:*:*","matchCriteriaId":"29175BA1-3A31-4E9E-8B52-B078CC33F51C"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201609402:*:*:*:*:*:*","matchCriteriaId":"573A99EF-0B6B-41D6-B71F-1C21B1565A3D"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201609403:*:*:*:*:*:*","matchCriteriaId":"209AD390-0ABA-4225-9168-A769ED7808DD"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201612101:*:*:*:*:*:*","matchCriteriaId":"C4553BE6-DEDE-4E16-A335-1F8DE5F7B9E6"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201612102:*:*:*:*:*:*","matchCriteriaId":"5909ED7E-B49C-42D5-A634-788733D49FE8"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201612401:*:*:*:*:*:*","matchCriteriaId":"21B55E0E-8923-4779-970F-A335C708CD3F"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201612402:*:*:*:*:*:*","matchCriteriaId":"D0B9CB8C-8072-46E3-8A6F-41FDB2365436"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201703401:*:*:*:*:*:*","matchCriteriaId":"6C2C8471-D52C-41DF-A96B-E6D0A1E7A070"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201709101:*:*:*:*:*:*","matchCriteriaId":"E2A9B43C-51F7-42C6-84CD-B882055915B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201709102:*:*:*:*:*:*","matchCriteriaId":"9F239FF7-CA1E-4711-A8A8-C1F945366E19"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201709103:*:*:*:*:*:*","matchCriteriaId":"7E696E99-6F94-4C74-911A-01162CA34B15"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201709401:*:*:*:*:*:*","matchCriteriaId":"0B18A0A1-F28F-4282-B871-06344A674EDD"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201709402:*:*:*:*:*:*","matchCriteriaId":"FE2DA304-2C7F-4F5A-A3D0-0DF15E442B1C"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:5.5.0:550-201709403:*:*:*:*:*:*","matchCriteriaId":"EEF8BCE8-567E-4392-AD10-4DC4EF93E5CD"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:-:*:*:*:*:*:*","matchCriteriaId":"3E8861F4-D390-4738-BBF0-9EE4684E9667"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201504401:*:*:*:*:*:*","matchCriteriaId":"2B9D5E67-78C9-495E-91F0-AF94871E5FA2"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201505401:*:*:*:*:*:*","matchCriteriaId":"6D35CDFE-F0E7-43F7-A307-E3BDDE5AEAD5"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201507101:*:*:*:*:*:*","matchCriteriaId":"ADC13026-3B5A-4BF0-BDEC-B77338E427E8"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201507102:*:*:*:*:*:*","matchCriteriaId":"6CBA70BA-FFCD-4D2D-AD26-95CC62748937"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201507401:*:*:*:*:*:*","matchCriteriaId":"4C92DD8B-8AB8-40D4-8E86-12FEB055D37A"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201507402:*:*:*:*:*:*","matchCriteriaId":"C58D77F5-CDB2-47DA-A879-BABEBE2E1E04"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201507403:*:*:*:*:*:*","matchCriteriaId":"D0C324FB-3989-4A4A-BF5B-C40CA698DDB7"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201507404:*:*:*:*:*:*","matchCriteriaId":"0E7AC58E-D1F8-4FDF-9A28-61CF6158330A"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201507405:*:*:*:*:*:*","matchCriteriaId":"489EE0F6-5510-470E-8711-DC08B4AFB4F7"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201507406:*:*:*:*:*:*","matchCriteriaId":"6719ED6F-CBC3-4B1E-9343-23DC3BA15FDA"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201507407:*:*:*:*:*:*","matchCriteriaId":"DDAA48A9-9319-4104-B151-D529E5EBF0F7"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201509101:*:*:*:*:*:*","matchCriteriaId":"D16CD918-5075-4975-8B1E-21D8AD35A28E"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201509102:*:*:*:*:*:*","matchCriteriaId":"7A38CD8E-494D-4E0E-A300-8550FC81FAE4"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201509201:*:*:*:*:*:*","matchCriteriaId":"1F40ABE8-8DED-4633-A34C-00DF5D510E71"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201509202:*:*:*:*:*:*","matchCriteriaId":"1736B975-089B-413C-8CA0-5524B957EF9A"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201509203:*:*:*:*:*:*","matchCriteriaId":"0E4DCBF6-7189-497A-B923-08574443172C"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201509204:*:*:*:*:*:*","matchCriteriaId":"16FBA646-0B5E-44A7-BB12-29D5C611AEC5"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201509205:*:*:*:*:*:*","matchCriteriaId":"29F57497-7B48-4D0C-B8F5-8D33062BECEE"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201509206:*:*:*:*:*:*","matchCriteriaId":"ADDE96C7-C489-4D14-990B-8524627A23D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201509207:*:*:*:*:*:*","matchCriteriaId":"AD82C093-FD98-45DE-9EE6-A05E81A1FEC6"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201509208:*:*:*:*:*:*","matchCriteriaId":"08789F9E-CDC7-4F89-B925-92C9E3AE5234"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201509209:*:*:*:*:*:*","matchCriteriaId":"26ABB84C-B4BF-424E-8F4C-D2B6BE0AC79E"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201509210:*:*:*:*:*:*","matchCriteriaId":"621C203B-4B66-49CC-A35D-D7703109BF14"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201510401:*:*:*:*:*:*","matchCriteriaId":"3261BDEF-D89C-41D9-A360-EC36EAB17490"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201511401:*:*:*:*:*:*","matchCriteriaId":"5170A4F6-02B7-4225-B944-73DB5A4D332C"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201601101:*:*:*:*:*:*","matchCriteriaId":"62A97DBA-A56B-4F0B-B9C4-44B5166681AF"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201601102:*:*:*:*:*:*","matchCriteriaId":"806C8BE6-A2BE-45BE-BEF2-396BEB16FCC3"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201601401:*:*:*:*:*:*","matchCriteriaId":"DBA6211E-134A-484E-8444-FBB5070B395D"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201601402:*:*:*:*:*:*","matchCriteriaId":"3E7B05B3-4076-4A44-B9A6-A44419F175C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201601403:*:*:*:*:*:*","matchCriteriaId":"1A1636B4-6E79-42D7-AA62-5EE43412B43A"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201601404:*:*:*:*:*:*","matchCriteriaId":"0F0377D0-BBED-41BF-80C5-58414ED413EE"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201601405:*:*:*:*:*:*","matchCriteriaId":"6495283C-D18A-4DDA-852E-46F2273D6DAC"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201602401:*:*:*:*:*:*","matchCriteriaId":"09DEFEE5-5E9E-4F3A-A245-3E8E2B291339"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201603101:*:*:*:*:*:*","matchCriteriaId":"4B5A97A3-65DB-4697-9CF1-B4F5E4E4132F"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201603102:*:*:*:*:*:*","matchCriteriaId":"17A84E0A-1429-467F-9EE1-FCA062392DC2"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201603201:*:*:*:*:*:*","matchCriteriaId":"C591163D-64BC-403B-A460-5B2258EC2F8A"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201603202:*:*:*:*:*:*","matchCriteriaId":"ED932B89-D34D-4398-8F79-AF98987CAFD0"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201603203:*:*:*:*:*:*","matchCriteriaId":"ABD365A0-0B09-4EC2-9973-691144C99507"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201603204:*:*:*:*:*:*","matchCriteriaId":"FBE64DC7-A9D1-416F-89BF-D9F8DD8174AA"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201603205:*:*:*:*:*:*","matchCriteriaId":"0E198AE4-A6A3-4875-A7DA-44BE9E1B280F"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201603206:*:*:*:*:*:*","matchCriteriaId":"2FDD5BA0-8180-484D-8308-B0862B6E9DC3"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201603207:*:*:*:*:*:*","matchCriteriaId":"96A6EB9A-A908-42D1-A6BC-E38E861BBECE"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201603208:*:*:*:*:*:*","matchCriteriaId":"651EDCAA-D785-464D-AE41-425A69F6FFB7"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201605401:*:*:*:*:*:*","matchCriteriaId":"1B3C704C-9D60-4F72-B482-07F209985E68"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201608101:*:*:*:*:*:*","matchCriteriaId":"C1CFE956-4391-4B71-BD0B-96A008A624B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201608401:*:*:*:*:*:*","matchCriteriaId":"409778CD-9AB3-4793-A5F5-8D8657F81442"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201608402:*:*:*:*:*:*","matchCriteriaId":"F7EA75DB-B6BE-4E75-89B6-C69E96CBD7BF"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201608403:*:*:*:*:*:*","matchCriteriaId":"0DC45A8B-6DE0-465F-9644-B75A09394F25"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201608404:*:*:*:*:*:*","matchCriteriaId":"7A265671-BCB0-401A-A1E8-500F9D41492E"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201608405:*:*:*:*:*:*","matchCriteriaId":"83168067-1E43-4186-9B15-3FC702C6583C"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201610410:*:*:*:*:*:*","matchCriteriaId":"8C122DB4-8410-4C4E-87BE-EB3175CE182B"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201611401:*:*:*:*:*:*","matchCriteriaId":"C76ED78D-0778-4269-938E-BB7586C1E44E"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201611402:*:*:*:*:*:*","matchCriteriaId":"7A1F78C5-E995-4E37-83C5-5B6A1D39E549"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201611403:*:*:*:*:*:*","matchCriteriaId":"7A2E842D-AF37-4641-AD05-B91F250E7487"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201702101:*:*:*:*:*:*","matchCriteriaId":"A07EAC87-32FD-4553-B71D-181F2C66AE68"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201702102:*:*:*:*:*:*","matchCriteriaId":"AD6F0D62-4C51-46D6-A6C4-E479BE6B2C91"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201702201:*:*:*:*:*:*","matchCriteriaId":"865D3042-68ED-44B9-A036-9433F7463D6F"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201702202:*:*:*:*:*:*","matchCriteriaId":"FC4FEF78-D2DA-4CCE-BB81-7E2090ED545C"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201702203:*:*:*:*:*:*","matchCriteriaId":"11AE3F61-9655-4B20-96E1-92112BE2BEDC"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201702204:*:*:*:*:*:*","matchCriteriaId":"ECE35166-3019-450B-9C69-484E4EDE5A6D"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201702205:*:*:*:*:*:*","matchCriteriaId":"D892B066-381B-4F46-8363-7BA1647BBCD8"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201702206:*:*:*:*:*:*","matchCriteriaId":"710DB381-5504-4493-8D0A-17AB8E5A903B"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201702207:*:*:*:*:*:*","matchCriteriaId":"42AAA3B7-B74D-4B67-8BD3-1D9B5ED1E037"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201702208:*:*:*:*:*:*","matchCriteriaId":"33CBCA55-010E-4E84-B2F8-F9B53D5A3340"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201702209:*:*:*:*:*:*","matchCriteriaId":"95A73B4B-F9B3-4D66-9668-902902C73CB6"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201702210:*:*:*:*:*:*","matchCriteriaId":"8D14D51D-E2EA-4826-8C6E-AF1C15F12384"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201702211:*:*:*:*:*:*","matchCriteriaId":"BED100A1-9D59-48BE-91D4-0C8F2D678E6E"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201702212:*:*:*:*:*:*","matchCriteriaId":"660B51F2-DFE0-49F6-AD2A-6E94B20F4019"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201703401:*:*:*:*:*:*","matchCriteriaId":"8BF80536-348A-468E-AC1C-DA53632FCC83"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201706101:*:*:*:*:*:*","matchCriteriaId":"CFABF302-AC32-4507-BDD9-314854DE55BB"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201706102:*:*:*:*:*:*","matchCriteriaId":"9EDE020F-4FB1-4F1D-B434-6745045702D5"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201706103:*:*:*:*:*:*","matchCriteriaId":"AA1538B9-E860-46CE-A4CA-1393ECA20D30"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201706401:*:*:*:*:*:*","matchCriteriaId":"386A6805-6167-47BA-A02F-073DC7E0FE36"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201706402:*:*:*:*:*:*","matchCriteriaId":"03BA15D8-F7A2-428C-8104-BCEBDE7C1EC0"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201706403:*:*:*:*:*:*","matchCriteriaId":"1CFCFE7B-37E5-4C64-9B43-4F693F227231"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.0:600-201710301:*:*:*:*:*:*","matchCriteriaId":"02CFAE22-37DB-4787-96FB-9E0F8EF671E7"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.5:-:*:*:*:*:*:*","matchCriteriaId":"FBA15143-734D-4889-8B5A-2445A2DDDD4B"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.5:650-201701001:*:*:*:*:*:*","matchCriteriaId":"04FA10C6-2B0D-47C9-8C4E-1BA98C97DC7A"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.5:650-201703001:*:*:*:*:*:*","matchCriteriaId":"0D2ED442-3F6D-472A-AA98-51D05A65B2E0"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.5:650-201703002:*:*:*:*:*:*","matchCriteriaId":"2A71EC72-3389-4EC7-8104-2A78F7B8C0DC"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.5:650-201704001:*:*:*:*:*:*","matchCriteriaId":"F948E806-0F73-4145-A723-7A43BA45842B"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.5:650-201707101:*:*:*:*:*:*","matchCriteriaId":"75FAFF86-C65F-4723-8A63-BACE2F797937"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.5:650-201707102:*:*:*:*:*:*","matchCriteriaId":"DBC31DE3-ACFE-422F-B253-2FE4AAFE3954"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.5:650-201707103:*:*:*:*:*:*","matchCriteriaId":"B30B3EA4-495F-4915-B6E3-5FB9277C2DE6"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.5:650-201707201:*:*:*:*:*:*","matchCriteriaId":"6FA9E337-B4F3-4895-BA58-962F8CDEE73E"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.5:650-201707202:*:*:*:*:*:*","matchCriteriaId":"830B0BC1-A368-49AC-B6C9-B000972EF92A"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.5:650-201707203:*:*:*:*:*:*","matchCriteriaId":"614394F3-3BEE-4E12-AABF-436D54A04313"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.5:650-201707204:*:*:*:*:*:*","matchCriteriaId":"350FD3CE-8B64-4FCF-82DE-BE941156F4F6"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.5:650-201707205:*:*:*:*:*:*","matchCriteriaId":"C9EAE177-6C7E-4C1B-ADEE-2C036F731272"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.5:650-201707206:*:*:*:*:*:*","matchCriteriaId":"DFFEEC31-8462-4DF9-A1DA-D7057C209CBA"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.5:650-201707207:*:*:*:*:*:*","matchCriteriaId":"0AC6BC16-0A1D-44B3-BA68-63EA05EDD54B"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.5:650-201707208:*:*:*:*:*:*","matchCriteriaId":"942DAD67-9455-4D02-BD3B-BFD2DE7A7E52"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.5:650-201707209:*:*:*:*:*:*","matchCriteriaId":"7ACC1A72-F6B6-430A-AB89-AB0A11587F58"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.5:650-201707210:*:*:*:*:*:*","matchCriteriaId":"45111C74-BF6F-4C05-A0D3-CE325AD0C02B"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.5:650-201707211:*:*:*:*:*:*","matchCriteriaId":"B1CE5849-01B1-4E36-83E8-496A3F328C9C"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.5:650-201707212:*:*:*:*:*:*","matchCriteriaId":"A879BA05-3A80-4EBC-AA9D-9B53695425B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.5:650-201707213:*:*:*:*:*:*","matchCriteriaId":"3D65A0E8-A1E0-42F3-B77D-2F32979278BB"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.5:650-201707214:*:*:*:*:*:*","matchCriteriaId":"80C10150-39BA-4818-B48F-8645D4A0D316"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.5:650-201707215:*:*:*:*:*:*","matchCriteriaId":"9792B986-86EF-40E0-9427-A45F858717E1"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.5:650-201707216:*:*:*:*:*:*","matchCriteriaId":"37EDD688-C91A-4A35-913A-82E156ADD242"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.5:650-201707217:*:*:*:*:*:*","matchCriteriaId":"5CC1AC0E-8D3F-46C0-BDA9-EB9DC9971F57"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.5:650-201707218:*:*:*:*:*:*","matchCriteriaId":"47DA50DA-7CA4-4B76-8B3B-A5732509F71D"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.5:650-201707219:*:*:*:*:*:*","matchCriteriaId":"76EB1A04-0645-4909-AEF9-33D6FADA4793"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.5:650-201707220:*:*:*:*:*:*","matchCriteriaId":"F1A35723-D968-42D6-89EB-86CA550516E6"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.5:650-201707221:*:*:*:*:*:*","matchCriteriaId":"C3AC8A19-F98E-48F1-A1EA-EAA1C7208335"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.5:650-201710001:*:*:*:*:*:*","matchCriteriaId":"2D6A3952-8429-4762-8701-47D7C1F05A5F"},{"vulnerable":true,"criteria":"cpe:2.3:o:vmware:esxi:6.5:650-201712001:*:*:*:*:*:*","matchCriteriaId":"5B007609-C312-469B-BACF-04D6D80DADF7"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:arm:cortex-a77_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"155A0C39-4D0A-4264-B392-46002908939C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:arm:cortex-a77:-:*:*:*:*:*:*:*","matchCriteriaId":"514DE9F5-D826-42AA-B4CF-3EB09F4D3D5D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:arm:cortex-a78_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"96AB8C81-F441-4563-B5E0-B738DF4D1C50"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:arm:cortex-a78:-:*:*:*:*:*:*:*","matchCriteriaId":"DDA3C472-D1E9-47B3-AFD0-BD274E3291F9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:arm:cortex-a78ae_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"E30BECA7-C45A-423D-9200-98D51BE9C84C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:arm:cortex-a78ae:-:*:*:*:*:*:*:*","matchCriteriaId":"9E376B2A-430D-4D1D-BC28-92CD7E1E8564"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:arm:neoverse_n1_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"4164A584-6F0D-4154-8FED-DC044CDE1FE7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:arm:neoverse_n1:-:*:*:*:*:*:*:*","matchCriteriaId":"74C9E6FC-9C40-4105-9FB0-17013E1ABBB3"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:arm:neoverse_n2_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"7B37176F-0AF4-4410-9C1F-4C5ED0051681"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:arm:neoverse_n2:-:*:*:*:*:*:*:*","matchCriteriaId":"D2F2936E-A611-472E-8EF0-F336A19DF578"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:arm:cortex-x1_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"5D200C1F-1909-4952-824F-A2D279B9B37E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:arm:cortex-x1:-:*:*:*:*:*:*:*","matchCriteriaId":"2FC9F68C-7D65-4D29-AAA1-BA43228C6208"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html","source":"secure@intel.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html","source":"secure@intel.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html","source":"secure@intel.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html","source":"secure@intel.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html","source":"secure@intel.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4609","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4611","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4613","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4614","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html","source":"secure@intel.com","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"http://www.kb.cert.org/vuls/id/584653","source":"secure@intel.com","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html","source":"secure@intel.com","tags":["Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/102371","source":"secure@intel.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1040071","source":"secure@intel.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://xenbits.xen.org/xsa/advisory-254.html","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:0292","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/security/vulnerabilities/speculativeexecution","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"https://cdrdv2.intel.com/v1/dl/getContent/685359","source":"secure@intel.com","tags":["Vendor Advisory"]},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"https://cert.vde.com/en-us/advisories/vde-2018-002","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"https://cert.vde.com/en-us/advisories/vde-2018-003","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html","source":"secure@intel.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html","source":"secure@intel.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html","source":"secure@intel.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html","source":"secure@intel.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html","source":"secure@intel.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002","source":"secure@intel.com","tags":["Patch","Third Party Advisory","Vendor Advisory"]},{"url":"https://seclists.org/bugtraq/2019/Jun/36","source":"secure@intel.com","tags":["Issue Tracking","Mailing List","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201810-06","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20180104-0001/","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"https://spectreattack.com/","source":"secure@intel.com","tags":["Technical Description","Third Party Advisory"]},{"url":"https://support.citrix.com/article/CTX231399","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"https://support.f5.com/csp/article/K91229003","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_us","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"https://support.lenovo.com/us/en/solutions/LEN-18282","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3540-1/","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3540-2/","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3541-1/","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3541-2/","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3542-1/","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3542-2/","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3549-1/","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3580-1/","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3597-1/","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3597-2/","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/usn/usn-3516-1/","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2018/dsa-4187","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2018/dsa-4188","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/43427/","source":"secure@intel.com","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://www.kb.cert.org/vuls/id/180049","source":"secure@intel.com","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","source":"secure@intel.com","tags":["Patch","Third Party Advisory"]},{"url":"https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"https://www.synology.com/support/security/Synology_SA_18_01","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4609","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4611","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4613","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4614","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.kb.cert.org/vuls/id/584653","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/102371","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1040071","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://xenbits.xen.org/xsa/advisory-254.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:0292","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/security/vulnerabilities/speculativeexecution","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://cdrdv2.intel.com/v1/dl/getContent/685359","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://cert.vde.com/en-us/advisories/vde-2018-002","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://cert.vde.com/en-us/advisories/vde-2018-003","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory","Vendor Advisory"]},{"url":"https://seclists.org/bugtraq/2019/Jun/36","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Mailing List","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201810-06","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20180104-0001/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://spectreattack.com/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Technical Description","Third Party Advisory"]},{"url":"https://support.citrix.com/article/CTX231399","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://support.f5.com/csp/article/K91229003","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_us","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://support.lenovo.com/us/en/solutions/LEN-18282","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3540-1/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3540-2/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3541-1/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3541-2/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3542-1/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3542-2/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3549-1/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3580-1/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3597-1/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3597-2/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/usn/usn-3516-1/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2018/dsa-4187","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2018/dsa-4188","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/43427/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://www.kb.cert.org/vuls/id/180049","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.synology.com/support/security/Synology_SA_18_01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5754","sourceIdentifier":"secure@intel.com","published":"2018-01-04T13:29:00.303","lastModified":"2026-05-28T19:16:26.617","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache."},{"lang":"es","value":"Los sistemas con microprocesadores con ejecución especulativa y predicción indirecta de ramas podrían permitir la revelación no autorizada de información al atacante con acceso de usuario local mediante un análisis de la caché de los datos."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":5.6,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.1,"impactScore":4.0}],"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":5.6,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.1,"impactScore":4.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:C/I:N/A:N","baseScore":4.7,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":3.4,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c:c2308:*:*:*:*:*:*:*","matchCriteriaId":"CD028C10-FD07-4206-A732-CCAC1B6D043D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c:c2316:*:*:*:*:*:*:*","matchCriteriaId":"704FAA50-1B7D-4917-AC4A-4C58785340F1"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c:c2338:*:*:*:*:*:*:*","matchCriteriaId":"5C6B95D3-75BD-4826-BFBE-9701CC0FF052"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c:c2350:*:*:*:*:*:*:*","matchCriteriaId":"F66E31A6-EA01-40C8-8718-CE2C1F45EEB8"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c:c2358:*:*:*:*:*:*:*","matchCriteriaId":"DBBE3B05-2063-49DE-A1D3-9D0A62E0CF5E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c:c2508:*:*:*:*:*:*:*","matchCriteriaId":"022F2CBE-EFB1-4962-AC91-D25AAB057DAF"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c:c2516:*:*:*:*:*:*:*","matchCriteriaId":"69C05CD9-551B-46EE-85F8-D18FF878FE8D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c:c2518:*:*:*:*:*:*:*","matchCriteriaId":"2DCCB5A5-20E3-4EC5-956C-EA7C0F33A026"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c:c2530:*:*:*:*:*:*:*","matchCriteriaId":"3C38C609-242E-4923-A81F-DAFBE7B6A927"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c:c2538:*:*:*:*:*:*:*","matchCriteriaId":"2AEB08B5-7CBA-479A-A41B-FD8A6D9E0875"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c:c2550:*:*:*:*:*:*:*","matchCriteriaId":"A8C4FDD7-F2EC-4EDB-ACC9-3D6B9152C855"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c:c2558:*:*:*:*:*:*:*","matchCriteriaId":"8E51DD0B-1EED-4BE9-B0A7-BE2E91CCA84C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c:c2718:*:*:*:*:*:*:*","matchCriteriaId":"D7AC7C56-2205-4121-99E2-001A7488E0FC"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c:c2730:*:*:*:*:*:*:*","matchCriteriaId":"A1677313-FF8F-493B-9DA3-C78F87581A17"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c:c2738:*:*:*:*:*:*:*","matchCriteriaId":"4B2A3CCE-FA57-43B5-B7DE-CFD0CC2ECD7A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c:c2750:*:*:*:*:*:*:*","matchCriteriaId":"85CA4444-5103-4451-8A7C-F6BBE714BBB7"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c:c2758:*:*:*:*:*:*:*","matchCriteriaId":"FA1EB745-46D7-4088-93C6-E7156520B144"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c:c3308:*:*:*:*:*:*:*","matchCriteriaId":"A93010C0-33B3-438F-94F6-8DA7A9D7B451"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c:c3338:*:*:*:*:*:*:*","matchCriteriaId":"2A988A78-6B3D-4599-A85C-42B4A294D86D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c:c3508:*:*:*:*:*:*:*","matchCriteriaId":"1D7C5EF4-3A92-4AF7-9B11-62B4FFDC5128"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c:c3538:*:*:*:*:*:*:*","matchCriteriaId":"246AA1B0-B6C8-406B-817D-26113DC63858"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c:c3558:*:*:*:*:*:*:*","matchCriteriaId":"00EE5B42-FF05-447C-BACC-0E650E773E49"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c:c3708:*:*:*:*:*:*:*","matchCriteriaId":"B0779CC9-BD39-4E0B-B523-A6C69F9EBB0C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c:c3750:*:*:*:*:*:*:*","matchCriteriaId":"A1F0E3C4-7E9B-435F-907E-4BF4F12AF314"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c:c3758:*:*:*:*:*:*:*","matchCriteriaId":"5D616C72-0863-478C-9E87-3963C83B87E8"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c:c3808:*:*:*:*:*:*:*","matchCriteriaId":"CC333B0D-3A0E-4629-8016-68C060343874"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c:c3830:*:*:*:*:*:*:*","matchCriteriaId":"6655535C-FF64-4F9E-8168-253AABCC4F5D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c:c3850:*:*:*:*:*:*:*","matchCriteriaId":"B1EDEA1E-9A19-4B3F-806E-D770D1AB4C73"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c:c3858:*:*:*:*:*:*:*","matchCriteriaId":"BBD68F3F-7E38-40B9-A20B-B9BB45E8D042"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c:c3950:*:*:*:*:*:*:*","matchCriteriaId":"1EACEF19-83BC-4579-9274-BE367F914432"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c:c3955:*:*:*:*:*:*:*","matchCriteriaId":"1CC73291-AA6F-40B0-860A-1F2E6AB1E2AC"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c:c3958:*:*:*:*:*:*:*","matchCriteriaId":"24128A7F-2B0B-4923-BA9E-9F5093D29423"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_e:e3805:*:*:*:*:*:*:*","matchCriteriaId":"0990DD71-9E83-499D-9DAF-A466CF896CFA"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_e:e3815:*:*:*:*:*:*:*","matchCriteriaId":"9B7FEDEF-9772-4FB1-9261-020487A795AA"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_e:e3825:*:*:*:*:*:*:*","matchCriteriaId":"FE7B0F72-DEDF-40C4-887C-83725C52C92E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_e:e3826:*:*:*:*:*:*:*","matchCriteriaId":"9568C222-9816-4520-B01C-C1DC2A79002D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_e:e3827:*:*:*:*:*:*:*","matchCriteriaId":"4B2F8FAD-1688-4369-BB4B-9FA9F30A80A9"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_e:e3845:*:*:*:*:*:*:*","matchCriteriaId":"53A1F23D-7226-4479-B51F-36376CC80B04"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_x3:c3130:*:*:*:*:*:*:*","matchCriteriaId":"BAB245C8-9918-41A0-9DFB-A11E4185C87A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_x3:c3200rk:*:*:*:*:*:*:*","matchCriteriaId":"9990DD08-BD81-4BFA-B3D4-0DECBF8CCC54"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_x3:c3205rk:*:*:*:*:*:*:*","matchCriteriaId":"F752A3C8-18ED-4765-B6EC-C664154EB701"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_x3:c3230rk:*:*:*:*:*:*:*","matchCriteriaId":"B4F31C3F-7C0D-4D95-B4B9-89FD38076913"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_x3:c3235rk:*:*:*:*:*:*:*","matchCriteriaId":"5BEEE36E-E735-4A33-80B7-9407D072F6BD"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_x3:c3265rk:*:*:*:*:*:*:*","matchCriteriaId":"2CB3D3DE-21BE-40C7-A510-AC97C92390DC"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_x3:c3295rk:*:*:*:*:*:*:*","matchCriteriaId":"0D9A9545-38A3-460D-AB1A-8B03BEB405A8"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_x3:c3405:*:*:*:*:*:*:*","matchCriteriaId":"1860D932-777D-41F2-94A2-D14AB1494AA3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_x3:c3445:*:*:*:*:*:*:*","matchCriteriaId":"75165A10-2FD5-4370-814C-B60FDE339AFF"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_z:z2420:*:*:*:*:*:*:*","matchCriteriaId":"65AAC7A7-77CA-4C6C-BD96-92A253512F09"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_z:z2460:*:*:*:*:*:*:*","matchCriteriaId":"FCD16C07-0050-495A-8722-7AC46F5920F9"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_z:z2480:*:*:*:*:*:*:*","matchCriteriaId":"01423706-C82C-4457-9638-1A2380DE3826"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_z:z2520:*:*:*:*:*:*:*","matchCriteriaId":"A881E2D3-A668-465F-862B-F8C145BD5E8D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_z:z2560:*:*:*:*:*:*:*","matchCriteriaId":"3E5B9B98-0EF0-4ACD-B378-F9DE5AB36CBB"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_z:z2580:*:*:*:*:*:*:*","matchCriteriaId":"4BDC6806-E4FC-4A6E-A6BB-88C18E47ABFA"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_z:z2760:*:*:*:*:*:*:*","matchCriteriaId":"6602DD69-E59A-417D-B19F-CA16B01E652C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_z:z3460:*:*:*:*:*:*:*","matchCriteriaId":"05C493EE-EF9F-47E2-8F88-86DF6C5F1FF9"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_z:z3480:*:*:*:*:*:*:*","matchCriteriaId":"40010DAE-DD1A-4A81-B6E9-EDC1B0DDCAB0"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_z:z3530:*:*:*:*:*:*:*","matchCriteriaId":"ED96AC16-12CC-43F6-ACC8-009A06CDD8F5"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_z:z3560:*:*:*:*:*:*:*","matchCriteriaId":"2CE9DC29-C192-4553-AF29-D39290976F47"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_z:z3570:*:*:*:*:*:*:*","matchCriteriaId":"F625E647-B47E-404C-9C5B-72F3EB1C46F5"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_z:z3580:*:*:*:*:*:*:*","matchCriteriaId":"E3AF3279-89E7-4C91-8C5F-5AD5937CD0C4"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_z:z3590:*:*:*:*:*:*:*","matchCriteriaId":"B5878612-9825-4737-85A5-8227BA97CBA5"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_z:z3735d:*:*:*:*:*:*:*","matchCriteriaId":"F453D348-28CE-402B-9D40-A29436A24ECC"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_z:z3735e:*:*:*:*:*:*:*","matchCriteriaId":"36322F4B-83D7-468A-BB34-1C03729E9BF3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_z:z3735f:*:*:*:*:*:*:*","matchCriteriaId":"0AD22811-C3C6-4B5E-98D5-D3F2240E6C8C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_z:z3735g:*:*:*:*:*:*:*","matchCriteriaId":"A3C7D0BA-8F07-42AD-8BB9-C65472BE41C1"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_z:z3736f:*:*:*:*:*:*:*","matchCriteriaId":"B0A2A50E-94FA-44E9-A45D-3016750CFBDA"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_z:z3736g:*:*:*:*:*:*:*","matchCriteriaId":"5625CAD8-4A62-4747-B6D9-90E56F09B731"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_z:z3740:*:*:*:*:*:*:*","matchCriteriaId":"43A234CE-D6AA-4A32-8425-1A4DDA0F6B6D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_z:z3740d:*:*:*:*:*:*:*","matchCriteriaId":"78DE1A01-3AEF-41E6-97EE-CB93429C4A1D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_z:z3745:*:*:*:*:*:*:*","matchCriteriaId":"410184AF-B932-4AC9-984F-73FD58BB4CF7"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_z:z3745d:*:*:*:*:*:*:*","matchCriteriaId":"B265F073-9E0A-4CA0-8296-AB52DEB1C323"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_z:z3770:*:*:*:*:*:*:*","matchCriteriaId":"3F664223-1CBC-4D8A-921B-F03AACA6672B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_z:z3770d:*:*:*:*:*:*:*","matchCriteriaId":"987A8470-08BA-45DE-8EC0-CD2B4451EECD"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_z:z3775:*:*:*:*:*:*:*","matchCriteriaId":"8BBC9542-FB77-4769-BF67-D42829703920"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_z:z3775d:*:*:*:*:*:*:*","matchCriteriaId":"74FDC18B-4662-422E-A86A-48FE821C056F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_z:z3785:*:*:*:*:*:*:*","matchCriteriaId":"CAB4AA2C-D1D9-44D8-9471-66EBDE9DC66D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_z:z3795:*:*:*:*:*:*:*","matchCriteriaId":"CBA3E7AE-CB74-48A8-A2B8-9FCADB6E40D2"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_j:j1750:*:*:*:*:*:*:*","matchCriteriaId":"78E4461B-72F8-4F3D-A405-4AFA99EC8A32"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_j:j1800:*:*:*:*:*:*:*","matchCriteriaId":"663DDC1C-E48A-4E84-A6CC-B46FC45D6A6F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_j:j1850:*:*:*:*:*:*:*","matchCriteriaId":"8CEEC75B-10CE-4B7E-BA5F-6D661EC07FFF"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_j:j1900:*:*:*:*:*:*:*","matchCriteriaId":"DAEDED56-9387-4DAC-BF52-C32ECCB7D407"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_j:j3060:*:*:*:*:*:*:*","matchCriteriaId":"FA13F31C-BBD9-48C7-8499-92D0B5CA8CF4"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_j:j3160:*:*:*:*:*:*:*","matchCriteriaId":"E57A9B28-734B-401D-B24C-A295F364D8E8"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_j:j3355:*:*:*:*:*:*:*","matchCriteriaId":"F02289DF-4A02-4602-89B7-E9148236EE1E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_j:j3455:*:*:*:*:*:*:*","matchCriteriaId":"723E7155-493D-4B5A-99E2-AB261838190E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_j:j4005:*:*:*:*:*:*:*","matchCriteriaId":"82E37264-E4BA-4D9D-92E7-56DE6B5F918F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_j:j4105:*:*:*:*:*:*:*","matchCriteriaId":"8704BE6D-2857-4328-9298-E0273376F2CD"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_n:n2805:*:*:*:*:*:*:*","matchCriteriaId":"731F1E65-1D53-443B-8E2F-8AF11191AFA6"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_n:n2806:*:*:*:*:*:*:*","matchCriteriaId":"02A83822-822D-4A4D-B29B-A5BE6367A7DF"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_n:n2807:*:*:*:*:*:*:*","matchCriteriaId":"E8C32738-F08E-469C-8DE0-2708F30574A1"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_n:n2808:*:*:*:*:*:*:*","matchCriteriaId":"B292187E-8EAD-49D2-B469-B14CA0656035"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_n:n2810:*:*:*:*:*:*:*","matchCriteriaId":"C7D131E1-24C1-48CF-B3DD-46B09A718FB5"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_n:n2815:*:*:*:*:*:*:*","matchCriteriaId":"0ABF1231-73CF-4D1B-860C-E76CD26A645E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_n:n2820:*:*:*:*:*:*:*","matchCriteriaId":"F7F88E38-4EC4-41DB-A59D-800997440C0E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_n:n2830:*:*:*:*:*:*:*","matchCriteriaId":"32FD6647-4101-4B36-9A9A-F70C29997148"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_n:n2840:*:*:*:*:*:*:*","matchCriteriaId":"D248D668-A895-43B3-ADEF-1B22EE7DC76E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_n:n2910:*:*:*:*:*:*:*","matchCriteriaId":"858411B5-E904-45FA-8B33-5CC73B915B22"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_n:n2920:*:*:*:*:*:*:*","matchCriteriaId":"6BB9336C-C893-4AB0-9402-868CE9960058"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_n:n2930:*:*:*:*:*:*:*","matchCriteriaId":"A4695F94-7AAE-4219-9EF6-CE6D0838192D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_n:n2940:*:*:*:*:*:*:*","matchCriteriaId":"BD7A0991-73F0-410D-855C-BFC88A66E61F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_n:n3000:*:*:*:*:*:*:*","matchCriteriaId":"FAF5CF9A-B3F2-4686-B933-7DB13AD2CF35"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_n:n3010:*:*:*:*:*:*:*","matchCriteriaId":"9858EAC3-C1CE-449B-A605-FFA337DA825D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_n:n3050:*:*:*:*:*:*:*","matchCriteriaId":"E7A8F905-A4C6-4EC6-B9E8-800948350B89"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_n:n3060:*:*:*:*:*:*:*","matchCriteriaId":"565B48E3-1406-4E3C-B4A5-35865C5614E1"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_n:n3150:*:*:*:*:*:*:*","matchCriteriaId":"46B6C4D7-B0A2-4DF1-B8DE-19C806D5FABB"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_n:n3160:*:*:*:*:*:*:*","matchCriteriaId":"8AB82A90-C0BC-4BA8-88CA-4967BC3A4A7A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_n:n3350:*:*:*:*:*:*:*","matchCriteriaId":"191A094B-E354-4767-AD43-87CE140BF851"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_n:n3450:*:*:*:*:*:*:*","matchCriteriaId":"C1289B9E-5725-42EF-8848-F545421A29E1"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_n:n4000:*:*:*:*:*:*:*","matchCriteriaId":"238A21CB-F8C5-468B-B523-6D014E2EA8AA"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_n:n4100:*:*:*:*:*:*:*","matchCriteriaId":"0DC52CDD-614D-4EA0-8DA8-D71189C42E8B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:330e:*:*:*:*:*:*:*","matchCriteriaId":"A4229DB2-8BBC-49F8-87A8-2E7D56EFD310"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:330m:*:*:*:*:*:*:*","matchCriteriaId":"FEBA7322-4D95-4E70-B6A5-E0D8F1B5D7EB"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:330um:*:*:*:*:*:*:*","matchCriteriaId":"A0E91F46-D950-4894-BACF-05A70C7C6F7B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:350m:*:*:*:*:*:*:*","matchCriteriaId":"0E12B40B-5221-48A6-B2A6-D44CD5636BB0"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:370m:*:*:*:*:*:*:*","matchCriteriaId":"6BCB77C9-ABE3-44A0-B377-7D7035E8A11F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:380m:*:*:*:*:*:*:*","matchCriteriaId":"D06639F5-5EE8-44F4-B48A-5694383154DF"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:380um:*:*:*:*:*:*:*","matchCriteriaId":"CD9662C9-59D3-4B3E-A4DA-4F1EE16FC94B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:390m:*:*:*:*:*:*:*","matchCriteriaId":"637C3687-FBCC-41A0-BFE6-823BAE45FB92"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:530:*:*:*:*:*:*:*","matchCriteriaId":"2350A197-193F-4B22-80E8-3275C97C78EE"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:540:*:*:*:*:*:*:*","matchCriteriaId":"734C7A7E-ACCA-4B34-BF38-0FAED988CC6A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:550:*:*:*:*:*:*:*","matchCriteriaId":"4D9ABAFC-B3B5-449D-A48E-2E978563EDE7"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:560:*:*:*:*:*:*:*","matchCriteriaId":"99019EA0-6576-4CE7-B60A-975D418AA917"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:2100:*:*:*:*:*:*:*","matchCriteriaId":"8E846AEF-751D-40AD-84B5-EFDC9CF23E2F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:2100t:*:*:*:*:*:*:*","matchCriteriaId":"EB9DD909-B2AC-46BA-B057-D239D0773CAD"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:2102:*:*:*:*:*:*:*","matchCriteriaId":"54F5C355-FDFC-4E71-93AA-218389EF10E6"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:2105:*:*:*:*:*:*:*","matchCriteriaId":"B0A1CA1E-971D-4F67-864E-2E772C1E736B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:2115c:*:*:*:*:*:*:*","matchCriteriaId":"1B5F8391-D974-49AC-8550-ADB3FA6C0535"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:2120:*:*:*:*:*:*:*","matchCriteriaId":"8302BF58-9E54-40DA-BCFE-59CA52C460D9"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:2120t:*:*:*:*:*:*:*","matchCriteriaId":"ECCDE9EF-037B-4650-8131-4D57BE141277"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:2125:*:*:*:*:*:*:*","matchCriteriaId":"47BA9DA8-F690-4E3C-AEF6-6A5C7BAA6F19"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:2130:*:*:*:*:*:*:*","matchCriteriaId":"DB8253DA-9A04-40D6-84C1-C682B4023D4B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:2310e:*:*:*:*:*:*:*","matchCriteriaId":"DAF6D175-85C3-4C72-AD9F-31B47EF43154"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:2310m:*:*:*:*:*:*:*","matchCriteriaId":"7A5FC594-2092-4240-9538-235BBE236DD9"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:2312m:*:*:*:*:*:*:*","matchCriteriaId":"87D95F00-EA89-4FDE-991C-56636B8E0331"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:2328m:*:*:*:*:*:*:*","matchCriteriaId":"32C40D38-F7F2-4A48-ADAA-6A8BBD6A1A00"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:2330e:*:*:*:*:*:*:*","matchCriteriaId":"4158561F-8270-42D1-91D8-E063CE7F5505"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:2330m:*:*:*:*:*:*:*","matchCriteriaId":"FF0DEA96-0202-41EB-BDC3-24E2FC4415B2"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:2340ue:*:*:*:*:*:*:*","matchCriteriaId":"F8BACE1C-5D66-4FBC-8F86-30215A623A94"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:2348m:*:*:*:*:*:*:*","matchCriteriaId":"CF707146-0D64-4F3A-AE22-956EA1CB32B6"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:2350m:*:*:*:*:*:*:*","matchCriteriaId":"8118C3F9-0853-4E87-9E65-86E1398B2780"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:2357m:*:*:*:*:*:*:*","matchCriteriaId":"1A298501-C4D7-48D4-90F9-15AFA59DED48"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:2365m:*:*:*:*:*:*:*","matchCriteriaId":"FEE1B07B-3D92-4D2D-8667-D902F002277F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:2367m:*:*:*:*:*:*:*","matchCriteriaId":"8F05CB19-1059-4C4D-BFD7-9F51A22A4F97"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:2370m:*:*:*:*:*:*:*","matchCriteriaId":"5588732F-7F1A-4C24-B35F-30532107FFDE"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:2375m:*:*:*:*:*:*:*","matchCriteriaId":"A127DD5D-426D-4F24-A8C5-DC9DAC94B91C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:2377m:*:*:*:*:*:*:*","matchCriteriaId":"26EE0BBD-3982-4B0F-82F6-D58E077C75DD"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:3110m:*:*:*:*:*:*:*","matchCriteriaId":"FAEEC918-EA25-4B38-B5C3-85899D3EBE6C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:3115c:*:*:*:*:*:*:*","matchCriteriaId":"813965F4-3BDA-4478-8E6A-0FD52723B764"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:3120m:*:*:*:*:*:*:*","matchCriteriaId":"2C5EA2F4-F3EF-4305-B1A1-92F636ED688F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:3120me:*:*:*:*:*:*:*","matchCriteriaId":"04384319-EE8C-45B4-8BDD-414502E7C02D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:3130m:*:*:*:*:*:*:*","matchCriteriaId":"C52528CE-4F31-4E5F-8255-E576B20F3043"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:3210:*:*:*:*:*:*:*","matchCriteriaId":"A6C3F422-F865-4160-AA24-1DAFAE63729C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:3217u:*:*:*:*:*:*:*","matchCriteriaId":"5D034E7F-4D17-49D7-BDB2-90CB4C709B30"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:3217ue:*:*:*:*:*:*:*","matchCriteriaId":"3C18E6B4-E947-403B-80FB-7095420D482B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:3220:*:*:*:*:*:*:*","matchCriteriaId":"2814CC9F-E027-4C5A-93AF-84EA445E6C12"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:3220t:*:*:*:*:*:*:*","matchCriteriaId":"24A470C3-AAAA-4A6E-B738-FEB69DB78B9D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:3225:*:*:*:*:*:*:*","matchCriteriaId":"A1236944-4942-40E4-9BA1-029FEAE94BBC"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:3227u:*:*:*:*:*:*:*","matchCriteriaId":"086CAB4B-A10A-4165-BC33-33CADCD23C0F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:3229y:*:*:*:*:*:*:*","matchCriteriaId":"B1A6A1EB-B3AB-4CB4-827E-CCAAD783F8E0"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:3240:*:*:*:*:*:*:*","matchCriteriaId":"AAFB6B30-BFB0-4397-9E16-37D1A772E639"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:3240t:*:*:*:*:*:*:*","matchCriteriaId":"DFCB9D7B-7D0A-435D-8499-C16BE09E19FB"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:3245:*:*:*:*:*:*:*","matchCriteriaId":"64277594-9713-436B-8056-542CFA9F4CFC"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:3250:*:*:*:*:*:*:*","matchCriteriaId":"589BB170-7CBA-4F28-99E3-9242B62E2918"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:3250t:*:*:*:*:*:*:*","matchCriteriaId":"91B9C4D9-DA09-4377-9DCD-225857BD9FA7"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4000m:*:*:*:*:*:*:*","matchCriteriaId":"03D0265F-840B-45A1-90BD-9ED8846A9F63"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4005u:*:*:*:*:*:*:*","matchCriteriaId":"74BAC0EC-2B38-4553-A399-4BD5483C4753"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4010u:*:*:*:*:*:*:*","matchCriteriaId":"4477EBA6-F0A7-452B-96E8-BA788370CCA8"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4010y:*:*:*:*:*:*:*","matchCriteriaId":"1285D817-B5B8-4940-925D-FCDD24810AE6"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4012y:*:*:*:*:*:*:*","matchCriteriaId":"D289F7B4-27CD-4433-BB45-06AF98A59B7A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4020y:*:*:*:*:*:*:*","matchCriteriaId":"00168903-6012-4414-87D1-2EE52AA6D78E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4025u:*:*:*:*:*:*:*","matchCriteriaId":"6AE8D524-577E-4994-8A4B-D15022C84D7F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4030u:*:*:*:*:*:*:*","matchCriteriaId":"75977B0B-C44D-43BC-8D7A-AF966CDB1901"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4030y:*:*:*:*:*:*:*","matchCriteriaId":"AE7F5D52-9F41-49A4-B941-E0D777203FF7"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4100e:*:*:*:*:*:*:*","matchCriteriaId":"52B5B3FD-5BEA-4DE8-B010-55FED1547167"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4100m:*:*:*:*:*:*:*","matchCriteriaId":"167B1B04-5823-4038-A019-3975A3B447C9"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4100u:*:*:*:*:*:*:*","matchCriteriaId":"F6C7A4EA-0B5E-47CD-8924-3B1B60EB4BE4"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4102e:*:*:*:*:*:*:*","matchCriteriaId":"1BA096E0-5480-47CB-822B-D11D7E20F69F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4110e:*:*:*:*:*:*:*","matchCriteriaId":"30357469-0B8F-4385-A282-2F50181EA442"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4110m:*:*:*:*:*:*:*","matchCriteriaId":"3BE70772-7796-4594-880A-6AAD046E4D8D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4112e:*:*:*:*:*:*:*","matchCriteriaId":"1A9E2F8D-2974-4833-9EC2-233CEE257C26"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4120u:*:*:*:*:*:*:*","matchCriteriaId":"17EE3078-454F-48F8-B201-3847DB40D5C4"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4130:*:*:*:*:*:*:*","matchCriteriaId":"EE32C500-55C2-41A7-8621-14EBF793BF11"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4130t:*:*:*:*:*:*:*","matchCriteriaId":"52D3DF52-501A-4656-98F1-8DD51D04F31F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4150:*:*:*:*:*:*:*","matchCriteriaId":"3EA603AD-6CF1-44B2-876D-6F1C0B7EF2C9"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4150t:*:*:*:*:*:*:*","matchCriteriaId":"09578301-CF39-4C24-951A-535743E277EF"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4158u:*:*:*:*:*:*:*","matchCriteriaId":"1F4D14AA-7DBF-4B73-BDEF-6248EF5C0F7A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4160:*:*:*:*:*:*:*","matchCriteriaId":"5A65F303-96C8-4884-8D6F-F439B86BA30C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4160t:*:*:*:*:*:*:*","matchCriteriaId":"1E046105-9DF5-425F-A97E-16081D54613C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4170:*:*:*:*:*:*:*","matchCriteriaId":"B2987BCF-39E6-49B6-8DEE-963A38F12B07"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4170t:*:*:*:*:*:*:*","matchCriteriaId":"7AEDE2B7-9AA2-4A14-8A02-9A2BFF0DDCBF"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4330:*:*:*:*:*:*:*","matchCriteriaId":"5AD92AD8-033A-4AAD-91E5-CB446CCE9732"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4330t:*:*:*:*:*:*:*","matchCriteriaId":"77E0E73A-F1B4-4E70-B9F1-EE97785B8891"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4330te:*:*:*:*:*:*:*","matchCriteriaId":"61D6E3CC-79B1-4995-9A76-41683C7F254A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4340:*:*:*:*:*:*:*","matchCriteriaId":"F9CEB2B1-BD1A-4B89-8E03-4F90F04A0F0E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4340te:*:*:*:*:*:*:*","matchCriteriaId":"6FE5773D-3CD1-4E63-8983-E0105C46D185"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4350:*:*:*:*:*:*:*","matchCriteriaId":"2A7C307A-6576-4A0A-8F4E-0981C9EE2901"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4350t:*:*:*:*:*:*:*","matchCriteriaId":"18B3A53B-902C-46A5-8CE7-B55102703278"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4360:*:*:*:*:*:*:*","matchCriteriaId":"AB843479-729A-4E58-8027-0FC586F051AA"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4360t:*:*:*:*:*:*:*","matchCriteriaId":"1AF5A233-1E77-49FD-AC2C-60D185481E28"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4370:*:*:*:*:*:*:*","matchCriteriaId":"18519CF2-B0DA-42DD-8A3E-9084298C210A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:4370t:*:*:*:*:*:*:*","matchCriteriaId":"329D5FCF-7EC5-4471-906B-3619A180BD52"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:5005u:*:*:*:*:*:*:*","matchCriteriaId":"0DD43EAA-F3A5-4748-9187-A6E6707ACD11"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:5010u:*:*:*:*:*:*:*","matchCriteriaId":"C6F3C14D-4BFC-4205-8781-95E6B28C83C1"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:5015u:*:*:*:*:*:*:*","matchCriteriaId":"20942AD8-ADB7-4A50-BDBE-DB36249F4F52"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:5020u:*:*:*:*:*:*:*","matchCriteriaId":"1EC6ED02-134B-4322-AB72-75A0AB22701E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:5157u:*:*:*:*:*:*:*","matchCriteriaId":"6FA74EEE-54CC-4F80-B1D3-99F7771335ED"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:6006u:*:*:*:*:*:*:*","matchCriteriaId":"B6B859F7-0373-4ADD-92B3-0FAB42FCF23C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:6098p:*:*:*:*:*:*:*","matchCriteriaId":"AAC76F31-00A5-4719-AA50-92F773919B3C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:6100:*:*:*:*:*:*:*","matchCriteriaId":"49996F5A-51B2-4D4E-AE04-E98E093A76CC"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:6100e:*:*:*:*:*:*:*","matchCriteriaId":"9F8406B0-D1E5-4633-B17E-53DC99FE7622"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:6100h:*:*:*:*:*:*:*","matchCriteriaId":"3D49435C-7C33-454B-9F43-9C10F28A28A1"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:6100t:*:*:*:*:*:*:*","matchCriteriaId":"D17E1A0F-1150-4899-81BC-BE84E4EF5FA3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:6100te:*:*:*:*:*:*:*","matchCriteriaId":"EADD98AE-BAB0-440D-AB9F-2D76BE5109E2"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:6100u:*:*:*:*:*:*:*","matchCriteriaId":"ED44A404-8548-4EDC-8928-4094D05A6A38"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:6102e:*:*:*:*:*:*:*","matchCriteriaId":"3A6E4AA3-BEBC-4B14-9A52-A8F8B2954D64"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:6157u:*:*:*:*:*:*:*","matchCriteriaId":"D2AAD8F0-0D31-4806-8A88-A30E5BE43630"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:6167u:*:*:*:*:*:*:*","matchCriteriaId":"8164EE5F-6ABA-4365-8718-2F98C2E57A0F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:6300:*:*:*:*:*:*:*","matchCriteriaId":"C7110AF9-A407-4EE2-9C46-E5F1E3638E9A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:6300t:*:*:*:*:*:*:*","matchCriteriaId":"2A06696D-37F0-427D-BFC5-1606E7441C31"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:6320:*:*:*:*:*:*:*","matchCriteriaId":"E9F8A5FC-5EFE-42EC-A49B-D3A312FB5F6F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:8100:*:*:*:*:*:*:*","matchCriteriaId":"68A76015-0A05-4EC7-B136-DC13B55D881F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i3:8350k:*:*:*:*:*:*:*","matchCriteriaId":"C352DCE8-E8D9-40D3-AFE9-B5FB84F7ED33"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:430m:*:*:*:*:*:*:*","matchCriteriaId":"54464F6C-9B2D-46BA-AC44-506389F3EE0C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:430um:*:*:*:*:*:*:*","matchCriteriaId":"8FA11017-EA58-45EE-8408-FCCCF7183643"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:450m:*:*:*:*:*:*:*","matchCriteriaId":"8A5098A5-E4E8-47E4-8CD0-F607FF0C0C90"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:460m:*:*:*:*:*:*:*","matchCriteriaId":"442AD778-D56F-4C30-BBF8-749D6AAC4737"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:470um:*:*:*:*:*:*:*","matchCriteriaId":"AF7D3F31-AF4D-4C50-8590-A763AAC7AF07"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:480m:*:*:*:*:*:*:*","matchCriteriaId":"445BFC2E-38FA-4130-8550-0866EC4EDA33"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:520e:*:*:*:*:*:*:*","matchCriteriaId":"A6DC2746-CE41-40C9-8CFA-23231BBCAE77"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:520m:*:*:*:*:*:*:*","matchCriteriaId":"3C3A8976-5E4D-490A-A87D-A47D1B2B903C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:520um:*:*:*:*:*:*:*","matchCriteriaId":"0C8535E6-220E-4747-8992-45B6EAFC555C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:540m:*:*:*:*:*:*:*","matchCriteriaId":"C7479B49-F484-4DF2-86CB-E52EE89FA238"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:540um:*:*:*:*:*:*:*","matchCriteriaId":"B6D68512-746D-4E95-857B-13A0B6313C5E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:560m:*:*:*:*:*:*:*","matchCriteriaId":"4312BA84-F9A0-4BD4-8438-058E1E7D6C0C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:560um:*:*:*:*:*:*:*","matchCriteriaId":"60E52DF5-C713-4BC4-B587-FF6BDA8509CC"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:580m:*:*:*:*:*:*:*","matchCriteriaId":"304ADCAC-9E49-42BD-BC92-58D9B2AD52E0"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:650:*:*:*:*:*:*:*","matchCriteriaId":"2AB02172-B9A7-4801-88F2-98BF5843184A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:655k:*:*:*:*:*:*:*","matchCriteriaId":"5141380E-BD18-47C1-A84C-384BA821773D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:660:*:*:*:*:*:*:*","matchCriteriaId":"1AE6C49E-2359-4E44-9979-7D34F8460E35"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:661:*:*:*:*:*:*:*","matchCriteriaId":"C004B75F-37AF-4E61-98F3-1B09A7062DDB"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:670:*:*:*:*:*:*:*","matchCriteriaId":"F7126D19-C6D9-43CB-8809-647B1A20E7DE"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:680:*:*:*:*:*:*:*","matchCriteriaId":"9CC98503-A80A-4114-8BF2-E016659BE84E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:750:*:*:*:*:*:*:*","matchCriteriaId":"01E6F4A7-24BE-4AA0-9CDD-84FBC56FE9BB"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:750s:*:*:*:*:*:*:*","matchCriteriaId":"3821412D-B010-49C4-A7B4-6C5FB6C603B1"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:760:*:*:*:*:*:*:*","matchCriteriaId":"A34CA5CC-9EB1-4063-8B9D-3F566C1EFF76"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:2300:*:*:*:*:*:*:*","matchCriteriaId":"5CEB5D2D-FF54-4BDB-9E9C-8C1B2719FC9A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:2310:*:*:*:*:*:*:*","matchCriteriaId":"6AD5B51A-AEA0-4DA2-BA60-94A2D5605352"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:2320:*:*:*:*:*:*:*","matchCriteriaId":"F96C6CA0-434D-428F-B629-A971C2937628"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:2380p:*:*:*:*:*:*:*","matchCriteriaId":"301AB72A-A6F2-42C8-A931-94EF2271443F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:2390t:*:*:*:*:*:*:*","matchCriteriaId":"59414B5A-05B8-49AF-A197-2A31729DDB65"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:2400:*:*:*:*:*:*:*","matchCriteriaId":"0BFDD380-692F-41D7-996F-F97FC74DC7CF"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:2400s:*:*:*:*:*:*:*","matchCriteriaId":"49602828-2BFC-4571-9F05-6210FD263DF2"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:2405s:*:*:*:*:*:*:*","matchCriteriaId":"87E03978-E16D-4A9B-8AE7-9F4F1171C14A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:2410m:*:*:*:*:*:*:*","matchCriteriaId":"03096A9A-5758-47E6-81E2-BCFE847C41F4"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:2430m:*:*:*:*:*:*:*","matchCriteriaId":"150CC865-7975-45EC-BFF7-A94146442BA8"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:2435m:*:*:*:*:*:*:*","matchCriteriaId":"C8FA1308-589B-432B-80F9-9A499D083ED5"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:2450m:*:*:*:*:*:*:*","matchCriteriaId":"6ED2453E-30E1-4620-BEC5-21B0083449E2"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:2450p:*:*:*:*:*:*:*","matchCriteriaId":"0FE8DD05-D700-4F89-9B01-D489029DF7A8"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:2467m:*:*:*:*:*:*:*","matchCriteriaId":"050957CA-6191-4F9F-9D07-48B342B3B1B8"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:2500:*:*:*:*:*:*:*","matchCriteriaId":"DACBF998-8B11-45C7-9017-486AED4FAE6C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:2500k:*:*:*:*:*:*:*","matchCriteriaId":"C9F2F3C4-FC94-414A-A208-913A43D57D75"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:2500s:*:*:*:*:*:*:*","matchCriteriaId":"641152EC-F4B4-4E5E-B396-AC4CAAB805BF"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:2500t:*:*:*:*:*:*:*","matchCriteriaId":"4911E332-B8BA-4336-A448-3F70D2BBB147"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:2510e:*:*:*:*:*:*:*","matchCriteriaId":"330EC403-3174-4543-9BBE-CEC0ABC1575D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:2515e:*:*:*:*:*:*:*","matchCriteriaId":"5EF585D0-507E-491E-9C3B-78EE26F2F070"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:2520m:*:*:*:*:*:*:*","matchCriteriaId":"DD00F7C6-6762-4DC9-9F6C-5EAC4ACB1C54"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:2537m:*:*:*:*:*:*:*","matchCriteriaId":"1F5D885A-85C4-4A11-B061-61EFF6B6E329"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:2540m:*:*:*:*:*:*:*","matchCriteriaId":"0502B59F-933C-4E25-A2EC-9296B197E139"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:2550k:*:*:*:*:*:*:*","matchCriteriaId":"99D9C0A9-2DFF-4760-8FED-AC2DA7968E51"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:2557m:*:*:*:*:*:*:*","matchCriteriaId":"B5A1BAEC-18BF-4607-BFB7-48102E75186A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:3210m:*:*:*:*:*:*:*","matchCriteriaId":"D49ED138-F42D-4451-A350-0B2DD5AB9444"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:3230m:*:*:*:*:*:*:*","matchCriteriaId":"5ED91472-90FC-4AC8-96D5-1550A8502411"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:3317u:*:*:*:*:*:*:*","matchCriteriaId":"57CEEFA6-CEED-4CA3-8DDC-B6601D69FB7C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:3320m:*:*:*:*:*:*:*","matchCriteriaId":"2FD25ECD-0605-4CD7-9DC5-294ACD7EF1B0"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:3330:*:*:*:*:*:*:*","matchCriteriaId":"2784E2AF-A5E5-4960-830C-B3EFB84043D0"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:3330s:*:*:*:*:*:*:*","matchCriteriaId":"9112FA50-5527-4B20-80F5-2DE9E66D09F6"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:3337u:*:*:*:*:*:*:*","matchCriteriaId":"73CE4E2E-B2BF-409E-B18C-D67DA810FE9B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:3339y:*:*:*:*:*:*:*","matchCriteriaId":"E2B84D67-0B1D-4B74-BC85-AF8F933D8429"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:3340:*:*:*:*:*:*:*","matchCriteriaId":"BCA05A18-1523-4EED-9D2E-0A258A33F24F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:3340m:*:*:*:*:*:*:*","matchCriteriaId":"C34E70EB-92F0-43F6-8883-FE422BE1A3FC"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:3340s:*:*:*:*:*:*:*","matchCriteriaId":"78D301F1-20C2-4756-9A90-37F14835CE14"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:3350p:*:*:*:*:*:*:*","matchCriteriaId":"B2EEC8B5-1CAB-4FBE-BBA2-D2FFA3EF9489"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:3360m:*:*:*:*:*:*:*","matchCriteriaId":"BA63B803-4D48-42E8-A793-F92ABCB8BFC9"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:3380m:*:*:*:*:*:*:*","matchCriteriaId":"129DB9CB-E878-4856-A954-15FFE1428636"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:3427u:*:*:*:*:*:*:*","matchCriteriaId":"730DB4AA-FD7D-40C6-8D7F-19937832EF9A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:3437u:*:*:*:*:*:*:*","matchCriteriaId":"07E86978-4820-422A-8C7C-FF0697DAED05"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:3439y:*:*:*:*:*:*:*","matchCriteriaId":"8A7A9DB5-F544-4FD8-A9CC-0BD6257516AF"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:3450:*:*:*:*:*:*:*","matchCriteriaId":"AF813AD9-D296-4915-861C-8DE929E45FE3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:3450s:*:*:*:*:*:*:*","matchCriteriaId":"04A65469-083F-40B5-86C5-A2EAE5B2F00A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:3470:*:*:*:*:*:*:*","matchCriteriaId":"8F1AA82E-BD86-40F5-B417-71DF6AF53A37"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:3470s:*:*:*:*:*:*:*","matchCriteriaId":"B71A6DB0-5EB0-4712-8480-CF427F521D33"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:3470t:*:*:*:*:*:*:*","matchCriteriaId":"8223D5A1-ADF1-43C6-AF91-EE5C413BCB37"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:3475s:*:*:*:*:*:*:*","matchCriteriaId":"4DD69605-F52B-4623-921A-983A5A408ECA"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:3550:*:*:*:*:*:*:*","matchCriteriaId":"B1D5685F-6FFE-4A6A-9FF8-940C8DA36499"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:3550s:*:*:*:*:*:*:*","matchCriteriaId":"B94062D9-8DDA-4B4A-B3B5-07F71F5B97E7"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:3570:*:*:*:*:*:*:*","matchCriteriaId":"3832D0A6-419D-4876-B5C4-920578F713F3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:3570k:*:*:*:*:*:*:*","matchCriteriaId":"E1AA5C8A-83A8-4F96-9D7C-7A50ADDB2341"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:3570s:*:*:*:*:*:*:*","matchCriteriaId":"404E38E6-9EB3-41D0-97A7-DC579688BFB0"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:3570t:*:*:*:*:*:*:*","matchCriteriaId":"40E4A921-AB28-47B7-B5A3-EB82193D15BA"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:3610me:*:*:*:*:*:*:*","matchCriteriaId":"B0357E48-2300-47B4-B9E5-9FE813A2FC09"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4200h:*:*:*:*:*:*:*","matchCriteriaId":"96CC28B6-57D1-4919-AA55-A262CC16AFE6"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4200m:*:*:*:*:*:*:*","matchCriteriaId":"0EB4C54D-1265-425A-B507-E1099844875A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4200u:*:*:*:*:*:*:*","matchCriteriaId":"97362147-3A71-430D-9064-4435D45C3B8C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4200y:*:*:*:*:*:*:*","matchCriteriaId":"89212CF3-4E99-4389-94CE-F4211DDCA01B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4202y:*:*:*:*:*:*:*","matchCriteriaId":"FBEA4DA3-0AFB-4FCE-92DB-5B316775BB17"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4210h:*:*:*:*:*:*:*","matchCriteriaId":"611C0A0A-1FA3-42F9-82E8-BFCB71A077DD"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4210m:*:*:*:*:*:*:*","matchCriteriaId":"36F027D9-DCB4-4A3D-8987-41F2941DBD45"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4210u:*:*:*:*:*:*:*","matchCriteriaId":"E23BCEC9-2BFB-4B41-9A7A-18B1347C6202"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4210y:*:*:*:*:*:*:*","matchCriteriaId":"4924CE39-A846-4DB4-9547-6322FC5AD6B3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4220y:*:*:*:*:*:*:*","matchCriteriaId":"6C9E2C9A-94A1-456B-90D5-54932DF64C22"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4250u:*:*:*:*:*:*:*","matchCriteriaId":"AC04C652-B2D8-4002-A50E-8AFE83204A25"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4258u:*:*:*:*:*:*:*","matchCriteriaId":"10D413F0-CDBC-4A63-B9A7-9E7725BA1E83"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4260u:*:*:*:*:*:*:*","matchCriteriaId":"754A8826-59F7-4A71-B74B-737BE9C7DE4F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4278u:*:*:*:*:*:*:*","matchCriteriaId":"FADB6BDA-6825-489B-AB39-7729BA45DFD8"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4288u:*:*:*:*:*:*:*","matchCriteriaId":"7913F57E-E600-4767-AF51-D045E1898E72"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4300m:*:*:*:*:*:*:*","matchCriteriaId":"BD3783F4-5A05-45AA-9791-A681011FD78C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4300u:*:*:*:*:*:*:*","matchCriteriaId":"01E3114D-31D2-4DBF-A664-F4049D8B6266"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4300y:*:*:*:*:*:*:*","matchCriteriaId":"D8EE6578-981D-470C-BB24-4960B3CB1478"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4302y:*:*:*:*:*:*:*","matchCriteriaId":"E3320D50-C5C9-4D75-BF1A-5BB7BCBFE2BD"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4308u:*:*:*:*:*:*:*","matchCriteriaId":"7EE59839-8EB9-47FE-88E2-F0D54BE787A2"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4310m:*:*:*:*:*:*:*","matchCriteriaId":"75694A3D-080A-4AA7-97DF-5A5833C9D9F7"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4310u:*:*:*:*:*:*:*","matchCriteriaId":"19C5E27D-BBAB-4395-8FC6-8E3D4FB9A1EE"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4330m:*:*:*:*:*:*:*","matchCriteriaId":"6E996176-3DEA-46E6-93B7-9C0DF32B59D3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4340m:*:*:*:*:*:*:*","matchCriteriaId":"4417007D-126A-478B-87EA-039D088A4515"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4350u:*:*:*:*:*:*:*","matchCriteriaId":"F78C2825-F6A3-4188-9D25-59EAEC8A7B0A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4360u:*:*:*:*:*:*:*","matchCriteriaId":"EF2FA85D-B117-410D-B247-8C5A3479319A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4400e:*:*:*:*:*:*:*","matchCriteriaId":"3A041D27-132C-4B15-976F-1750C039A89F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4402e:*:*:*:*:*:*:*","matchCriteriaId":"5D495E06-BF2B-4C5A-881D-94C93CD2BA2B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4402ec:*:*:*:*:*:*:*","matchCriteriaId":"7C31DFB8-8D8C-47D6-AAFF-BAE829A3D965"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4410e:*:*:*:*:*:*:*","matchCriteriaId":"088BC395-06D5-4156-85EB-63C4A9552898"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4422e:*:*:*:*:*:*:*","matchCriteriaId":"33A220A2-A6D2-46A7-B168-607400EEDCE3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4430:*:*:*:*:*:*:*","matchCriteriaId":"1E79232F-7196-440B-82D4-165885251232"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4430s:*:*:*:*:*:*:*","matchCriteriaId":"ED866954-77AB-4CA8-8AED-4252C595FC4D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4440:*:*:*:*:*:*:*","matchCriteriaId":"28A1F516-B180-45D4-8EB1-754B7497CB2B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4440s:*:*:*:*:*:*:*","matchCriteriaId":"36758A04-64D3-4150-A004-CF042FA31CD9"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4460:*:*:*:*:*:*:*","matchCriteriaId":"1E01752E-F1DD-400A-A917-216CAF15B0F9"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4460s:*:*:*:*:*:*:*","matchCriteriaId":"AD47EC58-F776-4F59-8F15-4B208904CF4B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4460t:*:*:*:*:*:*:*","matchCriteriaId":"2D3781F4-2123-4FA1-8AF5-D0D1E6C1A5B9"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4570:*:*:*:*:*:*:*","matchCriteriaId":"94565E35-8A58-4CB6-A489-C796DCB97FC5"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4570r:*:*:*:*:*:*:*","matchCriteriaId":"49964D35-5323-4412-BD54-661630F9A8CB"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4570s:*:*:*:*:*:*:*","matchCriteriaId":"F0A37E7D-1BF6-4A2A-BF52-5F0EC4B4F341"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4570t:*:*:*:*:*:*:*","matchCriteriaId":"A0F66468-87D0-41FC-934B-5924BE2956CB"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4570te:*:*:*:*:*:*:*","matchCriteriaId":"3E0F93E1-4607-4DF4-AC6E-4B7254D4A8DE"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4590:*:*:*:*:*:*:*","matchCriteriaId":"45C0D99E-443E-4AB1-A07A-900A09FE177E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4590s:*:*:*:*:*:*:*","matchCriteriaId":"C6D0FD76-C1FB-43D0-8511-FC0BA6DA7960"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4590t:*:*:*:*:*:*:*","matchCriteriaId":"A9DAEE52-09C3-4A09-9958-9D6807B2700B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4670:*:*:*:*:*:*:*","matchCriteriaId":"B97690D4-E814-4D40-B170-BE56D7AE2C1B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4670k:*:*:*:*:*:*:*","matchCriteriaId":"89804F2C-D32D-4444-ABEA-5B241153D096"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4670r:*:*:*:*:*:*:*","matchCriteriaId":"2AAAAF9C-B29B-4020-BAFF-C87B1A08294A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4670s:*:*:*:*:*:*:*","matchCriteriaId":"ECE60E1E-AB8D-46E4-A779-A54F2D20B5D5"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4670t:*:*:*:*:*:*:*","matchCriteriaId":"EB958A28-7C9A-4BD0-B002-4E1A65CDB0A4"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4690:*:*:*:*:*:*:*","matchCriteriaId":"7C27B318-2AC1-423D-B0C8-583BB1800D5A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4690k:*:*:*:*:*:*:*","matchCriteriaId":"9E58E3D0-1154-4B13-BA16-67CE67DF0637"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4690s:*:*:*:*:*:*:*","matchCriteriaId":"32D2ACB3-B906-4944-A021-03C4645965BD"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:4690t:*:*:*:*:*:*:*","matchCriteriaId":"8FFF834A-D7F0-4E48-AD3D-DD0BCE6DEC0E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:5200u:*:*:*:*:*:*:*","matchCriteriaId":"8E1A41BA-A1D6-484A-BAD2-68DF85598354"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:5250u:*:*:*:*:*:*:*","matchCriteriaId":"11260C9D-69A9-4D81-9CCF-2E116DD75F7C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:5257u:*:*:*:*:*:*:*","matchCriteriaId":"1C020F06-FD27-46E3-A48F-3F60F33BB969"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:5287u:*:*:*:*:*:*:*","matchCriteriaId":"03C74F10-6A7F-4F68-8A34-E981E1760DE5"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:5300u:*:*:*:*:*:*:*","matchCriteriaId":"24741B98-8D0E-4307-AAEF-A14B2531DCA9"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:5350h:*:*:*:*:*:*:*","matchCriteriaId":"8D4FA4BA-4304-4A70-9F86-120F2A3D8148"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:5350u:*:*:*:*:*:*:*","matchCriteriaId":"367FC8BA-F046-4264-A049-49E933E7698F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:5575r:*:*:*:*:*:*:*","matchCriteriaId":"DE9B68D3-1DFB-4468-85C4-AC13E6CBC111"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:5675c:*:*:*:*:*:*:*","matchCriteriaId":"C966A016-B650-44D9-B8C4-1ED50AB318DA"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:5675r:*:*:*:*:*:*:*","matchCriteriaId":"DC448FF0-6D3F-4609-864B-4191905EE2B9"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:6200u:*:*:*:*:*:*:*","matchCriteriaId":"0FC246FE-4CA6-4B2D-83C3-D50A386C24A0"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:6260u:*:*:*:*:*:*:*","matchCriteriaId":"758A14DB-1BAF-442A-BA7C-5E9C67847BEA"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:6267u:*:*:*:*:*:*:*","matchCriteriaId":"61309100-CFA7-4607-A236-8910838AA057"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:6287u:*:*:*:*:*:*:*","matchCriteriaId":"82D76265-7BD0-4C51-AE77-22B22524DE81"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:6300hq:*:*:*:*:*:*:*","matchCriteriaId":"DE38B195-BB8D-4747-881D-E8033760B4C8"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:6300u:*:*:*:*:*:*:*","matchCriteriaId":"1AA8BE76-168D-48A3-8DF6-E91F44600408"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:6350hq:*:*:*:*:*:*:*","matchCriteriaId":"3B656975-5D71-4712-9820-BDB7BC248AFA"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:6360u:*:*:*:*:*:*:*","matchCriteriaId":"FA045267-114D-4587-B6D7-E273C28DC9B1"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:6400:*:*:*:*:*:*:*","matchCriteriaId":"77018415-E122-406E-896D-1BC6CF790BE3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:6400t:*:*:*:*:*:*:*","matchCriteriaId":"3ADF37F1-546B-4EF0-8DEC-DC3B9F5309FF"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:6402p:*:*:*:*:*:*:*","matchCriteriaId":"D7469256-1A64-46FF-8F5A-A8E9E3CF5BE5"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:6440eq:*:*:*:*:*:*:*","matchCriteriaId":"7F9069B9-9FE3-4AD5-9A8E-55C0F73BD756"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:6440hq:*:*:*:*:*:*:*","matchCriteriaId":"F4E1C012-3E05-44DB-B6D2-BFD619C034B4"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:6442eq:*:*:*:*:*:*:*","matchCriteriaId":"15D689D6-8594-42F2-8EEF-DCAEBA885A67"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:6500:*:*:*:*:*:*:*","matchCriteriaId":"A6446000-0494-4DC5-ABAA-F20A44546068"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:6500t:*:*:*:*:*:*:*","matchCriteriaId":"99B94EEC-6690-45D0-B086-F4A5B25C25CB"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:6500te:*:*:*:*:*:*:*","matchCriteriaId":"8B767B6E-B3E6-4424-97A6-89A7E7EB0EEB"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:6585r:*:*:*:*:*:*:*","matchCriteriaId":"832AB3CD-E3A1-4CCB-A210-287973563D0E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:6600:*:*:*:*:*:*:*","matchCriteriaId":"5A26C0CC-68AD-40F5-96B8-87E6C643F6F8"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:6600k:*:*:*:*:*:*:*","matchCriteriaId":"99C4221A-9994-43B3-9C7A-E13815A50A10"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:6600t:*:*:*:*:*:*:*","matchCriteriaId":"20070B1D-B91C-40BA-A9D8-E80170A2933F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:6685r:*:*:*:*:*:*:*","matchCriteriaId":"A70129C9-371F-4542-A388-C095869E593A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:8250u:*:*:*:*:*:*:*","matchCriteriaId":"6C4DE25F-168A-4C67-8B66-09F61F072BD4"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:8350u:*:*:*:*:*:*:*","matchCriteriaId":"58157F24-D89E-4552-8CE6-2F01E98BD1E5"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:8400:*:*:*:*:*:*:*","matchCriteriaId":"BC7FFD78-1E1C-4246-BBD3-73FAC06AA46B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5:8600k:*:*:*:*:*:*:*","matchCriteriaId":"45ACBBEA-EC95-4F3E-B585-893DB6D21A0F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:7y75:*:*:*:*:*:*:*","matchCriteriaId":"7DEC55DF-1950-45E5-A5F2-B5604AFA1CBD"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:610e:*:*:*:*:*:*:*","matchCriteriaId":"A6A5EC79-1B21-4BB3-8791-73507BC8D4DC"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:620le:*:*:*:*:*:*:*","matchCriteriaId":"FCB4AFC3-FE30-4F46-ADC1-D03EB14E757D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:620lm:*:*:*:*:*:*:*","matchCriteriaId":"E0387587-AAB6-4284-8516-4DA3E3582D30"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:620m:*:*:*:*:*:*:*","matchCriteriaId":"A238C975-9196-449F-9C15-ABB2E9FD1D06"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:620ue:*:*:*:*:*:*:*","matchCriteriaId":"6F17F4A5-120B-4E00-97C8-8A85841ACBC9"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:620um:*:*:*:*:*:*:*","matchCriteriaId":"2537F047-64C9-4E73-B82C-310253184183"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:640lm:*:*:*:*:*:*:*","matchCriteriaId":"3A55857C-649D-46CE-AEDA-6E553E554FC1"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:640m:*:*:*:*:*:*:*","matchCriteriaId":"7BA4892D-AFDF-4441-821E-5EBF7F64C9F9"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:640um:*:*:*:*:*:*:*","matchCriteriaId":"327E06A3-7F0E-4498-8811-10C8D15398FE"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:660lm:*:*:*:*:*:*:*","matchCriteriaId":"1624E6D6-858E-4085-B0B9-362B819EFD88"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:660ue:*:*:*:*:*:*:*","matchCriteriaId":"50D61F4A-40F0-477C-8326-7359D3626E77"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:660um:*:*:*:*:*:*:*","matchCriteriaId":"1455B4DE-7F1C-4CF2-AE02-2EDD20025D62"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:680um:*:*:*:*:*:*:*","matchCriteriaId":"5B215788-860B-46CD-9A08-43AFF98FAEAA"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:720qm:*:*:*:*:*:*:*","matchCriteriaId":"2B92FAD5-CA6E-48F7-9613-3A4CE90F5F54"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:740qm:*:*:*:*:*:*:*","matchCriteriaId":"E4EB132B-000C-4A17-AFB3-19F40A73D2CC"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:820qm:*:*:*:*:*:*:*","matchCriteriaId":"5C4815AE-B635-4545-83C2-5EC4E0128337"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:840qm:*:*:*:*:*:*:*","matchCriteriaId":"C0046C06-E3E6-4674-A4D1-332DD29D9552"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:860:*:*:*:*:*:*:*","matchCriteriaId":"2C191851-3DC3-41C7-AD89-81F091CCC83A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:860s:*:*:*:*:*:*:*","matchCriteriaId":"21126922-8E81-47F4-82D4-CBCDDACEC4FA"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:870:*:*:*:*:*:*:*","matchCriteriaId":"209E18B0-BBB5-4C65-B336-44340F7740DE"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:870s:*:*:*:*:*:*:*","matchCriteriaId":"C867C0B8-91A4-482A-B7DD-54AB9599AE52"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:875k:*:*:*:*:*:*:*","matchCriteriaId":"30F03843-8A51-4CE1-BE6C-994BDE3A8F97"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:880:*:*:*:*:*:*:*","matchCriteriaId":"09854948-2657-4261-A32A-0523058F072E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:920:*:*:*:*:*:*:*","matchCriteriaId":"D13904A5-266D-481C-A42A-734C3823A238"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:920xm:*:*:*:*:*:*:*","matchCriteriaId":"ACC82FCB-0541-45C4-8B7E-CB612D7F702A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:930:*:*:*:*:*:*:*","matchCriteriaId":"6C18BD84-5E9C-4C9E-B0AA-2CEB0D7A58C3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:940:*:*:*:*:*:*:*","matchCriteriaId":"0F5ABC7E-C4E0-4850-A1E6-07EBCF4A87D3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:940xm:*:*:*:*:*:*:*","matchCriteriaId":"501E9355-0CDD-4951-BCC3-47962788BCCB"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:950:*:*:*:*:*:*:*","matchCriteriaId":"B3D976D9-62F0-43C3-8359-E51E26B6CD87"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:960:*:*:*:*:*:*:*","matchCriteriaId":"02AFBCD0-9B4B-4CA3-8FA9-D8B6ECB24894"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:965:*:*:*:*:*:*:*","matchCriteriaId":"64ADE9AF-196F-4E0B-BC66-7DE0183F9032"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:970:*:*:*:*:*:*:*","matchCriteriaId":"C90CCA48-1705-4564-AAF9-271201BD5113"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:975:*:*:*:*:*:*:*","matchCriteriaId":"0B82BAFF-17F5-465C-8032-67D5ECAB2921"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:980:*:*:*:*:*:*:*","matchCriteriaId":"1F694FEC-B97D-4BDA-ADFA-751E8BFB7CD2"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:980x:*:*:*:*:*:*:*","matchCriteriaId":"F831371E-7437-48D7-8281-1F406215041B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:990x:*:*:*:*:*:*:*","matchCriteriaId":"BC4F06B5-615A-464A-A0C4-7AABEE8530CD"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:2600:*:*:*:*:*:*:*","matchCriteriaId":"92AF503A-A2B1-4FC3-858B-264049ADF0F8"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:2600k:*:*:*:*:*:*:*","matchCriteriaId":"E702C7EC-B1D9-4BDF-B334-2004CD76B52B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:2600s:*:*:*:*:*:*:*","matchCriteriaId":"E39F31D6-DC4B-46FE-BE5D-EA612D915A96"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:2610ue:*:*:*:*:*:*:*","matchCriteriaId":"51CB8036-5F36-4CD4-9B3E-D2401F2E64F6"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:2617m:*:*:*:*:*:*:*","matchCriteriaId":"F9849BA3-3990-4E30-B99B-ADD043314CDA"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:2620m:*:*:*:*:*:*:*","matchCriteriaId":"A20FB18A-D3DA-4DE9-BEFF-75B7AB9B9A55"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:2629m:*:*:*:*:*:*:*","matchCriteriaId":"7A67CD6F-5E4F-4E69-A2A9-A4033DCE08EA"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:2630qm:*:*:*:*:*:*:*","matchCriteriaId":"A0A22E92-1EA7-45D9-AC86-EC3D9664C294"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:2635qm:*:*:*:*:*:*:*","matchCriteriaId":"D7FA2911-6561-47BF-BEE8-DDA31642C346"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:2637m:*:*:*:*:*:*:*","matchCriteriaId":"1FA6CA23-6F2B-44D5-B2DA-4F142BA3E48A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:2640m:*:*:*:*:*:*:*","matchCriteriaId":"0F829DED-4D92-401A-BD80-C070DE57FC7C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:2649m:*:*:*:*:*:*:*","matchCriteriaId":"F560575C-FD8E-485D-B50A-572604BBE903"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:2655le:*:*:*:*:*:*:*","matchCriteriaId":"6ED8C51B-AE59-46DC-85F9-6D3B2891CB3F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:2657m:*:*:*:*:*:*:*","matchCriteriaId":"1A38D00A-B9DC-44DF-8247-70355FF9A6EF"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:2670qm:*:*:*:*:*:*:*","matchCriteriaId":"381EFC43-D5D9-4D10-90BE-4C333A9BA074"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:2675qm:*:*:*:*:*:*:*","matchCriteriaId":"CBEDED18-2755-4C55-A1A1-04B4D5F40276"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:2677m:*:*:*:*:*:*:*","matchCriteriaId":"F04B57EC-0731-40C8-939F-1C686A65A0FC"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:2700k:*:*:*:*:*:*:*","matchCriteriaId":"2AB301FB-EB3E-4F5F-868D-5B66CC7E1E6B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:2710qe:*:*:*:*:*:*:*","matchCriteriaId":"CE1D28F9-B135-441B-A9BF-792DD356E374"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:2715qe:*:*:*:*:*:*:*","matchCriteriaId":"4D01CE3E-5C89-4FC0-9097-CAC483ACD441"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:2720qm:*:*:*:*:*:*:*","matchCriteriaId":"7BDD55C4-AFCD-4DF2-921C-DDC1D7556DA3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:2760qm:*:*:*:*:*:*:*","matchCriteriaId":"8F52334F-BE6A-4FD4-9F63-AE9BB017115B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:2820qm:*:*:*:*:*:*:*","matchCriteriaId":"C7C9BCC3-B9A6-4195-BF2F-E7BBCE8DC269"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:2860qm:*:*:*:*:*:*:*","matchCriteriaId":"2A4DFFA7-AA0E-4D7E-97B8-13389FD47D4A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:2920xm:*:*:*:*:*:*:*","matchCriteriaId":"707F6671-57AC-4DF4-8024-444502E5C92E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:2960xm:*:*:*:*:*:*:*","matchCriteriaId":"3C1FCE07-F9E8-4B14-95CE-01784D472128"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:3517u:*:*:*:*:*:*:*","matchCriteriaId":"C208711F-FC06-46C8-8849-27054DC1B264"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:3517ue:*:*:*:*:*:*:*","matchCriteriaId":"25AB8041-F201-4BB3-AAD9-199B06697DF3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:3520m:*:*:*:*:*:*:*","matchCriteriaId":"D75C474C-D5EF-42D6-9B2A-A504BEFCB982"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:3537u:*:*:*:*:*:*:*","matchCriteriaId":"1F566CD3-3649-492B-B0AB-A107E51675B9"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:3540m:*:*:*:*:*:*:*","matchCriteriaId":"BB9F3D74-AE72-4FC5-83E9-890781AF3093"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:3555le:*:*:*:*:*:*:*","matchCriteriaId":"0E8EA6A7-4AB8-487E-B5DD-9989CC5F1CD8"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:3610qe:*:*:*:*:*:*:*","matchCriteriaId":"DF63DDC8-A0C1-482B-92F2-CF6135E8C2A5"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:3610qm:*:*:*:*:*:*:*","matchCriteriaId":"C69918C6-7AAD-4AA5-AB72-C275367B1008"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:3612qe:*:*:*:*:*:*:*","matchCriteriaId":"06155B0B-A5AD-4A82-8C02-D264981687A6"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:3612qm:*:*:*:*:*:*:*","matchCriteriaId":"F76C19A4-FA26-432A-9443-9F92B2A946EB"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:3615qe:*:*:*:*:*:*:*","matchCriteriaId":"99BEE9BE-E49A-489B-B333-95D0993F8FA3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:3615qm:*:*:*:*:*:*:*","matchCriteriaId":"7427A678-EC47-4030-B905-619DD95F5A82"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:3630qm:*:*:*:*:*:*:*","matchCriteriaId":"86749716-1C9F-4C2A-B2A7-E62DEC10EA30"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:3632qm:*:*:*:*:*:*:*","matchCriteriaId":"FD000B53-06DA-4ED4-B0EE-9CB201B75C8D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:3635qm:*:*:*:*:*:*:*","matchCriteriaId":"A8424463-C329-4BAA-8AA1-25CD8B63292E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:3667u:*:*:*:*:*:*:*","matchCriteriaId":"52727E62-0048-4C56-BC8C-B3450D257B21"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:3687u:*:*:*:*:*:*:*","matchCriteriaId":"9D8223AA-F077-45FD-A7E3-3C2C1A8F6E91"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:3689y:*:*:*:*:*:*:*","matchCriteriaId":"FAA34B50-2330-4D77-BF1A-6F05F3EF222C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:3720qm:*:*:*:*:*:*:*","matchCriteriaId":"F6421F69-1076-43D2-B273-DE80FB2D5F72"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:3740qm:*:*:*:*:*:*:*","matchCriteriaId":"C1EDA9E2-CFE7-4917-BE48-A83208BDF0F3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:3770:*:*:*:*:*:*:*","matchCriteriaId":"9A34E7FC-93A4-45F2-A7B6-4A8ABFCAB0F9"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:3770k:*:*:*:*:*:*:*","matchCriteriaId":"7E611EDD-D44C-4311-B681-431D7C574528"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:3770s:*:*:*:*:*:*:*","matchCriteriaId":"C5E1B6AA-2F9A-43A8-9147-2BD9474E54C7"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:3770t:*:*:*:*:*:*:*","matchCriteriaId":"1886D007-85B6-4E5A-968D-A1FD476A08A8"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:3820qm:*:*:*:*:*:*:*","matchCriteriaId":"BDDDCB65-4404-49BC-9515-ECECD58A667F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:3840qm:*:*:*:*:*:*:*","matchCriteriaId":"1B8D3E00-64C3-407A-9B00-8B6E383F73FA"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4500u:*:*:*:*:*:*:*","matchCriteriaId":"CB1B00A1-9C15-47C2-9F57-66586DEACC7D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4510u:*:*:*:*:*:*:*","matchCriteriaId":"CB5BF932-459F-4DD2-B160-5FE0371C7D83"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4550u:*:*:*:*:*:*:*","matchCriteriaId":"A58ACE96-F1BE-4261-8F94-FC3C6E7C7561"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4558u:*:*:*:*:*:*:*","matchCriteriaId":"783D6EA7-C016-4314-A87B-4FED1DC7114B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4578u:*:*:*:*:*:*:*","matchCriteriaId":"7AD0176F-FFAE-4A85-9327-CE72FE059E90"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4600m:*:*:*:*:*:*:*","matchCriteriaId":"A56970C7-F8D3-41B2-A78B-0C7F4A2A4E0A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4600u:*:*:*:*:*:*:*","matchCriteriaId":"26D4CE1F-86C8-4E48-9146-9DB57BF540FB"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4610m:*:*:*:*:*:*:*","matchCriteriaId":"CB7F9D65-5537-4C25-B02B-2393F60D1299"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4610y:*:*:*:*:*:*:*","matchCriteriaId":"F09C8A92-820D-4572-A797-180E17A7DEB6"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4650u:*:*:*:*:*:*:*","matchCriteriaId":"CA7D77A2-0D9A-4D0D-B0DC-152757917BE6"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4700ec:*:*:*:*:*:*:*","matchCriteriaId":"A07D3F1A-16CE-461F-A2F4-80FE5F841CB3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4700eq:*:*:*:*:*:*:*","matchCriteriaId":"0C04557A-C508-4FAD-A535-1C0AEFF08075"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4700hq:*:*:*:*:*:*:*","matchCriteriaId":"6AFAE489-6679-4705-BF9C-BB6D385A1DC3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4700mq:*:*:*:*:*:*:*","matchCriteriaId":"429A99C8-BC55-4887-893C-7124C1A5DB08"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4702ec:*:*:*:*:*:*:*","matchCriteriaId":"E3A2B709-CC19-4116-A5BE-5DB5C8B45A12"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4702hq:*:*:*:*:*:*:*","matchCriteriaId":"D79DAC74-1F28-4EC8-B417-3FAFFB74C4BB"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4702mq:*:*:*:*:*:*:*","matchCriteriaId":"6F1F1377-6220-43FB-BEF9-BAA7B0158147"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4710hq:*:*:*:*:*:*:*","matchCriteriaId":"18422CA8-3000-46B1-9065-2369E6B0BE16"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4710mq:*:*:*:*:*:*:*","matchCriteriaId":"5D558C66-E80E-4FC7-A0DF-485466390C46"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4712hq:*:*:*:*:*:*:*","matchCriteriaId":"E23EA9AE-9E70-47B5-AD9B-0DF13A0939E0"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4712mq:*:*:*:*:*:*:*","matchCriteriaId":"860F22F6-4C87-47C5-965E-02A1AFF41A72"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4720hq:*:*:*:*:*:*:*","matchCriteriaId":"19A2CA86-BFA8-4C78-987D-AD26F32622F7"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4722hq:*:*:*:*:*:*:*","matchCriteriaId":"EEF64E0A-CDB0-427E-A96F-095EFEBA0A3D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4750hq:*:*:*:*:*:*:*","matchCriteriaId":"425F6D34-EE60-464B-8EA6-8116EDAA1219"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4760hq:*:*:*:*:*:*:*","matchCriteriaId":"CEB9F657-1239-4424-A2E8-F8BD98C0095E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4765t:*:*:*:*:*:*:*","matchCriteriaId":"F631403C-0A67-42CB-815C-133EB87E0C95"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4770:*:*:*:*:*:*:*","matchCriteriaId":"6A4A5A57-B1A2-4BBA-AC36-7EA7DF9CDE06"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4770hq:*:*:*:*:*:*:*","matchCriteriaId":"0453C0EA-BA67-49D5-964F-35493F97D905"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4770k:*:*:*:*:*:*:*","matchCriteriaId":"4D4D237E-ACB7-4382-AF5B-D27E634BF867"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4770r:*:*:*:*:*:*:*","matchCriteriaId":"B5461EB2-2958-4923-86AF-C74D449120B5"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4770s:*:*:*:*:*:*:*","matchCriteriaId":"45C22141-E698-4E38-AF50-9CE04C1168FE"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4770t:*:*:*:*:*:*:*","matchCriteriaId":"49D0E470-427D-4A68-AFD2-982A4F7CE2D7"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4770te:*:*:*:*:*:*:*","matchCriteriaId":"43AB50F3-14AC-44BD-B7F0-A683C5FD1A3F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4771:*:*:*:*:*:*:*","matchCriteriaId":"713C4B7A-C38A-4818-A258-D07DEDEC906E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4785t:*:*:*:*:*:*:*","matchCriteriaId":"C59740BE-FC30-4400-B978-1DB41282971C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4790:*:*:*:*:*:*:*","matchCriteriaId":"839728F0-5F23-462F-B493-C37EE4C874F9"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4790k:*:*:*:*:*:*:*","matchCriteriaId":"6F1B47DA-BA53-4D7A-9B5B-582238D5E99A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4790s:*:*:*:*:*:*:*","matchCriteriaId":"D452F1BF-1FA5-463C-8F13-6357509FB5D1"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4790t:*:*:*:*:*:*:*","matchCriteriaId":"EF6D1F4C-B396-468C-BA32-9367A68C95DD"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4800mq:*:*:*:*:*:*:*","matchCriteriaId":"B76A812F-D77A-49C8-B7A5-0C08258D4BBD"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4810mq:*:*:*:*:*:*:*","matchCriteriaId":"6E001AAB-07EC-47BF-BDE9-BB927872781D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4850hq:*:*:*:*:*:*:*","matchCriteriaId":"D1DF11F5-61E8-4A98-86C8-49D6B3224FCC"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4860hq:*:*:*:*:*:*:*","matchCriteriaId":"AED153E7-99A2-4C02-B81B-C3DDF8FAE1A0"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4870hq:*:*:*:*:*:*:*","matchCriteriaId":"D024802A-EA60-4D9B-B04C-027A0703EABD"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4900mq:*:*:*:*:*:*:*","matchCriteriaId":"BA731F3C-1F04-4EE2-83EC-9486F5032903"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4910mq:*:*:*:*:*:*:*","matchCriteriaId":"544A59F6-E731-43C8-8455-69256933E71D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4950hq:*:*:*:*:*:*:*","matchCriteriaId":"624258EE-7FFF-4432-9B6D-4D60AA73CD9A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4960hq:*:*:*:*:*:*:*","matchCriteriaId":"69A2701A-35A8-4268-B9CF-40BA3219373B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:4980hq:*:*:*:*:*:*:*","matchCriteriaId":"15E671F6-8DED-4735-BE97-58A60E5B5C13"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:5500u:*:*:*:*:*:*:*","matchCriteriaId":"3FC68B2A-8570-4311-BB60-49DBBDAF7430"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:5550u:*:*:*:*:*:*:*","matchCriteriaId":"9826FA02-937E-4323-B9D5-8AE059ADBE95"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:5557u:*:*:*:*:*:*:*","matchCriteriaId":"9B8630BB-48AA-4688-A6F0-212C1BB4D14C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:5600u:*:*:*:*:*:*:*","matchCriteriaId":"9AC98D35-D7D5-4C24-B47E-EDE2A80B2B9E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:5650u:*:*:*:*:*:*:*","matchCriteriaId":"A2F8ABCB-12C3-4C45-844E-B07F77DA2DE9"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:5700eq:*:*:*:*:*:*:*","matchCriteriaId":"326105AC-3926-437E-8AFF-916960107050"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:5700hq:*:*:*:*:*:*:*","matchCriteriaId":"866E1275-7541-4B80-8FDF-53246A204C15"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:5750hq:*:*:*:*:*:*:*","matchCriteriaId":"E190929D-D3CC-46E1-A903-0848829061DF"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:5775c:*:*:*:*:*:*:*","matchCriteriaId":"81E4EBCB-B660-4F6A-AD73-81B9D8964162"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:5775r:*:*:*:*:*:*:*","matchCriteriaId":"55D58CC5-CB46-464D-93B8-6AD5A19AF097"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:5850eq:*:*:*:*:*:*:*","matchCriteriaId":"16541D3E-EBBD-4D92-96D8-F169733377AE"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:5850hq:*:*:*:*:*:*:*","matchCriteriaId":"3F08D257-F570-4D39-A6E8-0F60E55472E6"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:5950hq:*:*:*:*:*:*:*","matchCriteriaId":"C20ED667-2BFB-41C7-82BA-9F0C0044DA08"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:7500u:*:*:*:*:*:*:*","matchCriteriaId":"6158ED8A-007E-48B7-99BF-8BA03BF584BD"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:7560u:*:*:*:*:*:*:*","matchCriteriaId":"DBA7096A-F321-49A0-911A-F9683ABE6E6A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:7567u:*:*:*:*:*:*:*","matchCriteriaId":"6A471395-7F8F-4BA5-962D-4D8F271FAB47"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:7600u:*:*:*:*:*:*:*","matchCriteriaId":"B9484380-92B9-44DB-8E20-DC8DE02D1CA6"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:7660u:*:*:*:*:*:*:*","matchCriteriaId":"8010808D-805D-4CA3-9EA2-55EB1E57964C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:7700:*:*:*:*:*:*:*","matchCriteriaId":"9716FE9F-A056-42A3-A241-F2FE37A6386A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:7700hq:*:*:*:*:*:*:*","matchCriteriaId":"F73422A3-ECA0-4C41-9AA5-CF7D77885CF6"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:7700k:*:*:*:*:*:*:*","matchCriteriaId":"7A96A5AF-C9EF-4DED-AE25-4540A2B02915"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:7700t:*:*:*:*:*:*:*","matchCriteriaId":"D5115B12-053A-4866-A833-D6EC88D8F93E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:7820eq:*:*:*:*:*:*:*","matchCriteriaId":"C5619D4D-9685-4595-8A5F-A18273FE4213"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:7820hk:*:*:*:*:*:*:*","matchCriteriaId":"B77E00E7-0EA4-4E32-A693-0E0F66BA4C57"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:7820hq:*:*:*:*:*:*:*","matchCriteriaId":"DAA3457E-7E1A-4878-9752-79382E954A66"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:7920hq:*:*:*:*:*:*:*","matchCriteriaId":"68630C63-4457-4E12-B7BD-AD456B237FC5"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:8550u:*:*:*:*:*:*:*","matchCriteriaId":"F6FB5695-2950-4CEC-81B4-FD280F835330"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:8650u:*:*:*:*:*:*:*","matchCriteriaId":"9F340AF8-508F-449D-9AFA-4E55F069B4F3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:8700:*:*:*:*:*:*:*","matchCriteriaId":"E944410E-D674-4141-B50C-9F55090325FF"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7:8700k:*:*:*:*:*:*:*","matchCriteriaId":"A6438E07-0AC0-4BF9-B0F2-9072CA9639D6"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_m:5y10:*:*:*:*:*:*:*","matchCriteriaId":"5079AA70-C864-4AE2-809C-52B50632F2B3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_m:5y10a:*:*:*:*:*:*:*","matchCriteriaId":"5D124BCB-D8C3-49F5-B05C-E09B3CEBEBCD"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_m:5y10c:*:*:*:*:*:*:*","matchCriteriaId":"6A86291B-C986-4320-BCEF-9F5AD8B309D3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_m:5y31:*:*:*:*:*:*:*","matchCriteriaId":"1227659F-1393-4189-978B-CC3DC53BF407"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_m:5y51:*:*:*:*:*:*:*","matchCriteriaId":"4C2DB843-638F-41EF-B486-409318AA2DE9"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_m:5y70:*:*:*:*:*:*:*","matchCriteriaId":"A0004D8A-A186-4DA2-A7AB-18A6456438FF"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_m:5y71:*:*:*:*:*:*:*","matchCriteriaId":"75B6BE9F-F113-4976-951D-53F2E183A95A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_m3:6y30:*:*:*:*:*:*:*","matchCriteriaId":"DEB005F1-9719-4985-B9D9-2140C962ADD1"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_m3:7y30:*:*:*:*:*:*:*","matchCriteriaId":"A94D0C1B-F30F-4724-915E-192C53FAE58A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_m3:7y32:*:*:*:*:*:*:*","matchCriteriaId":"3F247860-1D2C-415C-AFBD-26BD875AAF02"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_m5:6y54:*:*:*:*:*:*:*","matchCriteriaId":"9697EDCD-A742-4AC6-876E-1080AD684207"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_m5:6y57:*:*:*:*:*:*:*","matchCriteriaId":"6E73924A-875B-44D0-8F7C-A822B0488126"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_m7:6y75:*:*:*:*:*:*:*","matchCriteriaId":"03751B92-EE07-4F16-A476-BD25561810BC"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:pentium_j:j2850:*:*:*:*:*:*:*","matchCriteriaId":"A3A630E1-6CAE-4809-AB18-5002F158AE90"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:pentium_j:j2900:*:*:*:*:*:*:*","matchCriteriaId":"A67750FF-EF4B-414F-8ED4-299CAF33B0DF"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:pentium_j:j3710:*:*:*:*:*:*:*","matchCriteriaId":"5A82D885-82F5-4755-BC11-5899E28CEE42"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:pentium_j:j4205:*:*:*:*:*:*:*","matchCriteriaId":"88AF1366-8A14-4741-8146-886C31D8D347"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:pentium_n:n3510:*:*:*:*:*:*:*","matchCriteriaId":"7FD75301-E29C-47DC-B53F-DC44EA0C1885"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:pentium_n:n3520:*:*:*:*:*:*:*","matchCriteriaId":"8C944024-BEAA-43AF-A339-FD69C75E8240"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:pentium_n:n3530:*:*:*:*:*:*:*","matchCriteriaId":"435C69D1-3932-4379-8D18-B1E12D558325"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:pentium_n:n3540:*:*:*:*:*:*:*","matchCriteriaId":"3572B700-73C0-41D1-95FD-FE9D5B0C1F80"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:pentium_n:n3700:*:*:*:*:*:*:*","matchCriteriaId":"97A40DC9-0D4E-4C91-8D1B-3CED95B3952E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:pentium_n:n3710:*:*:*:*:*:*:*","matchCriteriaId":"16FB3E4B-05F8-411A-8C86-4ACE03815553"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:pentium_n:n4200:*:*:*:*:*:*:*","matchCriteriaId":"8E55EBC1-6F96-47CD-9503-7855EFB07240"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:e5502:*:*:*:*:*:*:*","matchCriteriaId":"4208DBA1-7F85-4876-9B6C-D1B43EAAB2AD"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:e5503:*:*:*:*:*:*:*","matchCriteriaId":"F5ADC8E5-1CE7-4481-A9B5-61BFC6B4FF50"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:e5504:*:*:*:*:*:*:*","matchCriteriaId":"A1789924-FADB-4076-8874-120B29EE6B86"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:e5506:*:*:*:*:*:*:*","matchCriteriaId":"BC246667-2F6F-4024-9EAA-2CE3018235C3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:e5507:*:*:*:*:*:*:*","matchCriteriaId":"B21BA7F8-D4B5-4E6B-8FCE-04BBD3501AA5"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:e5520:*:*:*:*:*:*:*","matchCriteriaId":"1341A5D4-A5CE-4D31-A178-01C3069D7A55"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:e5530:*:*:*:*:*:*:*","matchCriteriaId":"86A5C199-92E5-435C-AC40-175849285104"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:e5540:*:*:*:*:*:*:*","matchCriteriaId":"67589F54-0A54-4DE7-9A47-A73DD05F7965"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:e5603:*:*:*:*:*:*:*","matchCriteriaId":"DDC34C8E-1BB9-43CC-9D89-9E6DC435B7EB"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:e5606:*:*:*:*:*:*:*","matchCriteriaId":"8BE5163E-9BCF-4BF8-BCB9-B48C4E7E1564"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:e5607:*:*:*:*:*:*:*","matchCriteriaId":"92C5DC8C-3318-440B-8B29-4827F343927B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:e5620:*:*:*:*:*:*:*","matchCriteriaId":"0ECC47D8-F602-4CEA-B19A-209CE76C9D36"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:e5630:*:*:*:*:*:*:*","matchCriteriaId":"7514ADD3-DECC-4CC2-9421-A609E526FDC6"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:e5640:*:*:*:*:*:*:*","matchCriteriaId":"6ED2EC97-8B2D-47A9-8EC7-D1E0ACBB6C52"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:e5645:*:*:*:*:*:*:*","matchCriteriaId":"691097C3-F91B-499B-BAEB-4E7E9C43B517"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:e5649:*:*:*:*:*:*:*","matchCriteriaId":"0B3DB1ED-017B-43EF-92A3-A8A88669FBC2"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:e6510:*:*:*:*:*:*:*","matchCriteriaId":"19A49AAF-0F08-4151-8F74-4EF9C3415B00"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:e6540:*:*:*:*:*:*:*","matchCriteriaId":"3F7A2018-BB4D-4DC1-813D-A4AA3F270893"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:e7520:*:*:*:*:*:*:*","matchCriteriaId":"A95D91C4-C539-4458-A6C9-8AE17207AE30"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:e7530:*:*:*:*:*:*:*","matchCriteriaId":"37F9D218-8198-42C7-88FE-7C5382138324"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:e7540:*:*:*:*:*:*:*","matchCriteriaId":"CF8FDD81-95EE-4241-93C8-925085A4CE7B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:ec5509:*:*:*:*:*:*:*","matchCriteriaId":"614D9E35-10E0-4CCB-B817-C7C8C3947BE4"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:ec5539:*:*:*:*:*:*:*","matchCriteriaId":"F75F987E-F4DB-46FF-B048-21B4A4C07B10"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:ec5549:*:*:*:*:*:*:*","matchCriteriaId":"05376F2C-30B6-406D-90F7-6C2E00E85171"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:l3406:*:*:*:*:*:*:*","matchCriteriaId":"CCDD3DF6-24BF-4C13-8F07-AF07327E5622"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:l3426:*:*:*:*:*:*:*","matchCriteriaId":"B1520A64-2157-45D7-A135-F900798C4EB5"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:l5506:*:*:*:*:*:*:*","matchCriteriaId":"05A30F85-5367-4369-B7A5-176D71279FC3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:l5508:*:*:*:*:*:*:*","matchCriteriaId":"B8803FF9-48D7-4AB0-8A17-4590CABD0BFD"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:l5518:*:*:*:*:*:*:*","matchCriteriaId":"1DC63B6B-5D6D-477B-9125-007F835981B4"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:l5520:*:*:*:*:*:*:*","matchCriteriaId":"BF385AC9-963E-4670-95A6-BE1EBC3890B7"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:l5530:*:*:*:*:*:*:*","matchCriteriaId":"943FA088-2902-45A9-A1BA-D612B46A50D9"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:l5609:*:*:*:*:*:*:*","matchCriteriaId":"8C80902D-9A6C-47D4-B56F-35C378FC0E63"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:l5618:*:*:*:*:*:*:*","matchCriteriaId":"1100B46C-8485-4048-BFF8-2BAB311EC04A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:l5630:*:*:*:*:*:*:*","matchCriteriaId":"4B9E1646-E154-41BA-B9FA-0839A898023D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:l5638:*:*:*:*:*:*:*","matchCriteriaId":"03F4C8E6-0043-41A8-94EA-EEBAA1A081E7"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:l5640:*:*:*:*:*:*:*","matchCriteriaId":"31C10985-CBF7-4717-A7D6-2594887D7CB7"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:l7545:*:*:*:*:*:*:*","matchCriteriaId":"8C49886C-B6A0-4D95-8533-329FE5A66F6B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:l7555:*:*:*:*:*:*:*","matchCriteriaId":"0788CF23-3FAF-44C9-9AAA-96E4818A1AEC"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:lc5518:*:*:*:*:*:*:*","matchCriteriaId":"24AF7001-64D1-4BFB-9280-0BA0FAD97A0A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:lc5528:*:*:*:*:*:*:*","matchCriteriaId":"8C6E420E-16DA-4FB1-9968-C93E229614FA"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:w3670:*:*:*:*:*:*:*","matchCriteriaId":"07469E04-B3D2-41FE-A2E4-E25A977026CD"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:w3680:*:*:*:*:*:*:*","matchCriteriaId":"60FF402E-5E4F-414A-A3AB-149548303616"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:w3690:*:*:*:*:*:*:*","matchCriteriaId":"79E2B875-A270-45C0-A1B1-041264E5B290"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:w5580:*:*:*:*:*:*:*","matchCriteriaId":"8C828C8C-7ECB-4167-87A9-0F522C400C66"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:w5590:*:*:*:*:*:*:*","matchCriteriaId":"0C2C887F-1EF7-468A-A6AE-440793C78DAC"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:x3430:*:*:*:*:*:*:*","matchCriteriaId":"6F2F3D7F-D884-4ACD-A103-060F57A9867B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:x3440:*:*:*:*:*:*:*","matchCriteriaId":"BD1FCAAD-7072-45EC-9ACB-08556458BAF6"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:x3450:*:*:*:*:*:*:*","matchCriteriaId":"C4446224-40E8-4AD0-8197-921D3473E19B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:x3460:*:*:*:*:*:*:*","matchCriteriaId":"4EA159D9-8C7F-4BE5-9093-A21C7D00F7EA"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:x3470:*:*:*:*:*:*:*","matchCriteriaId":"B92B68FD-771A-4401-8B1D-B1A252356F62"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:x3480:*:*:*:*:*:*:*","matchCriteriaId":"1B933941-0BE3-4EEB-8FDD-2DAA63343EE5"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:x5550:*:*:*:*:*:*:*","matchCriteriaId":"8D060EF0-B29C-4B54-86A0-FD5CFF7B80BB"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:x5560:*:*:*:*:*:*:*","matchCriteriaId":"36F737C1-6011-42D2-9690-CA81EA0A283C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:x5570:*:*:*:*:*:*:*","matchCriteriaId":"19CA7EB6-D1C9-48D9-A69A-2618800A6CE6"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:x5647:*:*:*:*:*:*:*","matchCriteriaId":"0CA1F3E5-ED7F-4E4C-AD0D-0EEC542A9E51"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:x5650:*:*:*:*:*:*:*","matchCriteriaId":"ED6E3C9B-A661-4B37-B76D-A3F7BD638D4A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:x5660:*:*:*:*:*:*:*","matchCriteriaId":"56C909B0-8FB2-4220-AF93-EECB8D650CC3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:x5667:*:*:*:*:*:*:*","matchCriteriaId":"FF36BAD0-A762-4F84-BE0B-060FE666ED67"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:x5670:*:*:*:*:*:*:*","matchCriteriaId":"007337CD-94FB-4ED9-B4A3-9E0EC52D79B2"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:x5672:*:*:*:*:*:*:*","matchCriteriaId":"BCDFA137-F1FC-46BD-9872-D62671B1434D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:x5675:*:*:*:*:*:*:*","matchCriteriaId":"2E6DBCB3-E912-43A1-914B-5C7CCFAADE25"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:x5677:*:*:*:*:*:*:*","matchCriteriaId":"0FCF36E2-0B42-4F23-97D6-9E79ECCA8FAD"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:x5680:*:*:*:*:*:*:*","matchCriteriaId":"E2C67312-E128-4833-A91E-D7A9F96A7AD5"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:x5687:*:*:*:*:*:*:*","matchCriteriaId":"3F19F408-FABD-4A68-8CDC-C763F0321FB1"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:x5690:*:*:*:*:*:*:*","matchCriteriaId":"68A06EC2-E491-4CD5-9904-61A88EBB7FD5"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:x6550:*:*:*:*:*:*:*","matchCriteriaId":"789A8CAE-8D9E-4244-880D-FBE28EC53AED"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:x7542:*:*:*:*:*:*:*","matchCriteriaId":"F901EE11-D0C9-46F6-8316-D8F4F1D50260"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:x7550:*:*:*:*:*:*:*","matchCriteriaId":"E549F600-B9CE-4843-A772-2DACC528903E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon:x7560:*:*:*:*:*:*:*","matchCriteriaId":"3F28E733-87ED-4610-A8EE-BD37BED7685B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_bronze_3104:-:*:*:*:*:*:*:*","matchCriteriaId":"5DB488DD-D97C-4E21-A055-E6CECBBBC34E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_bronze_3106:-:*:*:*:*:*:*:*","matchCriteriaId":"9DC12C97-9966-40E2-8B23-B4453EC9EA6A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e-1105c:-:*:*:*:*:*:*:*","matchCriteriaId":"2832E8BF-7AC7-444C-B297-66F770860571"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3:1505m_v6:*:*:*:*:*:*:*","matchCriteriaId":"44AA72FB-E78D-419E-AA82-B0538C6504D3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3:1515m_v5:*:*:*:*:*:*:*","matchCriteriaId":"687C3BF3-D71A-49AD-8A05-EAC07CBCD949"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3:1535m_v5:*:*:*:*:*:*:*","matchCriteriaId":"90AF90D9-16C4-4F8A-9868-3E2823E3445C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3:1535m_v6:*:*:*:*:*:*:*","matchCriteriaId":"3C063C53-8970-45B1-85F8-FB2080BF4695"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3:1545m_v5:*:*:*:*:*:*:*","matchCriteriaId":"64596ED7-794A-4D23-987B-D9AD59D48EA5"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3:1558l_v5:*:*:*:*:*:*:*","matchCriteriaId":"C2E52BA6-2F2F-4CD2-A601-5B0ADDE5E23F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3:1565l_v5:*:*:*:*:*:*:*","matchCriteriaId":"3FDA48F0-0F35-4A8F-8117-B0B28E00AB95"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3:1575m_v5:*:*:*:*:*:*:*","matchCriteriaId":"A561A8E8-79E2-4071-B57D-590C22EF86A8"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3:1578l_v5:*:*:*:*:*:*:*","matchCriteriaId":"92E46658-60AB-4758-9236-3AC0E6464383"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3:1585_v5:*:*:*:*:*:*:*","matchCriteriaId":"207B8FBA-E2FF-485A-9AD9-E604AE0FB903"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3:1585l_v5:*:*:*:*:*:*:*","matchCriteriaId":"33F99640-C753-40BE-A0A1-4C2D92E7DB09"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1105c_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"BA1EC6D3-01CD-4CAB-817D-AE2E72FD0D03"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1125c:-:*:*:*:*:*:*:*","matchCriteriaId":"6F98247B-1839-4676-855B-827A4B6C016B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1125c_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"FDBA35BD-1048-4B6E-96B2-1CFF615EB49A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1220:-:*:*:*:*:*:*:*","matchCriteriaId":"E6CEEEE2-D6A2-4342-8A73-934093948824"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1220_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"979FEE9F-A957-43B6-BB6D-1A851D6FA11C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1220_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"1A7AF59D-D05E-47F9-B493-B5CD6781FDDD"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1220_v5:-:*:*:*:*:*:*:*","matchCriteriaId":"7EF7EC93-0170-45A9-86C7-5460320B2AE9"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1220_v6:-:*:*:*:*:*:*:*","matchCriteriaId":"A8A7B1C2-D2CE-485A-9376-27E14F3FA05A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_12201:-:*:*:*:*:*:*:*","matchCriteriaId":"B5F803AC-DCC7-43FC-BEB3-AA7984E0506C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_12201_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"560993AA-299D-42B7-B77F-1BD0D2114CCB"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1220l_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"1C582B1C-1DAC-48FD-82DD-7334C10A2175"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1225:-:*:*:*:*:*:*:*","matchCriteriaId":"D7862B0C-2C44-4110-A62A-083116129612"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1225_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"048C5996-F719-4338-B148-0DD1C13E02FF"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1225_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"0196DA2F-CFA7-44D0-BDF5-37C7403E3B9F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1225_v5:-:*:*:*:*:*:*:*","matchCriteriaId":"4B9FF7FB-AB5A-4549-8C15-E69458C649E2"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1225_v6:-:*:*:*:*:*:*:*","matchCriteriaId":"1CEF6608-B650-4C77-9823-0AD57B3484F1"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1226_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"4BE6A2D7-901C-45F9-B487-D674047D522E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1230:-:*:*:*:*:*:*:*","matchCriteriaId":"DCFCAC5E-6CF1-4EC1-A24C-688DD1016A96"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1230_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"1ADCB509-5B0E-4592-8B23-EC25A3F79D41"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1230_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"FB51691F-089F-4016-B25E-238074B06C0D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1230_v5:-:*:*:*:*:*:*:*","matchCriteriaId":"EBAAC728-6A0F-4675-9677-AAF7DD5D38ED"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1230_v6:-:*:*:*:*:*:*:*","matchCriteriaId":"DB3BFEFD-3D0D-48B0-A5AE-6F3C2D791CE1"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1230l_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"BC7E1AFD-9BCE-4487-A8DE-F9C60529CA7A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1231_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"7EA37503-FD3D-4220-933C-234631D6EDEF"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1235:-:*:*:*:*:*:*:*","matchCriteriaId":"72992831-2A76-456B-A80C-944BDD8591E4"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1235l_v5:-:*:*:*:*:*:*:*","matchCriteriaId":"A79C2131-5566-4CC2-B6ED-38E3F6964500"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1240:-:*:*:*:*:*:*:*","matchCriteriaId":"60BFDAA6-3DFC-4908-BC33-B05BAB462F94"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1240_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"B6266056-770A-4E2D-A4FC-F1475257648E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1240_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"929AA8F3-8BDF-4614-9806-6D4231735616"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1240_v5:-:*:*:*:*:*:*:*","matchCriteriaId":"605D7552-8184-4B11-96FD-FE501A6C97DD"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1240_v6:-:*:*:*:*:*:*:*","matchCriteriaId":"3144BBDE-CC96-4408-AA02-ECC3BF902A34"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1240l_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"1B8BA77A-34E3-4B9E-822A-7B7A90D35790"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1240l_v5:-:*:*:*:*:*:*:*","matchCriteriaId":"E7165B43-ED22-4714-8FA4-1E201D1BFA69"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1241_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"67CFB133-FAF0-431A-9765-8A9738D6D87C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1245:-:*:*:*:*:*:*:*","matchCriteriaId":"2975B0F2-DB7C-4257-985A-482ED2725883"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1245_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"70221E07-3C2E-4A82-8259-AD583EB5CDDD"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1245_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"427DFD78-56CD-43C4-948E-F53AF9D669F3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1245_v5:-:*:*:*:*:*:*:*","matchCriteriaId":"3E3E6F5F-6B82-43D9-BD6E-D22F9B991DB4"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1245_v6:-:*:*:*:*:*:*:*","matchCriteriaId":"75AD7649-3FEA-4971-9886-6C9312B937A1"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1246_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"B4EE972C-6BAE-4342-BA01-1D685487F9C3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1258l_v4:-:*:*:*:*:*:*:*","matchCriteriaId":"27CDFE3B-C064-49A9-BD43-3F7612257A74"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1260l:-:*:*:*:*:*:*:*","matchCriteriaId":"3BD0EEC1-D695-41A5-8CD6-9E987A547CC4"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1260l_v5:-:*:*:*:*:*:*:*","matchCriteriaId":"C35AA9AC-28B3-49C2-A9B5-5D26DFEDB723"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1265l_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"4DBF25B8-D474-4C6B-8E45-F57DDC7074E7"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1265l_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"3DF18FD1-6670-4C3C-8000-A079C69D575E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1265l_v4:-:*:*:*:*:*:*:*","matchCriteriaId":"D760EEAF-5CF5-4F25-8FA2-D4F75F4F5A91"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1268l_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"921EB5A5-F911-4FCE-A6F1-C66818B34678"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1268l_v5:-:*:*:*:*:*:*:*","matchCriteriaId":"13878C13-1C7C-4B83-AF27-4998E8F659DC"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1270:-:*:*:*:*:*:*:*","matchCriteriaId":"023063E1-2DD7-487C-A8A7-939FAEE666A9"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1270_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"77255CE6-D7B7-4B48-993C-7100A1170BC6"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1270_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"B40AC368-3A14-4EFF-A8D0-7EFB4C83045D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1270_v5:-:*:*:*:*:*:*:*","matchCriteriaId":"3472AA7B-C0CF-4D65-8A6C-B1D52D27F0CB"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1270_v6:-:*:*:*:*:*:*:*","matchCriteriaId":"C07E80D5-70A5-49C9-9044-D683C7ECCFF5"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1271_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"63668AF4-F29C-4424-8EC5-2F0A5950DD58"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1275:-:*:*:*:*:*:*:*","matchCriteriaId":"E86616FE-0C3F-4984-A364-8A6A9F01DAD1"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1275_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"09C1C7CD-538D-4D7A-A81C-10DF5376A479"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1275_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"5922F749-2B23-44B8-8A46-F31BCAEAD279"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1275_v5:-:*:*:*:*:*:*:*","matchCriteriaId":"2C48BBAF-6B27-43D6-B86B-40CD8E7BA056"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1275_v6:-:*:*:*:*:*:*:*","matchCriteriaId":"D75D0EEB-707C-4C86-A569-E91E9F00BA77"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1275l_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"F0FB0E20-0243-40A1-8DEF-37150791222E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1276_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"68CFF26D-8AD3-4179-9E4C-F06D7C858C9A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1278l_v4:-:*:*:*:*:*:*:*","matchCriteriaId":"7541572C-229F-4963-B7F0-06EB3323E53B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1280:-:*:*:*:*:*:*:*","matchCriteriaId":"85DE669C-27FD-4196-8B8C-1DA4EE4C1D6C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1280_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"479F7C77-D16F-4E40-9026-3EB8422E0401"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1280_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"7A242AC2-9AA6-43FD-90F4-5BF6E80DBB5E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1280_v5:-:*:*:*:*:*:*:*","matchCriteriaId":"04DB08C8-0018-4A8E-A206-097BDDF83B08"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1280_v6:-:*:*:*:*:*:*:*","matchCriteriaId":"B7193E85-30BE-42D5-A26B-3F88817F3574"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1281_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"446E8515-45FC-4B8B-8D12-60643D64C07F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1285_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"EBBDF6B2-D388-4639-87D8-064AA3F6B6FC"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1285_v4:-:*:*:*:*:*:*:*","matchCriteriaId":"00AAB8B6-B614-4EAA-BA90-C5326CB5D07A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1285_v6:-:*:*:*:*:*:*:*","matchCriteriaId":"2A371DF9-E224-404F-99C2-C2A4607E62D8"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1285l_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"0F40E356-365D-44B7-8C38-A0C89DDD6D3E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1285l_v4:-:*:*:*:*:*:*:*","matchCriteriaId":"A3132029-89F8-4359-A0DC-A275785266A1"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1286_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"B02F5685-0636-48AB-B222-434CA1F3B336"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1286l_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"E51FDD60-88E5-4A86-BB8E-4C2D7EDEFA03"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1290:-:*:*:*:*:*:*:*","matchCriteriaId":"3ED4693C-DECF-4434-90C0-56158F102E7E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1290_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"BB408A6B-0842-43DA-9180-B0A299FCBCE6"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1501l_v6:-:*:*:*:*:*:*:*","matchCriteriaId":"6215EBAC-7C75-4647-9970-482120897F1F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1501m_v6:-:*:*:*:*:*:*:*","matchCriteriaId":"3357FCAC-B6C4-4E3E-A40B-AB5084A7F9B2"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1505l_v5:-:*:*:*:*:*:*:*","matchCriteriaId":"3B1BD2B6-1AF6-4AD4-94FA-94B453A21908"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1505l_v6:-:*:*:*:*:*:*:*","matchCriteriaId":"8D1FD6E8-80EC-461F-9ED1-CE5912399E80"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3_1505m_v5:-:*:*:*:*:*:*:*","matchCriteriaId":"E96F585E-BDEF-45EE-B0AB-94FE23753AC5"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2650l_v4:*:*:*:*:*:*:*","matchCriteriaId":"3279C067-3058-4D46-A739-05404FD0E9B5"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2658:*:*:*:*:*:*:*","matchCriteriaId":"DB4DF0A7-8BC2-48AE-9036-FED6EEC57DF3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2658_v2:*:*:*:*:*:*:*","matchCriteriaId":"C0855225-F501-486A-BD03-2A86FD252B5A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2658_v3:*:*:*:*:*:*:*","matchCriteriaId":"214C7B0C-C438-4000-9F9B-6D83294243AA"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2658_v4:*:*:*:*:*:*:*","matchCriteriaId":"4C91AA2E-4BB2-49C8-9364-4E363DF42CB0"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2658a_v3:*:*:*:*:*:*:*","matchCriteriaId":"DA26781F-5A1C-4DA5-835E-D984D697F22B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2660:*:*:*:*:*:*:*","matchCriteriaId":"2EEA4222-F25D-4457-80AA-6D05CA918D68"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2660_v2:*:*:*:*:*:*:*","matchCriteriaId":"9F3E60D1-5CF9-4F96-9EDB-D87F8CF57272"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2660_v3:*:*:*:*:*:*:*","matchCriteriaId":"F4D321BC-6B1D-4C71-8E16-5A1319CEFD6C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2660_v4:*:*:*:*:*:*:*","matchCriteriaId":"6777AC35-9D1F-4153-94AC-B25627D730E6"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2665:*:*:*:*:*:*:*","matchCriteriaId":"A5F063F4-8994-4E46-BA7B-A12A112009BD"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2667:*:*:*:*:*:*:*","matchCriteriaId":"4D6F2DE5-AF11-439A-8D37-30CB882ECD58"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2667_v2:*:*:*:*:*:*:*","matchCriteriaId":"E213DD86-5419-42C8-BF38-7795DDB3C582"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2667_v3:*:*:*:*:*:*:*","matchCriteriaId":"A972291E-5231-439D-873B-2F87BCAF800A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2667_v4:*:*:*:*:*:*:*","matchCriteriaId":"C089CC54-3229-43D7-AA15-73CFA1A43EE3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2670:*:*:*:*:*:*:*","matchCriteriaId":"EF268D83-C15D-4559-A46F-844E1D9264F0"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2670_v2:*:*:*:*:*:*:*","matchCriteriaId":"CFE97C0D-3EA1-4314-A74A-7845C7778FB7"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2670_v3:*:*:*:*:*:*:*","matchCriteriaId":"34293F29-F327-4ADD-BF62-78F63F79BB96"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2680:*:*:*:*:*:*:*","matchCriteriaId":"528C0A46-1CC4-4882-985A-0BB41525BC6B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2680_v2:*:*:*:*:*:*:*","matchCriteriaId":"643F3522-A452-4927-944D-532574EC4243"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2680_v3:*:*:*:*:*:*:*","matchCriteriaId":"58F40B78-4DBA-44EE-8420-086789EFF53D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2680_v4:*:*:*:*:*:*:*","matchCriteriaId":"423BFD8F-4B50-43DA-9979-75FD18FBC953"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2683_v3:*:*:*:*:*:*:*","matchCriteriaId":"8BAD4A68-0481-476F-BBBD-3D515331368C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2683_v4:*:*:*:*:*:*:*","matchCriteriaId":"838CEB7C-7C4C-416C-86CE-6E8DD47EF25B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2687w:*:*:*:*:*:*:*","matchCriteriaId":"CC7D021F-3C97-45B3-B1F7-0AC26959F22B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2687w_v2:*:*:*:*:*:*:*","matchCriteriaId":"4A31AEF3-448D-417B-9589-4BA0A06F2FE8"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2687w_v3:*:*:*:*:*:*:*","matchCriteriaId":"F7A1D96F-7FFD-413F-ABCE-4530C3D63040"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2687w_v4:*:*:*:*:*:*:*","matchCriteriaId":"FDB2B08B-D3C7-4B82-B170-471D6CDEFAE5"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2690:*:*:*:*:*:*:*","matchCriteriaId":"4B8343FE-1320-40AE-A37F-70EF1A4AC4B7"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2690_v2:*:*:*:*:*:*:*","matchCriteriaId":"CD42BA5A-7DA0-409D-8685-E43CF9B61D9F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2690_v3:*:*:*:*:*:*:*","matchCriteriaId":"A5FF80E9-CF28-4EF6-9CFE-4B500A434674"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2690_v4:*:*:*:*:*:*:*","matchCriteriaId":"7896A6C6-5918-4C27-85AF-6FEEFC7F8FD6"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2695_v2:*:*:*:*:*:*:*","matchCriteriaId":"647B77A4-2F49-4989-AF43-961D69037370"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2695_v3:*:*:*:*:*:*:*","matchCriteriaId":"805B1E33-F279-4303-9DF3-C81039A40C1C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2695_v4:*:*:*:*:*:*:*","matchCriteriaId":"B971EA9E-AE5C-4A1D-AD55-8241F7B38C9C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2697_v2:*:*:*:*:*:*:*","matchCriteriaId":"DE7E0AAE-6539-4024-9055-BE0BAD702143"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2697_v3:*:*:*:*:*:*:*","matchCriteriaId":"7F1A8828-0765-4799-AD6C-143F45FAAD23"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2697_v4:*:*:*:*:*:*:*","matchCriteriaId":"12D34618-1CCA-405B-A49C-EB384A09C2C6"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2697a_v4:*:*:*:*:*:*:*","matchCriteriaId":"575D6061-66BC-4862-BC84-ECD82D436E2A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2698_v3:*:*:*:*:*:*:*","matchCriteriaId":"56B6EE64-1AD4-46B2-BA65-BB6282E56EB0"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2698_v4:*:*:*:*:*:*:*","matchCriteriaId":"11650B45-0BDA-42BF-AEF3-83B48DD6A71D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2699_v3:*:*:*:*:*:*:*","matchCriteriaId":"BD3C92BA-827B-48AF-BBB3-FB60A9053C22"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2699_v4:*:*:*:*:*:*:*","matchCriteriaId":"AC097E24-F6C9-40D9-95E9-7EFDFA61AFF5"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2699a_v4:*:*:*:*:*:*:*","matchCriteriaId":"5EB44CA7-DFE6-4B1A-9A63-97AE30017E49"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:2699r_v4:*:*:*:*:*:*:*","matchCriteriaId":"4B305EFA-6226-412C-90EE-F0691F2DDDE0"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4603:*:*:*:*:*:*:*","matchCriteriaId":"7F3874FA-63CB-4B5D-8B64-CE920320A4E6"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4603_v2:*:*:*:*:*:*:*","matchCriteriaId":"0800ED17-50E4-43F3-B46C-591DFA818BA5"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4607:*:*:*:*:*:*:*","matchCriteriaId":"A46B0405-F301-4209-8766-6E12EAFAD157"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4607_v2:*:*:*:*:*:*:*","matchCriteriaId":"F99F9F1F-A967-4884-96CF-4488102DC0A2"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4610:*:*:*:*:*:*:*","matchCriteriaId":"DA9B37AD-4599-425B-B39F-E571F4975266"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4610_v2:*:*:*:*:*:*:*","matchCriteriaId":"C5A5F1CF-A1E6-45F1-8B09-36566778DB57"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4610_v3:*:*:*:*:*:*:*","matchCriteriaId":"698C8A49-888B-4675-B3B0-25EDE2FD515E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4610_v4:*:*:*:*:*:*:*","matchCriteriaId":"70D98F97-8EF4-48B5-84BE-C3CC27031FDA"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4617:*:*:*:*:*:*:*","matchCriteriaId":"B473D1FA-909B-492E-9C5B-94B0E20E1C0E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4620:*:*:*:*:*:*:*","matchCriteriaId":"BFD5EA7E-322E-4CE6-89D4-7DB1055C9034"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4620_v2:*:*:*:*:*:*:*","matchCriteriaId":"67836379-4E1A-45CD-9506-7D3F612E47C8"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4620_v3:*:*:*:*:*:*:*","matchCriteriaId":"5B1BBC61-8664-4452-93A7-DDB4D2E4C802"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4620_v4:*:*:*:*:*:*:*","matchCriteriaId":"C4F1B50C-FC5F-47F4-87BC-60E1BD3DD1F2"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4624l_v2:*:*:*:*:*:*:*","matchCriteriaId":"044F0375-DF2F-4D9B-AD7E-473D34165E8C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4627_v2:*:*:*:*:*:*:*","matchCriteriaId":"2CEE9B72-5C4C-40C0-A8A7-9DF11655DA43"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4627_v3:*:*:*:*:*:*:*","matchCriteriaId":"4A0655CA-A88C-4632-9A18-560E3F63B2F7"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4627_v4:*:*:*:*:*:*:*","matchCriteriaId":"8C1454DD-DA51-4CBC-8BB2-09D5AB5777DB"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4628l_v4:*:*:*:*:*:*:*","matchCriteriaId":"C6965851-3B29-4C21-9556-97FD731EAA85"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4640:*:*:*:*:*:*:*","matchCriteriaId":"52984FD2-44E0-4E91-B290-0376737EEF6F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4640_v2:*:*:*:*:*:*:*","matchCriteriaId":"4C5D92E2-E718-4247-BA5D-DFE86C0F6AAE"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4640_v3:*:*:*:*:*:*:*","matchCriteriaId":"DF933366-7503-4F8D-B7AA-F6A16210EC37"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4640_v4:*:*:*:*:*:*:*","matchCriteriaId":"4E2DAF5D-5BB7-49C6-8426-8B547505B6FC"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4648_v3:*:*:*:*:*:*:*","matchCriteriaId":"3EABB21D-D021-434B-B147-CAF687097A5B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4650:*:*:*:*:*:*:*","matchCriteriaId":"7609424D-95F1-4493-A20C-B1BA4EC6439D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4650_v2:*:*:*:*:*:*:*","matchCriteriaId":"966DC636-C802-4D9F-8162-652AFB931203"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4650_v3:*:*:*:*:*:*:*","matchCriteriaId":"A75794EB-A5AF-43F0-985F-D9E36F04C6D4"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4650_v4:*:*:*:*:*:*:*","matchCriteriaId":"31C2CFF0-98FD-4A0D-8949-D554B2FE53D4"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4650l:*:*:*:*:*:*:*","matchCriteriaId":"05F9217F-5028-4659-AA8E-F60548DE4D52"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4655_v3:*:*:*:*:*:*:*","matchCriteriaId":"4AC769DC-CF2E-4A3C-A610-264F024E6279"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4655_v4:*:*:*:*:*:*:*","matchCriteriaId":"9B2B1CBF-D155-49BC-81A4-4172F177A5C2"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4657l_v2:*:*:*:*:*:*:*","matchCriteriaId":"370B2B32-519E-4373-8A04-5C5025D688BB"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4660_v3:*:*:*:*:*:*:*","matchCriteriaId":"83D9B562-C279-4A55-A347-F28FC4F9CD12"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4660_v4:*:*:*:*:*:*:*","matchCriteriaId":"2A8C2BA0-48A8-4107-8681-A7C34C553D8C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4667_v3:*:*:*:*:*:*:*","matchCriteriaId":"B1B009DE-A82F-4569-9B42-EC1EC4DA8A40"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4667_v4:*:*:*:*:*:*:*","matchCriteriaId":"683B6E83-37FF-4F9B-915F-059EBB29DB53"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4669_v3:*:*:*:*:*:*:*","matchCriteriaId":"E218718F-4BE6-48B0-A204-9DD4A932A654"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5:4669_v4:*:*:*:*:*:*:*","matchCriteriaId":"FB0AB327-B60A-473C-9D36-97766EE62D7D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_1428l:-:*:*:*:*:*:*:*","matchCriteriaId":"3DA249EE-4786-4E27-8787-5E8B88C2AEB9"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_1428l_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"CEBD0529-1CF3-44E5-85B3-19A3323C9493"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_1428l_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"D664EE97-07EC-410F-94C3-AEAB2C6A627D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_1620:-:*:*:*:*:*:*:*","matchCriteriaId":"D31DB981-03B1-4A84-8D87-CD407C3C149F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_1620_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"0CBD155D-89D9-4677-A621-4D7613BE65C6"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_1620_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"D02BD0D4-FFFD-4355-97D8-170362F10B9F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_1620_v4:-:*:*:*:*:*:*:*","matchCriteriaId":"6635781A-2651-4EF2-A5AC-AEEEE63FDE6D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_1630_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"8DCE6930-760A-48C0-B964-1E3ED6A8517C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_1630_v4:-:*:*:*:*:*:*:*","matchCriteriaId":"9E52DE90-DF96-4CE7-B8D1-226BA50E4D09"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_1650:-:*:*:*:*:*:*:*","matchCriteriaId":"C8EB40E7-9B91-4106-B303-2B70AF395BFA"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_1650_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"EAB0D5CD-8AF3-409D-96A7-718641D4B90D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_1650_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"6E420B0B-0CD5-41C7-B25A-3DB856055F9E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_1650_v4:-:*:*:*:*:*:*:*","matchCriteriaId":"8B0C295B-0D63-4BE7-830D-D927E00C301C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_1660:-:*:*:*:*:*:*:*","matchCriteriaId":"605C340D-2220-4669-B827-9009CB099E8B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_1660_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"8791879D-2908-4F57-8DB3-6D24100A9108"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_1660_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"CEBEDBBA-0427-4DE0-BA8D-737DE7DF80E6"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_1660_v4:-:*:*:*:*:*:*:*","matchCriteriaId":"E823DC5B-98BE-4656-BFBF-3A7018F8F213"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_1680_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"64E8D558-ADE0-4358-9C76-7BD77BF23AA1"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_1680_v4:-:*:*:*:*:*:*:*","matchCriteriaId":"7973B3D0-F244-4E26-88F5-A2D9BF2E4503"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2403:-:*:*:*:*:*:*:*","matchCriteriaId":"68E6BAB9-CBA4-4362-BC82-00D2C5CC6FB4"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2403_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"CD3F4BFF-3CBE-4E4B-8B29-B203F99CFD8A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2407:-:*:*:*:*:*:*:*","matchCriteriaId":"3F5CB567-4F86-4466-BE4D-BFF557ACAE0A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2407_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"8A52611B-6583-4660-90D7-C9472728072B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2408l_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"E80C6E89-B57C-47BB-8B95-50C03DFB3B96"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2418l:-:*:*:*:*:*:*:*","matchCriteriaId":"A9AB685B-FEE1-41EF-A046-1B34619E12A1"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2418l_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"DB9F6724-967A-4AF0-9896-12BF6164B2CB"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2418l_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"FC1116BF-12D7-47CC-98DB-18B200CF9C16"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2420:-:*:*:*:*:*:*:*","matchCriteriaId":"9FBB28DE-726B-4AF0-88A5-35987E1E648B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2420_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"5EA1DB22-8FBF-4CF6-AA96-5B68EE28877D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2428l:-:*:*:*:*:*:*:*","matchCriteriaId":"1880E2B8-5E0E-4603-8D17-3ABA43D28179"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2428l_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"2FAFBB92-1917-4238-832B-195FBE418271"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2428l_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"91DFDF3F-9A3F-42B8-99A1-A3F76B198358"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2430:-:*:*:*:*:*:*:*","matchCriteriaId":"8778F972-BF34-482F-9FA7-71A77F6138E1"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2430_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"8F288BB0-FE7A-4900-B227-BE80E4F4AADF"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2430l:-:*:*:*:*:*:*:*","matchCriteriaId":"3A8DC53A-90C6-47FE-89F1-A1FE8B1C07A9"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2430l_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"57E16338-A094-4CA9-B77F-6FE42D3B422C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2438l_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"4E07AB33-5351-487D-9602-495489C7C0B8"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2440:-:*:*:*:*:*:*:*","matchCriteriaId":"22115ED6-1707-4840-B0D1-AD36BC0C75A8"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2440_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"C7C633BC-831F-4CB7-9D62-16693444B216"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2448l:-:*:*:*:*:*:*:*","matchCriteriaId":"9CF5EE7E-F41B-44EC-9F69-7963B1BF1FB0"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2448l_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"6DD501E1-E78F-44C6-8A13-C29337B07EBE"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2450:-:*:*:*:*:*:*:*","matchCriteriaId":"9085BA0B-B7E2-4908-90C0-B4183891C718"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2450_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"F2267CB8-0EE9-4DBD-AD5F-8A13BB62673C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2450l:-:*:*:*:*:*:*:*","matchCriteriaId":"81971C2F-137A-4F11-8C93-3B99D4CD1B58"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2450l_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"98E0BDAC-398E-406B-B2DB-AE049D6E98B1"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2470:-:*:*:*:*:*:*:*","matchCriteriaId":"FCB66D7E-B465-4A8B-8CBD-7E93CCA2CD6F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2470_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"86AFDE6C-DE58-4C4D-882E-474EF6C3D934"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2603:-:*:*:*:*:*:*:*","matchCriteriaId":"950C6BF9-AA47-4287-AC01-D183237490FA"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2603_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"2355181D-D8EE-4F80-8280-13D5CBCF4779"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2603_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"5209343F-66B0-4DC0-9111-E2E64CFF7409"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2603_v4:-:*:*:*:*:*:*:*","matchCriteriaId":"720109A6-B79E-48E1-9AE7-7708B154788E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2608l_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"82FF0DBD-AE13-4232-80F7-F4C2E2CC9721"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2608l_v4:-:*:*:*:*:*:*:*","matchCriteriaId":"E5E944ED-8C02-46B8-BF95-0CE4C352753B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2609:-:*:*:*:*:*:*:*","matchCriteriaId":"77AEA3D1-4846-46E2-9B80-20B19F00DC11"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2609_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"1576978F-E93D-4A47-90B6-6A4E3A7DE558"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2609_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"0D339FE5-001F-4005-88A5-CFFE37F9B63E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2609_v4:-:*:*:*:*:*:*:*","matchCriteriaId":"1BDABA86-497E-497E-A5BA-46F913A4840A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2618l_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"DD886F4C-DB6F-4DDD-9807-8BCBB625C226"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2618l_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"9E16912A-7F6A-4A2B-B70F-D1FCD34BC7DB"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2618l_v4:-:*:*:*:*:*:*:*","matchCriteriaId":"F4C454B7-E5F4-4AAE-B577-FD71FA002C8A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2620:-:*:*:*:*:*:*:*","matchCriteriaId":"38BE2781-3A06-4D62-AC8B-68B721DA526B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2620_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"E9AE4EA5-B8C8-4AE2-9614-F9DBDB4D79DC"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2620_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"2DA23772-2EB8-4BEE-8703-26D967EC4503"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2620_v4:-:*:*:*:*:*:*:*","matchCriteriaId":"72DC766A-B1F9-4B83-9F9B-CF603EE476BD"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2623_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"EA594740-43C5-4F42-BA5B-00CA8AE7BB60"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2623_v4:-:*:*:*:*:*:*:*","matchCriteriaId":"572B16E2-8118-43A0-9A80-5D96831D55FD"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2628l_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"9FB5C551-BADC-4A3A-93E5-2EBCA0704C51"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2628l_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"5383B7A3-1569-4FEB-B299-B87CE8C8A87B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2628l_v4:-:*:*:*:*:*:*:*","matchCriteriaId":"A05BBDE0-6C47-4489-9455-7DA7D230ECA1"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2630:-:*:*:*:*:*:*:*","matchCriteriaId":"1789AA69-EA31-44D1-82E6-228E48E18586"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2630_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"B4A7D5FF-3B1F-4C64-BB81-7A349765520D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2630_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"D93A92E9-C8D2-4F6E-A5CA-E8AFFEEC7E13"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2630_v4:-:*:*:*:*:*:*:*","matchCriteriaId":"0F0498B3-393A-4C32-B338-E6014B956755"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2630l:-:*:*:*:*:*:*:*","matchCriteriaId":"C451F752-6869-4AFA-BAE5-5C9A54427BF2"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2630l_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"83710FD1-099B-436D-9640-061D515E10BA"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2630l_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"517B71CE-6156-40E1-B068-A2B733E205E3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2630l_v4:-:*:*:*:*:*:*:*","matchCriteriaId":"11DEEEE5-5055-4CE1-962C-C5F075F4CC02"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2637:-:*:*:*:*:*:*:*","matchCriteriaId":"8718DDAB-3208-48CF-9BCE-54DA1257C16A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2637_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"FE1AA901-E822-4240-9D82-C9311E4F87B2"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2637_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"C1CDE3DF-8E79-4997-94EB-B517FFCAE55C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2637_v4:-:*:*:*:*:*:*:*","matchCriteriaId":"12A0DE13-EB0B-493B-BC84-3AEB3D454776"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2640:-:*:*:*:*:*:*:*","matchCriteriaId":"1727697B-1F59-4E29-B036-C32E9076C523"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2640_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"E69E827C-C0D0-46C7-913A-1C1E02CEAACE"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2640_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"2528F3F9-34DC-41DA-8926-382CB3EF5560"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2640_v4:-:*:*:*:*:*:*:*","matchCriteriaId":"E452C262-5A8D-4D97-BC7F-A4F5FF53A659"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2643:-:*:*:*:*:*:*:*","matchCriteriaId":"9D57BF69-D750-4278-98AA-976B0D28E347"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2643_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"76ADAE30-6CAD-4F5B-B6F7-C18953144C63"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2643_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"8A25D792-E21D-43EE-8B9D-67DE066DE5DE"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2643_v4:-:*:*:*:*:*:*:*","matchCriteriaId":"2C669783-C058-4B4F-BB9A-84B2C4682247"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2648l:-:*:*:*:*:*:*:*","matchCriteriaId":"159B088B-9A85-4CAA-854A-AA080E528F95"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2648l_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"FBE74A94-FE8F-4749-A35A-AB7D57E24913"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2648l_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"990AC341-0E67-4A81-87E9-EE3EFD9E847E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2648l_v4:-:*:*:*:*:*:*:*","matchCriteriaId":"53BC18B0-58F1-4477-9978-CA7383C197FB"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2650:-:*:*:*:*:*:*:*","matchCriteriaId":"474992FB-842D-4661-A565-44AF2CD78693"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2650_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"476E1B79-5342-4895-96D7-E97DFC1F5334"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2650_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"EBD318D5-89A6-4E28-939C-C5B61396806B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2650_v4:-:*:*:*:*:*:*:*","matchCriteriaId":"981AD3FF-1D14-4ECD-8B6F-BCEB7F2409AF"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2650l:-:*:*:*:*:*:*:*","matchCriteriaId":"A32C7E89-32ED-4328-9313-FA7D3DDBDC58"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2650l_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"2792EED8-2CBD-478E-BC09-05FE830B3147"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5_2650l_v3:-:*:*:*:*:*:*:*","matchCriteriaId":"97B1AF2F-6E48-4DBD-A60E-3088CA4C3771"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:2803:*:*:*:*:*:*:*","matchCriteriaId":"34E1691D-65B3-45E4-A544-8B29E38D569D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:2820:*:*:*:*:*:*:*","matchCriteriaId":"E42F2703-B8AB-410E-AF7B-CD0BE777F061"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:2830:*:*:*:*:*:*:*","matchCriteriaId":"31244C94-00A3-499C-A91A-1BEF2FB0E6B9"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:2850:*:*:*:*:*:*:*","matchCriteriaId":"878FF6E8-8A6D-44CE-9DD1-2C912AB8A193"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:2850_v2:*:*:*:*:*:*:*","matchCriteriaId":"5078A95B-2BD8-4A37-A356-F53D1A53CB37"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:2860:*:*:*:*:*:*:*","matchCriteriaId":"0BFE67CD-DE53-4C4E-8245-35902AEFA6E8"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:2870:*:*:*:*:*:*:*","matchCriteriaId":"9F231D31-3AAD-4C5D-A225-D2DF94486718"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:2870_v2:*:*:*:*:*:*:*","matchCriteriaId":"5998DF5D-E785-45EC-B8D0-1F4EC4F96D50"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:2880_v2:*:*:*:*:*:*:*","matchCriteriaId":"EADFD013-0BFB-427C-98E6-F9E4774DCBC9"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:2890_v2:*:*:*:*:*:*:*","matchCriteriaId":"58620B10-FEA6-456D-B6B5-2745F5DBE82D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:4807:*:*:*:*:*:*:*","matchCriteriaId":"E8F698B1-D9CF-4FE5-933D-EFCEA3056E3D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:4809_v2:*:*:*:*:*:*:*","matchCriteriaId":"4858A1F0-97F2-4258-AB98-027BF1EC5117"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:4809_v3:*:*:*:*:*:*:*","matchCriteriaId":"3C961A8B-EAFD-4F66-9432-BCC0D154ECCE"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:4809_v4:*:*:*:*:*:*:*","matchCriteriaId":"052DE6CD-A1E7-4E81-B476-66EF451061C4"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:4820:*:*:*:*:*:*:*","matchCriteriaId":"3BE1AE1E-6FC0-41D8-857C-C5A99CAF5823"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:4820_v2:*:*:*:*:*:*:*","matchCriteriaId":"751B3AC8-D45E-46B6-83D5-311B693F3C0D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:4820_v3:*:*:*:*:*:*:*","matchCriteriaId":"9588277A-0B97-4408-9CF7-11271CDAADD6"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:4820_v4:*:*:*:*:*:*:*","matchCriteriaId":"479FE854-85E5-4ED0-BFAF-2618C9053082"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:4830:*:*:*:*:*:*:*","matchCriteriaId":"E048B9BF-77C8-49F7-9F2D-9999F79BA264"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:4830_v2:*:*:*:*:*:*:*","matchCriteriaId":"6CD16D4D-E816-486D-96F4-5A2BF75B959F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:4830_v3:*:*:*:*:*:*:*","matchCriteriaId":"169C558E-1A83-47D5-A66B-035BD1DD56FF"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:4830_v4:*:*:*:*:*:*:*","matchCriteriaId":"D683E509-3FB2-4175-BCAB-4EB1B5C04958"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:4850:*:*:*:*:*:*:*","matchCriteriaId":"6FCFA915-5445-4732-9F8F-D7561BA4177F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:4850_v2:*:*:*:*:*:*:*","matchCriteriaId":"63A9FD98-C22D-48F6-87A1-60791C818A1E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:4850_v3:*:*:*:*:*:*:*","matchCriteriaId":"85F99F24-1783-4E6E-BE61-04C2E80356ED"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:4850_v4:*:*:*:*:*:*:*","matchCriteriaId":"74CC7EB9-3F59-4C0A-B3A1-984BCCFB25BD"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:4860:*:*:*:*:*:*:*","matchCriteriaId":"85289E4C-C813-4677-867D-EE8E98F4A1A3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:4860_v2:*:*:*:*:*:*:*","matchCriteriaId":"27C8150F-BEFA-406D-9F0D-E7CB187E26AB"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:4870:*:*:*:*:*:*:*","matchCriteriaId":"1E807F90-819F-4103-B1F7-4CE46971BD63"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:4870_v2:*:*:*:*:*:*:*","matchCriteriaId":"CD93203F-71B9-4F87-B5D8-FD273451C8A2"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:4880_v2:*:*:*:*:*:*:*","matchCriteriaId":"1E652C74-C48D-4F29-9E85-09325632443F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:4890_v2:*:*:*:*:*:*:*","matchCriteriaId":"99158191-3013-4182-8A53-5DFCA1E2C60A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:8830:*:*:*:*:*:*:*","matchCriteriaId":"F7E39A3E-7EAE-47C9-930B-58A980B73FC5"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:8837:*:*:*:*:*:*:*","matchCriteriaId":"FFDA54BA-C00D-4890-9B7F-328257607B21"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:8850:*:*:*:*:*:*:*","matchCriteriaId":"1F5EFB1E-334C-4B55-8E2E-6AE19B34774D"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:8850_v2:*:*:*:*:*:*:*","matchCriteriaId":"B8260DCA-2F0C-45F7-B35F-D489AF5639F2"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:8857_v2:*:*:*:*:*:*:*","matchCriteriaId":"7778F81B-6D05-4666-B1D4-53DB0EC16858"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:8860:*:*:*:*:*:*:*","matchCriteriaId":"5DC6706A-61F7-4AA0-B2FF-0FFDF739A644"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:8860_v3:*:*:*:*:*:*:*","matchCriteriaId":"7EF1B16B-02F2-4ECA-938E-B5CDCFC67816"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:8860_v4:*:*:*:*:*:*:*","matchCriteriaId":"3C5501D8-1B0D-4F5A-AFD7-C63181D3281F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:8867_v3:*:*:*:*:*:*:*","matchCriteriaId":"1751F0CE-A0D3-40E2-8EEC-D31141FE33A8"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:8867_v4:*:*:*:*:*:*:*","matchCriteriaId":"5FF9AFA7-BBE8-4229-94CB-5A9596728BA5"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:8867l:*:*:*:*:*:*:*","matchCriteriaId":"E23A777F-68A4-4217-A75A-4D8A27E6451A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:8870:*:*:*:*:*:*:*","matchCriteriaId":"2CA27DFB-CDD1-4F52-86B3-DB2320A9C7B2"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:8870_v2:*:*:*:*:*:*:*","matchCriteriaId":"392A4337-11F6-4980-A138-4FDBCAD0EBA4"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:8870_v3:*:*:*:*:*:*:*","matchCriteriaId":"E2E9BB67-F1FF-4190-889F-78B965CCE934"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:8870_v4:*:*:*:*:*:*:*","matchCriteriaId":"F4185A70-5D10-448E-A9AB-AA9D5CDF0FF8"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:8880_v2:*:*:*:*:*:*:*","matchCriteriaId":"35607317-0928-4297-A33E-D44BEE1BBEC9"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:8880_v3:*:*:*:*:*:*:*","matchCriteriaId":"D48323B1-7FEB-451F-A064-23E7CE7F6403"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:8880_v4:*:*:*:*:*:*:*","matchCriteriaId":"29EF4E8A-EF37-4DCC-B5D4-DA89AF31DD18"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:8880l_v2:*:*:*:*:*:*:*","matchCriteriaId":"F5763189-7980-4A72-92C9-1908FE9E15EF"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:8880l_v3:*:*:*:*:*:*:*","matchCriteriaId":"C53ACD49-DA21-4DDE-A0AA-FCCD59D29886"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:8890_v2:*:*:*:*:*:*:*","matchCriteriaId":"4326D350-EBC2-48E6-A2C6-0499F6826CEE"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:8890_v3:*:*:*:*:*:*:*","matchCriteriaId":"8594E6FE-B6DB-4343-B3DD-AEC19923DAF9"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:8890_v4:*:*:*:*:*:*:*","matchCriteriaId":"5BCADA00-E453-414D-9933-FCB43D21BBC3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:8891_v2:*:*:*:*:*:*:*","matchCriteriaId":"E62212D9-F707-4A8E-AB2A-A3985E7A4049"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:8891_v3:*:*:*:*:*:*:*","matchCriteriaId":"561755A8-8AAD-4F41-8266-747EFDAF2D55"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:8891_v4:*:*:*:*:*:*:*","matchCriteriaId":"E6F4BB0F-DAF4-479B-B78A-7929C151AA1B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:8893_v2:*:*:*:*:*:*:*","matchCriteriaId":"A207312E-1D35-4464-A111-22C4C793E146"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:8893_v3:*:*:*:*:*:*:*","matchCriteriaId":"E9B16E32-07D5-445B-BAA5-4E4A0881BFC1"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:8893_v4:*:*:*:*:*:*:*","matchCriteriaId":"7CF08F6B-2ECB-414C-82D7-C06085BF8B10"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e7:8894_v4:*:*:*:*:*:*:*","matchCriteriaId":"21032BE3-74D8-4C3F-B461-158F475B6853"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_gold:5115:*:*:*:*:*:*:*","matchCriteriaId":"2F9AC992-59B7-44EE-9FF3-567AC48938AA"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_gold:5118:*:*:*:*:*:*:*","matchCriteriaId":"B44B3BFF-649A-4C1E-9564-EFA007FA2BD5"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_gold:5119t:*:*:*:*:*:*:*","matchCriteriaId":"C04EDD71-15B3-4085-828C-BB7A43DBDCC0"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_gold:5120:*:*:*:*:*:*:*","matchCriteriaId":"CC1BA7AC-989B-4093-841A-C6D5978BF17F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_gold:5120t:*:*:*:*:*:*:*","matchCriteriaId":"1874F848-B15B-4369-A164-5FA11D2B9AFE"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_gold:5122:*:*:*:*:*:*:*","matchCriteriaId":"9E46F934-9765-43ED-88A7-A4778C99A976"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_gold:6126:*:*:*:*:*:*:*","matchCriteriaId":"380A8F4F-7D1F-4F79-B555-E5AE18EF9F5F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_gold:6126f:*:*:*:*:*:*:*","matchCriteriaId":"E8D5217E-9520-4FDB-9330-C8DC2CDDAA70"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_gold:6126t:*:*:*:*:*:*:*","matchCriteriaId":"B206674F-1A34-470B-820C-05F9C37792CF"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_gold:6128:*:*:*:*:*:*:*","matchCriteriaId":"63AE2051-9F8E-4477-8E1E-38A1E06AD247"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_gold:6130:*:*:*:*:*:*:*","matchCriteriaId":"6B39281F-990C-4AA3-9287-CCB5BA7E8AC8"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_gold:6130f:*:*:*:*:*:*:*","matchCriteriaId":"3EDC0FCF-BD22-42AD-8044-9A64215B91CA"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_gold:6130t:*:*:*:*:*:*:*","matchCriteriaId":"7E0ED8AA-56D8-4CB6-A765-706BE87C9E30"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_gold:6132:*:*:*:*:*:*:*","matchCriteriaId":"AA890C07-7940-4DF4-96FB-8F71A2EFE5C0"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_gold:6134:*:*:*:*:*:*:*","matchCriteriaId":"E95A34F0-0B74-4031-BC9E-CBC93665BE68"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_gold:6134m:*:*:*:*:*:*:*","matchCriteriaId":"4CD3CF38-0DDD-4C1C-B420-4DE0B1C932CF"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_gold:6136:*:*:*:*:*:*:*","matchCriteriaId":"0BB22DF7-15CE-4340-A05F-BD39FCA41F50"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_gold:6138:*:*:*:*:*:*:*","matchCriteriaId":"7BA72DC8-2E4E-453A-A3FB-20F31D32B973"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_gold:6138f:*:*:*:*:*:*:*","matchCriteriaId":"758E45B6-7C7A-432D-891D-CB99077AE3B5"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_gold:6138t:*:*:*:*:*:*:*","matchCriteriaId":"06B3CDFF-B055-4BB4-98FB-DFF4B2E63A29"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_gold:6140:*:*:*:*:*:*:*","matchCriteriaId":"26D7A401-BCE1-4673-93C9-67F009B75A39"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_gold:6140m:*:*:*:*:*:*:*","matchCriteriaId":"6E62119B-2A65-4473-B570-F118614B0ED6"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_gold:6142:*:*:*:*:*:*:*","matchCriteriaId":"5E5319E0-909C-4688-AAA6-6A0B5D19FFDF"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_gold:6142f:*:*:*:*:*:*:*","matchCriteriaId":"8F83F9F9-D2DB-4D40-AD61-29E66B050B45"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_gold:6142m:*:*:*:*:*:*:*","matchCriteriaId":"91BE6238-312E-4CF7-9E74-48CB5603B0FF"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_gold:6144:*:*:*:*:*:*:*","matchCriteriaId":"AC09EB6D-7FAC-4B61-83A5-B0DC18D54EB3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_gold:6146:*:*:*:*:*:*:*","matchCriteriaId":"33BA1BE0-0A78-4E94-A619-35735C913180"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_gold:6148:*:*:*:*:*:*:*","matchCriteriaId":"3FDD838C-8037-49E1-BAB4-C1D7D29BB9D5"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_gold:6148f:*:*:*:*:*:*:*","matchCriteriaId":"24CA40FE-80C5-4A20-8219-CEF51F3162FD"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_gold:6150:*:*:*:*:*:*:*","matchCriteriaId":"B10305C5-0C2C-48B7-A0AD-2B24AD722EBC"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_gold:6152:*:*:*:*:*:*:*","matchCriteriaId":"33E8F127-6EAE-4302-BD52-7C3FCCA307D4"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_gold:6154:*:*:*:*:*:*:*","matchCriteriaId":"8D675EA9-33E7-45ED-B6A9-7117AD2FEE26"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_phi:7210:*:*:*:*:*:*:*","matchCriteriaId":"F6E468FE-73BE-4B20-B774-58EC7CD20CDB"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_phi:7210f:*:*:*:*:*:*:*","matchCriteriaId":"0FF6B19B-7D45-44B3-8524-407253B93EEE"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_phi:7230:*:*:*:*:*:*:*","matchCriteriaId":"2B803FAD-E54D-49FE-A078-029B8FFBBB98"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_phi:7230f:*:*:*:*:*:*:*","matchCriteriaId":"CC511505-ED67-45B4-B76C-56AB750C4408"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_phi:7235:*:*:*:*:*:*:*","matchCriteriaId":"A430C232-79EB-4264-AE24-41D4A2A5D990"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_phi:7250:*:*:*:*:*:*:*","matchCriteriaId":"3A9E3D4B-A3DF-4858-8C64-0316B6E57435"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_phi:7250f:*:*:*:*:*:*:*","matchCriteriaId":"19108672-E1AA-41CC-B86C-061D3721C8B8"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_phi:7285:*:*:*:*:*:*:*","matchCriteriaId":"200D36CF-AEDE-4183-8C54-748E6E5A3218"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_phi:7290:*:*:*:*:*:*:*","matchCriteriaId":"4CF13A44-5163-4282-8EE8-7DC05499B5E0"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_phi:7290f:*:*:*:*:*:*:*","matchCriteriaId":"827C12CE-D87D-489D-ABA7-BE0405EC33D4"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_phi:7295:*:*:*:*:*:*:*","matchCriteriaId":"16AA78F7-520B-4FFC-838C-DC74FEE8E13F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_platinum:8153:*:*:*:*:*:*:*","matchCriteriaId":"8CB2949C-4699-49EF-83EB-31199E0CE2DF"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_platinum:8156:*:*:*:*:*:*:*","matchCriteriaId":"66C169DC-EEFE-4DE6-A3D0-65B606527240"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_platinum:8158:*:*:*:*:*:*:*","matchCriteriaId":"FD28227A-8888-43B2-BC41-8D54B49DA58C"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_platinum:8160:*:*:*:*:*:*:*","matchCriteriaId":"7984BAEA-4518-4E17-830E-B34D09648BD8"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_platinum:8160f:*:*:*:*:*:*:*","matchCriteriaId":"2C2214E5-491E-448F-A4B6-A497FB44D722"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_platinum:8160m:*:*:*:*:*:*:*","matchCriteriaId":"2AE93013-C262-46A5-8E77-D647881EE632"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_platinum:8160t:*:*:*:*:*:*:*","matchCriteriaId":"85B53CEC-943F-4966-8EC1-CB2C6AD6A15B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_platinum:8164:*:*:*:*:*:*:*","matchCriteriaId":"EEAC04A3-EBE3-406B-B784-A3547162ECE4"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_platinum:8168:*:*:*:*:*:*:*","matchCriteriaId":"15720FFE-B2A4-4347-BCD7-DFA6774C0B8F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_platinum:8170:*:*:*:*:*:*:*","matchCriteriaId":"50F46B0E-C746-44B4-B343-E3DCAB4B98DE"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_platinum:8170m:*:*:*:*:*:*:*","matchCriteriaId":"5AE30903-4F75-4D71-A8BB-44D1099E9837"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_platinum:8176:*:*:*:*:*:*:*","matchCriteriaId":"98311EAA-26C8-4092-8BE5-4E7BEAA68DD4"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_platinum:8176f:*:*:*:*:*:*:*","matchCriteriaId":"DB8CF348-811C-4342-ACB9-AFCABCC34331"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_platinum:8176m:*:*:*:*:*:*:*","matchCriteriaId":"71998EC5-EC0F-496C-B658-3CD91D824944"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_platinum:8180:*:*:*:*:*:*:*","matchCriteriaId":"A1F19B2A-E7A1-4B97-AC40-02B0D3673555"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_silver:4108:*:*:*:*:*:*:*","matchCriteriaId":"CB6387C9-C0A8-4B26-BC62-802775CD0AD3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_silver:4109t:*:*:*:*:*:*:*","matchCriteriaId":"EFEB0164-77C2-4EC2-92FD-5FCE246119CB"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_silver:4110:*:*:*:*:*:*:*","matchCriteriaId":"FDB20210-337C-4220-8CA1-F4B2BC54EBC3"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_silver:4112:*:*:*:*:*:*:*","matchCriteriaId":"F699569F-4F52-4CC0-90D9-CC4CBC32428A"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_silver:4114:*:*:*:*:*:*:*","matchCriteriaId":"CBAED22B-D097-49C4-ADDF-4B3F3E1262D6"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_silver:4114t:*:*:*:*:*:*:*","matchCriteriaId":"ACF5C3C2-EE69-4DE7-A76C-C797192EE7A1"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_silver:4116:*:*:*:*:*:*:*","matchCriteriaId":"7756B588-5A63-4508-8BDD-92DB8CB0F4AD"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_silver:4116t:*:*:*:*:*:*:*","matchCriteriaId":"316E26AE-67A5-4E75-8F9B-ECF4A03AED51"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:h:arm:cortex-a:75:*:*:*:*:*:*:*","matchCriteriaId":"C850453B-CDB1-490D-B551-9AC0B27D8A67"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html","source":"secure@intel.com"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html","source":"secure@intel.com"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html","source":"secure@intel.com"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html","source":"secure@intel.com"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html","source":"secure@intel.com"},{"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4609","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4611","source":"secure@intel.com"},{"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4613","source":"secure@intel.com"},{"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4614","source":"secure@intel.com"},{"url":"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt","source":"secure@intel.com"},{"url":"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt","source":"secure@intel.com"},{"url":"http://www.kb.cert.org/vuls/id/584653","source":"secure@intel.com","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/102378","source":"secure@intel.com"},{"url":"http://www.securityfocus.com/bid/106128","source":"secure@intel.com"},{"url":"http://www.securitytracker.com/id/1040071","source":"secure@intel.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://xenbits.xen.org/xsa/advisory-254.html","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:0292","source":"secure@intel.com"},{"url":"https://access.redhat.com/security/vulnerabilities/speculativeexecution","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"https://cdrdv2.intel.com/v1/dl/getContent/685358","source":"secure@intel.com"},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf","source":"secure@intel.com"},{"url":"https://cert.vde.com/en-us/advisories/vde-2018-002","source":"secure@intel.com"},{"url":"https://cert.vde.com/en-us/advisories/vde-2018-003","source":"secure@intel.com"},{"url":"https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability","source":"secure@intel.com"},{"url":"https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","source":"secure@intel.com"},{"url":"https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes","source":"secure@intel.com"},{"url":"https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html","source":"secure@intel.com"},{"url":"https://meltdownattack.com/","source":"secure@intel.com","tags":["Technical Description","Third Party Advisory"]},{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002","source":"secure@intel.com","tags":["Patch","Third Party Advisory","Vendor Advisory"]},{"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-18:03.speculative_execution.asc","source":"secure@intel.com"},{"url":"https://security.gentoo.org/glsa/201810-06","source":"secure@intel.com"},{"url":"https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20180104-0001/","source":"secure@intel.com"},{"url":"https://source.android.com/security/bulletin/2018-04-01","source":"secure@intel.com"},{"url":"https://support.citrix.com/article/CTX231399","source":"secure@intel.com"},{"url":"https://support.citrix.com/article/CTX234679","source":"secure@intel.com"},{"url":"https://support.f5.com/csp/article/K91229003","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us","source":"secure@intel.com"},{"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_us","source":"secure@intel.com"},{"url":"https://support.lenovo.com/us/en/solutions/LEN-18282","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel","source":"secure@intel.com"},{"url":"https://usn.ubuntu.com/3522-3/","source":"secure@intel.com"},{"url":"https://usn.ubuntu.com/3522-4/","source":"secure@intel.com"},{"url":"https://usn.ubuntu.com/3523-1/","source":"secure@intel.com"},{"url":"https://usn.ubuntu.com/3540-2/","source":"secure@intel.com"},{"url":"https://usn.ubuntu.com/3541-2/","source":"secure@intel.com"},{"url":"https://usn.ubuntu.com/3583-1/","source":"secure@intel.com"},{"url":"https://usn.ubuntu.com/3597-1/","source":"secure@intel.com"},{"url":"https://usn.ubuntu.com/3597-2/","source":"secure@intel.com"},{"url":"https://usn.ubuntu.com/usn/usn-3516-1/","source":"secure@intel.com"},{"url":"https://usn.ubuntu.com/usn/usn-3522-2/","source":"secure@intel.com"},{"url":"https://usn.ubuntu.com/usn/usn-3523-2/","source":"secure@intel.com"},{"url":"https://usn.ubuntu.com/usn/usn-3524-2/","source":"secure@intel.com"},{"url":"https://usn.ubuntu.com/usn/usn-3525-1/","source":"secure@intel.com"},{"url":"https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin","source":"secure@intel.com"},{"url":"https://www.debian.org/security/2018/dsa-4078","source":"secure@intel.com"},{"url":"https://www.debian.org/security/2018/dsa-4082","source":"secure@intel.com"},{"url":"https://www.debian.org/security/2018/dsa-4120","source":"secure@intel.com"},{"url":"https://www.kb.cert.org/vuls/id/180049","source":"secure@intel.com"},{"url":"https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001","source":"secure@intel.com"},{"url":"https://www.oracle.com/security-alerts/cpuapr2020.html","source":"secure@intel.com"},{"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","source":"secure@intel.com"},{"url":"https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"https://www.synology.com/support/security/Synology_SA_18_01","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4609","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4611","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4613","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4614","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.kb.cert.org/vuls/id/584653","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/102378","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/106128","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1040071","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://xenbits.xen.org/xsa/advisory-254.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:0292","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/security/vulnerabilities/speculativeexecution","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://cdrdv2.intel.com/v1/dl/getContent/685358","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://cert.vde.com/en-us/advisories/vde-2018-002","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://cert.vde.com/en-us/advisories/vde-2018-003","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://meltdownattack.com/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Technical Description","Third Party Advisory"]},{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory","Vendor Advisory"]},{"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-18:03.speculative_execution.asc","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201810-06","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20180104-0001/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://source.android.com/security/bulletin/2018-04-01","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.citrix.com/article/CTX231399","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.citrix.com/article/CTX234679","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.f5.com/csp/article/K91229003","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_us","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.lenovo.com/us/en/solutions/LEN-18282","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://usn.ubuntu.com/3522-3/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://usn.ubuntu.com/3522-4/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://usn.ubuntu.com/3523-1/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://usn.ubuntu.com/3540-2/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://usn.ubuntu.com/3541-2/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://usn.ubuntu.com/3583-1/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://usn.ubuntu.com/3597-1/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://usn.ubuntu.com/3597-2/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://usn.ubuntu.com/usn/usn-3516-1/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://usn.ubuntu.com/usn/usn-3522-2/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://usn.ubuntu.com/usn/usn-3523-2/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://usn.ubuntu.com/usn/usn-3524-2/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://usn.ubuntu.com/usn/usn-3525-1/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.debian.org/security/2018/dsa-4078","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.debian.org/security/2018/dsa-4082","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.debian.org/security/2018/dsa-4120","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.kb.cert.org/vuls/id/180049","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.oracle.com/security-alerts/cpuapr2020.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.synology.com/support/security/Synology_SA_18_01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-12626","sourceIdentifier":"security@apache.org","published":"2018-01-29T17:29:00.410","lastModified":"2026-05-28T19:16:24.050","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1) Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294), and 2) Out of Memory Exceptions while parsing crafted DOC, PPT and XLS (POI bugs 52372 and 61295)."},{"lang":"es","value":"Apache POI, en versiones anteriores al release 3.17, es vulnerable a ataques de denegación de servicio (DoS): 1) bucles infinitos al analizar WMF, EMF, MSG y macros manipuladas (POI bugs 61338 y 61294); y 2) excepciones fuera de memoria al analizar DOC, PPT y XLS manipulados(POI bugs 52372 y 61295)."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-835"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-835"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:poi:*:*:*:*:*:*:*:*","versionEndExcluding":"3.17","matchCriteriaId":"1C04149C-A260-4129-93DE-EA5815189C17"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/102879","source":"security@apache.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2018:1322","source":"security@apache.org","tags":["Third Party Advisory"]},{"url":"https://lists.apache.org/thread.html/453d9af5dbabaccd9afb58d27279a9dbfe8e35f4e5ea1645ddd6960b%40%3Cdev.poi.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E","source":"security@apache.org"},{"url":"https://www.oracle.com/security-alerts/cpuApr2021.html","source":"security@apache.org"},{"url":"https://www.oracle.com/security-alerts/cpuapr2020.html","source":"security@apache.org"},{"url":"https://www.oracle.com/security-alerts/cpujan2020.html","source":"security@apache.org"},{"url":"https://www.oracle.com/security-alerts/cpujan2021.html","source":"security@apache.org"},{"url":"https://www.oracle.com/security-alerts/cpujul2020.html","source":"security@apache.org"},{"url":"https://www.oracle.com/security-alerts/cpuoct2020.html","source":"security@apache.org"},{"url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","source":"security@apache.org"},{"url":"http://www.securityfocus.com/bid/102879","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2018:1322","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://lists.apache.org/thread.html/453d9af5dbabaccd9afb58d27279a9dbfe8e35f4e5ea1645ddd6960b%40%3Cdev.poi.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.oracle.com/security-alerts/cpuApr2021.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.oracle.com/security-alerts/cpuapr2020.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.oracle.com/security-alerts/cpujan2020.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.oracle.com/security-alerts/cpujan2021.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.oracle.com/security-alerts/cpujul2020.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.oracle.com/security-alerts/cpuoct2020.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2019-6129","sourceIdentifier":"cve@mitre.org","published":"2019-01-11T05:29:01.640","lastModified":"2026-05-28T19:16:35.243","vulnStatus":"Modified","cveTags":[{"sourceIdentifier":"cve@mitre.org","tags":["disputed"]}],"descriptions":[{"lang":"en","value":"png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. NOTE: a third party has stated \"I don't think it is libpng's job to free this buffer."},{"lang":"es","value":"** EN DISPUTA ** png_create_info_struct en png.c en libpng 1.6.36 tiene una fuga de memoria, tal y como queda demostrado con pngcp. NOTA: un tercero ha declarado \"No creo que sea tarea de libpng liberar este búfer.\""}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.6.36:*:*:*:*:*:*:*","matchCriteriaId":"F9E98605-E9D5-4A8A-8858-C4AF1236AB6D"}]}]}],"references":[{"url":"https://github.com/glennrp/libpng/issues/269","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","source":"cve@mitre.org"},{"url":"https://github.com/glennrp/libpng/issues/269","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2019-6109","sourceIdentifier":"cve@mitre.org","published":"2019-01-31T18:29:00.710","lastModified":"2026-05-28T19:16:34.930","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c."},{"lang":"es","value":"Se ha descubierto un problema en OpenSSH 7.9. Debido a la falta de cifrado de caracteres en la pantalla de progreso, un servidor malicioso (o atacante Man-in-the-Middle) puede emplear nombres de objeto manipulados para manipular la salida del cliente, por ejemplo, empleando códigos de control de ANSI para ocultar los archivos adicionales que se están transfiriendo. Esto afecta a refresh_progress_meter() en progressmeter.c."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":5.2},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:P/I:P/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":4.9,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-116"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-116"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*","versionEndIncluding":"7.9","matchCriteriaId":"52D09A55-B853-43B5-8397-E2AC6CD0EBBC"},{"vulnerable":true,"criteria":"cpe:2.3:a:winscp:winscp:*:*:*:*:*:*:*:*","versionEndIncluding":"5.13","matchCriteriaId":"3D0A98E2-B715-4EF5-9CF8-07500E119271"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","matchCriteriaId":"B5A6F2F3-4894-4392-8296-3B8DD2679084"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","matchCriteriaId":"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","matchCriteriaId":"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","matchCriteriaId":"07C312A0-CD2C-4B9C-B064-6409B25C278F"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*","matchCriteriaId":"85DF4B3F-4BBC-42B7-B729-096934523D63"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:ontap_select_deploy:-:*:*:*:*:*:*:*","matchCriteriaId":"7E968916-8CE0-4165-851F-14E37ECEA948"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*","matchCriteriaId":"7B7A6697-98CC-4E36-93DB-B7160F8399F9"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*","matchCriteriaId":"97A4B8DF-58DA-4AB6-A1F9-331B36409BA3"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*","matchCriteriaId":"92BC9265-6959-4D37-BE5E-8C45E98992F8"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*","matchCriteriaId":"831F0F47-3565-4763-B16F-C87B1FF2035E"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*","matchCriteriaId":"0E3F09B5-569F-4C58-9FCA-3C0953D107B5"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*","matchCriteriaId":"6C3741B8-851F-475D-B428-523F4F722350"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*","matchCriteriaId":"6897676D-53F9-45B3-B27F-7FF9A4C58D33"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*","matchCriteriaId":"E28F226A-CBC7-4A32-BE58-398FA5B42481"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*","matchCriteriaId":"76C24D94-834A-4E9D-8F73-624AFA99AAA2"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*","matchCriteriaId":"B09ACF2D-D83F-4A86-8185-9569605D8EE1"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*","matchCriteriaId":"AC10D919-57FD-4725-B8D2-39ECB476902F"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*","matchCriteriaId":"1272DF03-7674-4BD4-8E64-94004B195448"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:siemens:scalance_x204rna_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.2.7","matchCriteriaId":"0D3A0312-1249-4257-98F1-57E8959989C5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:siemens:scalance_x204rna:-:*:*:*:*:*:*:*","matchCriteriaId":"EA8B483F-0FD2-49F8-A86A-672A6E007949"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:siemens:scalance_x204rna_eec_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.2.7","matchCriteriaId":"FC0C9671-47BB-43CB-8906-9BC2B86B3229"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:siemens:scalance_x204rna_eec:-:*:*:*:*:*:*:*","matchCriteriaId":"C834C295-D600-44E8-9783-49A319084F5A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"xcp2361","matchCriteriaId":"271CACEB-10F5-4CA8-9C99-3274F18EE62D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*","matchCriteriaId":"983D27DE-BC89-454E-AE47-95A26A3651E2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"xcp2361","matchCriteriaId":"433EEE1B-134C-48F9-8688-23C5F1ABBF0F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*","matchCriteriaId":"5825AEE1-B668-40BD-86A9-2799430C742C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"xcp2361","matchCriteriaId":"47FFEE5C-5DAE-4FAD-9651-7983DE092120"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*","matchCriteriaId":"3DA2D526-BDCF-4A65-914A-B3BA3A0CD613"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"xcp2361","matchCriteriaId":"2FD8BD3B-C35B-4C44-B5A1-FA4646ACB374"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*","matchCriteriaId":"EE0CF40B-E5BD-4558-9321-184D58EF621D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"xcp2361","matchCriteriaId":"66D6EF49-7094-41D9-BDF5-AE5846E37418"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*","matchCriteriaId":"0F3C9C09-7B2B-4DB6-8BE0-35302ED35776"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"xcp2361","matchCriteriaId":"6593DA00-EE33-4223-BEAE-8DC629E79287"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*","matchCriteriaId":"95503CE5-1D06-4092-A60D-D310AADCAFB1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"xcp3070","matchCriteriaId":"67E048EC-4A4F-4F0A-B0B5-F234700293DA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*","matchCriteriaId":"983D27DE-BC89-454E-AE47-95A26A3651E2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"xcp3070","matchCriteriaId":"FF6FAFAE-EBA5-43D2-9CA8-ECF3DD3B285E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*","matchCriteriaId":"5825AEE1-B668-40BD-86A9-2799430C742C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"xcp3070","matchCriteriaId":"665502CB-FCC8-4619-B673-408F7190252A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*","matchCriteriaId":"3DA2D526-BDCF-4A65-914A-B3BA3A0CD613"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"xcp3070","matchCriteriaId":"483F5457-7E06-46F3-A808-194289B98AFF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*","matchCriteriaId":"EE0CF40B-E5BD-4558-9321-184D58EF621D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"xcp3070","matchCriteriaId":"D5644E3E-941A-429A-9AFB-C1023659C1C2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*","matchCriteriaId":"0F3C9C09-7B2B-4DB6-8BE0-35302ED35776"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"xcp3070","matchCriteriaId":"0C1318DD-6AF4-490D-A4AE-079BA544EF8F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*","matchCriteriaId":"95503CE5-1D06-4092-A60D-D310AADCAFB1"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html","source":"cve@mitre.org","tags":["Broken Link"]},{"url":"https://access.redhat.com/errata/RHSA-2019:3702","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201903-16","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20190213-0001/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3885-1/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2019/dsa-4387","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"]},{"url":"https://access.redhat.com/errata/RHSA-2019:3702","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201903-16","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20190213-0001/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3885-1/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2019/dsa-4387","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2019-7317","sourceIdentifier":"cve@mitre.org","published":"2019-02-04T08:29:00.447","lastModified":"2026-05-28T19:16:35.503","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute."},{"lang":"es","value":"La función png_image_free en el archivo png.c en libpng versiones 1.6.x anteriores a 1.6.37, presenta un uso de la memoria previamente liberada porque la función png_image_free_function es llamada bajo png_safe_execute."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:N/I:N/A:P","baseScore":2.6,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"LOW","exploitabilityScore":4.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*","versionStartIncluding":"1.6.0","versionEndExcluding":"1.6.37","matchCriteriaId":"078AA00A-515F-493E-A53E-FE1937FA8018"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:*:*:*:*","matchCriteriaId":"712507AC-DAB8-4FFE-9426-08282919411F"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*","matchCriteriaId":"7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","matchCriteriaId":"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","matchCriteriaId":"07C312A0-CD2C-4B9C-B064-6409B25C278F"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*","matchCriteriaId":"CD783B0C-9246-47D9-A937-6144FE8BFF0F"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.2.6.0:*:*:*:*:*:*:*","matchCriteriaId":"9C21D62F-F3DD-4E9E-B644-07CCC49F3D53"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:java_se:7u221:*:*:*:*:*:*:*","matchCriteriaId":"3999BDC1-BA77-4DBE-8041-D993BA9FF04D"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:java_se:8u212:*:*:*:*:*:*:*","matchCriteriaId":"C2B2677D-6B48-45A2-8567-AB6DB9FF1B45"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:11.0.3:*:*:*:*:*:*:*","matchCriteriaId":"EAF3DD5E-1A96-4285-84BA-EB5E31EF2516"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:12.0.1:*:*:*:*:*:*:*","matchCriteriaId":"32318CC6-B8C4-4429-BB8B-134DC202A27E"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*","versionEndExcluding":"8.0.23","matchCriteriaId":"0185E85D-2C64-4D77-BC1D-A20165D5078E"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hp:xp7_command_view:*:*:*:*:advanced:*:*:*","versionEndExcluding":"8.7.0-00","matchCriteriaId":"6B07BDE2-FE50-4C0E-9C73-6AA6C1D6C060"},{"vulnerable":true,"criteria":"cpe:2.3:a:hpe:xp7_command_view_advanced_edition_suite:*:*:*:*:*:*:*:*","versionEndExcluding":"8.7.0-00","matchCriteriaId":"BE33C1F1-DED8-424C-8942-E1A48A9EBA05"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*","matchCriteriaId":"97D4FFCF-5309-43B6-9FD5-680C6D535A7F"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:*","matchCriteriaId":"FF583CDC-DE9E-45AB-9861-CB203BFA8862"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*","matchCriteriaId":"F1E78106-58E6-4D59-990F-75DA575BFAD9"},{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","matchCriteriaId":"B620311B-34A3-48A6-82DF-6F078D7A4493"},{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*","matchCriteriaId":"5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:opensuse:package_hub:-:*:*:*:*:*:*:*","matchCriteriaId":"7B8B0B75-0DF2-4B5C-BC81-2F8E172AEE4E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*","matchCriteriaId":"CBC8B78D-1131-4F21-919D-8AC79A410FB9"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*","versionEndExcluding":"9.6","matchCriteriaId":"60429DC5-C403-41D1-9DDF-30782D012DF6"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*","versionEndExcluding":"9.6","matchCriteriaId":"95571D2E-5C83-484C-A44F-AC36972C67D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:active_iq_unified_manager:9.6:*:*:*:*:vmware_vsphere:*:*","matchCriteriaId":"3AF659DD-C4AE-4DDC-B50B-327A717EFC74"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:active_iq_unified_manager:9.6:*:*:*:*:windows:*:*","matchCriteriaId":"40E21C6E-AEDF-43E8-AA80-629C77D24DF7"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*","matchCriteriaId":"5C2089EE-5D7F-47EC-8EA5-0F69790564C4"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:vcenter:*:*","matchCriteriaId":"BADA4949-F766-4092-A6BC-1B85B5FB60FF"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:e-series_santricity_storage_manager:*:*:*:*:*:*:*:*","versionEndExcluding":"11.53","matchCriteriaId":"1FC01AF8-4A4B-4FC4-B07F-1193FEFF5A47"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:e-series_santricity_unified_manager:*:*:*:*:*:*:*:*","versionEndExcluding":"3.2","matchCriteriaId":"8557ED41-5B30-47C8-A556-6C1F6E8E227B"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:e-series_santricity_web_services:*:*:*:*:*:web_services_proxy:*:*","versionEndExcluding":"4.0","matchCriteriaId":"C7E42333-853D-4938-90EB-2A6653476357"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:oncommand_insight:*:*:*:*:*:*:*:*","versionEndExcluding":"7.3.9","matchCriteriaId":"82DC1F62-0DA2-4BB8-9AFE-4BC4366205F5"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:oncommand_workflow_automation:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1","matchCriteriaId":"2798786F-A818-4C52-BC20-0A69DB49D16A"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*","matchCriteriaId":"FFE0A9D2-9A49-4BF6-BC6F-8249162D8334"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:oracle:*:*","versionEndExcluding":"3.4.2","matchCriteriaId":"41436638-0B88-4823-8208-81C01F2CA6A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:sap:*:*","versionEndExcluding":"3.4.2","matchCriteriaId":"910F5303-1F70-44E3-A951-567447BC46FF"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:snapmanager:3.4.2:p1:*:*:*:oracle:*:*","matchCriteriaId":"1925AC26-45D4-46D5-ACDD-91E5A90977B6"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:snapmanager:3.4.2:p1:*:*:*:sap:*:*","matchCriteriaId":"9DC6435A-8369-4D18-A6EE-84E73D6AA84D"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:steelstore:-:*:*:*:*:*:*:*","matchCriteriaId":"0DF5449D-22D2-48B4-8F50-57B43DCB15B9"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*","matchCriteriaId":"F4F86C3C-B99C-44C6-97D7-163DC3F59687"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","matchCriteriaId":"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","matchCriteriaId":"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","matchCriteriaId":"33C068A4-3780-4EAB-A937-6082DF847564"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.0:*:*:*:*:*:*:*","matchCriteriaId":"D5291B60-AB52-4830-8E1A-8048A471902C"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*","matchCriteriaId":"566507B6-AC95-47F7-A3FB-C6F414E45F51"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*","matchCriteriaId":"87C21FE1-EA5C-498F-9C6C-D05F91A88217"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0:*:*:*:*:*:*:*","matchCriteriaId":"25C8B513-76C1-4184-A253-CB32F04A05BE"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*","matchCriteriaId":"1CDCFF34-6F1D-45A1-BE37-6A0E17B04801"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*","matchCriteriaId":"B4A684C7-88FD-43C4-9BDB-AE337FCBD0AB"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*","matchCriteriaId":"47811209-5CE5-4375-8391-B0A7F6A0E420"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:6.0:*:*:*:*:*:*:*","matchCriteriaId":"634C23AC-AC9C-43F4-BED8-1C720816D5E3"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*","matchCriteriaId":"37CE1DC7-72C5-483C-8921-0B462C8284D1"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","matchCriteriaId":"E5ED5807-55B7-47C5-97A6-03233F4FBC3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","matchCriteriaId":"825ECE2D-E232-46E0-A047-074B34DB1E97"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/108098","source":"cve@mitre.org","tags":["Not Applicable","Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2019:1265","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2019:1267","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2019:1269","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2019:1308","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2019:1309","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2019:1310","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2019:2494","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2019:2495","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2019:2585","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2019:2590","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2019:2592","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2019:2737","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803","source":"cve@mitre.org","tags":["Issue Tracking","Mailing List","Third Party Advisory"]},{"url":"https://github.com/glennrp/libpng/issues/275","source":"cve@mitre.org","tags":["Exploit","Issue Tracking","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://seclists.org/bugtraq/2019/Apr/30","source":"cve@mitre.org","tags":["Issue Tracking","Mailing List","Third Party Advisory"]},{"url":"https://seclists.org/bugtraq/2019/Apr/36","source":"cve@mitre.org","tags":["Issue Tracking","Mailing List","Third Party Advisory"]},{"url":"https://seclists.org/bugtraq/2019/May/56","source":"cve@mitre.org","tags":["Issue Tracking","Mailing List","Third Party Advisory"]},{"url":"https://seclists.org/bugtraq/2019/May/59","source":"cve@mitre.org","tags":["Issue Tracking","Mailing List","Third Party Advisory"]},{"url":"https://seclists.org/bugtraq/2019/May/67","source":"cve@mitre.org","tags":["Issue Tracking","Mailing List","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201908-02","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20190719-0005/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3962-1/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3991-1/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3997-1/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/4080-1/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/4083-1/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2019/dsa-4435","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2019/dsa-4448","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2019/dsa-4451","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuApr2021.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuoct2021.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/108098","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Not Applicable","Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2019:1265","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2019:1267","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2019:1269","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2019:1308","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2019:1309","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2019:1310","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2019:2494","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2019:2495","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2019:2585","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2019:2590","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2019:2592","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2019:2737","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Mailing List","Third Party Advisory"]},{"url":"https://github.com/glennrp/libpng/issues/275","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://seclists.org/bugtraq/2019/Apr/30","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Mailing List","Third Party Advisory"]},{"url":"https://seclists.org/bugtraq/2019/Apr/36","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Mailing List","Third Party Advisory"]},{"url":"https://seclists.org/bugtraq/2019/May/56","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Mailing List","Third Party Advisory"]},{"url":"https://seclists.org/bugtraq/2019/May/59","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Mailing List","Third Party Advisory"]},{"url":"https://seclists.org/bugtraq/2019/May/67","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Mailing List","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201908-02","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20190719-0005/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3962-1/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3991-1/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3997-1/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/4080-1/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/4083-1/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2019/dsa-4435","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2019/dsa-4448","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2019/dsa-4451","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuApr2021.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuoct2021.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2019-11068","sourceIdentifier":"cve@mitre.org","published":"2019-04-10T20:29:01.147","lastModified":"2026-05-28T19:16:28.143","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded."},{"lang":"es","value":"libxslt hasta la versión 1.1.33 permite omitir los mecanismos de protección debido a que los callers xsltCheckRead y xsltCheckWrite permiten acceso incluso después de recibir el código de error -1. xsltCheckRead puede devolver -1 para una URL creada que no es realmente inválida y que se carga posteriormente."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*","versionEndIncluding":"1.1.33","matchCriteriaId":"3E054BED-0DA0-4966-8B7F-E7DDFAAF892F"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*","matchCriteriaId":"8D305F7A-D159-4716-AB26-5E38BB5CD991"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","matchCriteriaId":"B5A6F2F3-4894-4392-8296-3B8DD2679084"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","matchCriteriaId":"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","matchCriteriaId":"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","matchCriteriaId":"07C312A0-CD2C-4B9C-B064-6409B25C278F"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*","matchCriteriaId":"D100F7CE-FC64-4CC6-852A-6136D72DA419"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*","matchCriteriaId":"97A4B8DF-58DA-4AB6-A1F9-331B36409BA3"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:8.0:update_221:*:*:*:*:*:*","matchCriteriaId":"8594A5FB-33D0-422E-8F32-16ECF08DB45A"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*","matchCriteriaId":"3A756737-1CC4-42C2-A4DF-E1C893B4E2D5"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*","matchCriteriaId":"B55E8D50-99B4-47EC-86F9-699B67D473CE"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*","matchCriteriaId":"5C2089EE-5D7F-47EC-8EA5-0F69790564C4"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*","matchCriteriaId":"280520BC-070C-4423-A633-E6FE45E53D57"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"11.0","versionEndIncluding":"11.70.2","matchCriteriaId":"A0DA944C-4992-424D-BC82-474585DAC5DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*","matchCriteriaId":"0D9CC59D-6182-4B5E-96B5-226FCD343916"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:e-series_santricity_unified_manager:-:*:*:*:*:*:*:*","matchCriteriaId":"BB695329-036B-447D-BEB0-AA4D89D1D99C"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:*:*:*:*:*:*:*","matchCriteriaId":"23F148EC-6D6D-4C4F-B57C-CFBCD3D32B41"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*","matchCriteriaId":"85DF4B3F-4BBC-42B7-B729-096934523D63"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*","matchCriteriaId":"A3C19813-E823-456A-B1CE-EC0684CE1953"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*","matchCriteriaId":"F1BE6C1F-2565-4E97-92AA-16563E5660A5"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*","matchCriteriaId":"5735E553-9731-4AAC-BCFF-989377F817B3"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*","matchCriteriaId":"FFE0A9D2-9A49-4BF6-BC6F-8249162D8334"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*","matchCriteriaId":"A372B177-F740-4655-865C-31777A6E140B"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*","matchCriteriaId":"64DE38C8-94F1-4860-B045-F33928F676A8"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*","matchCriteriaId":"25BBBC1A-228F-45A6-AE95-DB915EDF84BD"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*","matchCriteriaId":"A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*","matchCriteriaId":"E94F7F59-1785-493F-91A7-5F5EA5E87E4D"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*","matchCriteriaId":"F1E78106-58E6-4D59-990F-75DA575BFAD9"},{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","matchCriteriaId":"B620311B-34A3-48A6-82DF-6F078D7A4493"},{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*","matchCriteriaId":"5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00052.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00053.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2019/04/22/1","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2019/04/23/5","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2019/04/msg00016.html","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K/","source":"cve@mitre.org"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU/","source":"cve@mitre.org"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/","source":"cve@mitre.org"},{"url":"https://security.netapp.com/advisory/ntap-20191017-0001/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3947-1/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3947-2/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00052.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00053.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2019/04/22/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2019/04/23/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2019/04/msg00016.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.netapp.com/advisory/ntap-20191017-0001/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3947-1/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3947-2/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2019-6820","sourceIdentifier":"cybersecurity@se.com","published":"2019-05-22T20:29:02.137","lastModified":"2026-05-28T20:16:19.657","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A CWE-306: Missing Authentication for Critical Function vulnerability exists which could cause a modification of device IP configuration (IP address, network mask and gateway IP address) when a specific Ethernet frame is received in all versions of: Modicon M100, Modicon M200, Modicon M221, ATV IMC drive controller, Modicon M241, Modicon M251, Modicon M258, Modicon LMC058, Modicon LMC078, PacDrive Eco ,PacDrive Pro, PacDrive Pro2"},{"lang":"es","value":"Una CWE-306: Una vulnerabilidad de Falta de Autenticación para Funciones Criticas, podría generar una modificación de la configuración IP del dispositivo (dirección IP, Máscara de Red y dirección IP de Gateway) cuando se recibe una trama Ethernet específica en todas las versiones de: Modicon M100, Modicon M100, Modicon M200, Modicon M221, ATV IMC drive controller, Modicon M241, Modicon M251, Modicon M258, Modicon LMC058, Modicon LMC078, PacDrive Eco ,PacDrive Pro, PacDrive Pro2."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":4.2},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":4.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:P","baseScore":6.4,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cybersecurity@se.com","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m100_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"817B5BC0-1368-4E03-994D-DECDC0B48F0F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m100:-:*:*:*:*:*:*:*","matchCriteriaId":"3FDBB3F0-20B6-4585-AEA1-F732C83AA791"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m200_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"802A6F54-4630-4434-A9DA-FCE7634F7C73"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m200:-:*:*:*:*:*:*:*","matchCriteriaId":"A184ABF9-9C27-46AB-88DB-78246FC779AF"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m221_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"97963104-B620-4AE1-BD6C-7BF714497F78"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m221:-:*:*:*:*:*:*:*","matchCriteriaId":"BB0D83F4-B718-47AB-AFB8-B576CB138AAC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:atv_imc_drive_controller_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"7FE2A2CE-7BC0-4931-8BE7-04652B09C946"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:atv_imc_drive_controller:-:*:*:*:*:*:*:*","matchCriteriaId":"57573EFC-AB9E-419F-872A-6ADD8B37F442"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m241_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"363D8E9E-0169-472F-A891-EF2E7D329EA2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m241:-:*:*:*:*:*:*:*","matchCriteriaId":"4D8FD9D9-F59F-470E-9F7F-CDDD80B0633C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m251_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"FB11232E-0DC2-436F-985A-94BCE6A4F6D4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m251:-:*:*:*:*:*:*:*","matchCriteriaId":"B8E03A25-B0B6-4BA2-80BC-52C16A6837E0"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m258_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"686716B7-1C82-483C-A62F-A33F7C5BF32F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m258:-:*:*:*:*:*:*:*","matchCriteriaId":"FFBF6514-3E32-4C8E-81BA-D6464824351F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_lmc058_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"3B05FDCA-D7FB-4931-B058-377B20E1BB1A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_lmc058:-:*:*:*:*:*:*:*","matchCriteriaId":"0DFCD3D7-B85B-4C9E-B80C-B83B017183AA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_lmc078_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"E3B708EF-CE06-4106-BBF5-7C6AB4DC2E52"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_lmc078:-:*:*:*:*:*:*:*","matchCriteriaId":"5AB930E4-9CDF-4654-9E6B-47DA57D3B9F7"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:pacdrive_eco_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"005A6DF2-9D8A-4695-B9C6-8DDD45F20E15"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:pacdrive_eco:-:*:*:*:*:*:*:*","matchCriteriaId":"0CDD4503-8104-4C7A-B54B-EF8139B714A2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:pacdrive_pro_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"7BD42FBA-6F30-46BF-BFA0-29D78E527442"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:pacdrive_pro:-:*:*:*:*:*:*:*","matchCriteriaId":"F534F841-A24A-4766-8F35-3FC7CE0730A7"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:pacdrive_pro2_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"C30BF73E-F384-4E42-AD73-9F412949DF2D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:pacdrive_pro2:-:*:*:*:*:*:*:*","matchCriteriaId":"0B3D97BB-BD99-4721-8295-2289FB3028A8"}]}]}],"references":[{"url":"https://www.schneider-electric.com/en/download/document/SEVD-2019-134-02/","source":"cybersecurity@se.com","tags":["Vendor Advisory"]},{"url":"https://www.schneider-electric.com/en/download/document/SEVD-2019-134-02/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2019-11091","sourceIdentifier":"secure@intel.com","published":"2019-05-30T16:29:01.417","lastModified":"2026-05-28T19:16:28.573","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf"},{"lang":"es","value":"En Microarchitectural Data Sampling Uncacheable Memory (MDSUM): La memoria no almacenable en algunos microprocesadores que utilizan ejecución especulativa puede permitir a un usuario autenticado activar potencialmente la divulgación de información por medio de un canal lateral con acceso local. Puede encontrar una lista de los productos impactados aquí: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":5.6,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.1,"impactScore":4.0}],"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":5.6,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.1,"impactScore":4.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:C/I:N/A:N","baseScore":4.7,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":3.4,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:microarchitectural_data_sampling_uncacheable_memory_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"6B28D458-E322-4CCE-9E5C-D56E9FF70198"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:microarchitectural_data_sampling_uncacheable_memory:-:*:*:*:*:*:*:*","matchCriteriaId":"74BFF53A-9A81-48DD-B69D-ADF88EBD9835"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*","matchCriteriaId":"D100F7CE-FC64-4CC6-852A-6136D72DA419"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html","source":"secure@intel.com"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html","source":"secure@intel.com"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html","source":"secure@intel.com"},{"url":"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt","source":"secure@intel.com"},{"url":"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en","source":"secure@intel.com"},{"url":"https://access.redhat.com/errata/RHSA-2019:1455","source":"secure@intel.com"},{"url":"https://access.redhat.com/errata/RHSA-2019:2553","source":"secure@intel.com"},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf","source":"secure@intel.com"},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf","source":"secure@intel.com"},{"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10292","source":"secure@intel.com"},{"url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html","source":"secure@intel.com"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/","source":"secure@intel.com"},{"url":"https://seclists.org/bugtraq/2019/Jun/28","source":"secure@intel.com"},{"url":"https://seclists.org/bugtraq/2019/Jun/36","source":"secure@intel.com"},{"url":"https://seclists.org/bugtraq/2019/Nov/15","source":"secure@intel.com"},{"url":"https://seclists.org/bugtraq/2020/Jan/21","source":"secure@intel.com"},{"url":"https://security.gentoo.org/glsa/202003-56","source":"secure@intel.com"},{"url":"https://usn.ubuntu.com/3977-3/","source":"secure@intel.com"},{"url":"https://www.debian.org/security/2020/dsa-4602","source":"secure@intel.com"},{"url":"https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc","source":"secure@intel.com"},{"url":"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html","source":"secure@intel.com","tags":["Vendor Advisory"]},{"url":"https://www.synology.com/security/advisory/Synology_SA_19_24","source":"secure@intel.com"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2019:1455","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2019:2553","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10292","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://seclists.org/bugtraq/2019/Jun/28","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://seclists.org/bugtraq/2019/Jun/36","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://seclists.org/bugtraq/2019/Nov/15","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://seclists.org/bugtraq/2020/Jan/21","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/202003-56","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://usn.ubuntu.com/3977-3/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.debian.org/security/2020/dsa-4602","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.synology.com/security/advisory/Synology_SA_19_24","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2019-13117","sourceIdentifier":"cve@mitre.org","published":"2019-07-01T02:15:09.737","lastModified":"2026-05-28T19:16:29.543","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character."},{"lang":"es","value":"En el archivo numbers.c en libxslt versión 1.1.33, un xsl:number con ciertas cadenas de formato conllevaría a una lectura no inicializada en la función xsltNumberFormatInsertNumbers. Esto podría permitir a un atacante discernir si un byte en la pila contiene los caracteres A, a, I, i o 0, o cualquier otro carácter."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-908"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-908"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:xmlsoft:libxslt:1.1.33:*:*:*:*:*:*:*","matchCriteriaId":"BBF9724E-ED48-45EB-92DF-1223ECF12693"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*","matchCriteriaId":"CB66DB75-2B16-4EBF-9B93-CE49D8086E41"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*","matchCriteriaId":"815D70A8-47D3-459C-A32C-9FEACA0659D1"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*","matchCriteriaId":"7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","matchCriteriaId":"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*","matchCriteriaId":"CD783B0C-9246-47D9-A937-6144FE8BFF0F"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*","matchCriteriaId":"A31C8344-3E02-4EB8-8BD8-4C84B7959624"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*","matchCriteriaId":"80F0FA5D-8D3B-4C0E-81E2-87998286AF33"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","matchCriteriaId":"B620311B-34A3-48A6-82DF-6F078D7A4493"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*","matchCriteriaId":"12A3F367-33AD-47C3-BFDC-871A17E72C94"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2019/11/17/2","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471","source":"cve@mitre.org","tags":["Issue Tracking","Mailing List","Third Party Advisory"]},{"url":"https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E","source":"cve@mitre.org"},{"url":"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E","source":"cve@mitre.org"},{"url":"https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/","source":"cve@mitre.org"},{"url":"https://oss-fuzz.com/testcase-detail/5631739747106816","source":"cve@mitre.org","tags":["Permissions Required"]},{"url":"https://security.netapp.com/advisory/ntap-20190806-0004/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20200122-0003/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/4164-1/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujan2020.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2019/11/17/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Mailing List","Third Party Advisory"]},{"url":"https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://oss-fuzz.com/testcase-detail/5631739747106816","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Permissions Required"]},{"url":"https://security.netapp.com/advisory/ntap-20190806-0004/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20200122-0003/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/4164-1/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujan2020.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2019-13118","sourceIdentifier":"cve@mitre.org","published":"2019-07-01T02:15:09.800","lastModified":"2026-05-28T19:16:29.950","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data."},{"lang":"es","value":"En el archivo numbers.c en libxslt versión 1.1.33, un tipo que contiene caracteres de agrupación de una instrucción xsl:number era demasiado estrecho y una combinación de carácter/longitud no válida se podía ser pasada a la función xsltNumberFormatDecimal, conllevando a una lectura de los datos de pila no inicializados."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-843"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-843"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:xmlsoft:libxslt:1.1.33:*:*:*:*:*:*:*","matchCriteriaId":"BBF9724E-ED48-45EB-92DF-1223ECF12693"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","matchCriteriaId":"B620311B-34A3-48A6-82DF-6F078D7A4493"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*","matchCriteriaId":"3A756737-1CC4-42C2-A4DF-E1C893B4E2D5"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*","matchCriteriaId":"B55E8D50-99B4-47EC-86F9-699B67D473CE"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*","matchCriteriaId":"5C2089EE-5D7F-47EC-8EA5-0F69790564C4"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*","matchCriteriaId":"1FE996B1-6951-4F85-AA58-B99A379D2163"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*","matchCriteriaId":"24B8DB06-590A-4008-B0AB-FCD1401C77C6"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*","matchCriteriaId":"280520BC-070C-4423-A633-E6FE45E53D57"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"11.0","versionEndIncluding":"11.50.2","matchCriteriaId":"433D435D-13D0-4EAA-ACD9-DD88DA712D00"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*","matchCriteriaId":"0D9CC59D-6182-4B5E-96B5-226FCD343916"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*","matchCriteriaId":"1AEFF829-A8F2-4041-8DDF-E705DB3ADED2"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*","matchCriteriaId":"F1BE6C1F-2565-4E97-92AA-16563E5660A5"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*","matchCriteriaId":"5735E553-9731-4AAC-BCFF-989377F817B3"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*","matchCriteriaId":"E7CF3019-975D-40BB-A8A4-894E62BD3797"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*","matchCriteriaId":"FFE0A9D2-9A49-4BF6-BC6F-8249162D8334"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*","matchCriteriaId":"A372B177-F740-4655-865C-31777A6E140B"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*","matchCriteriaId":"E94F7F59-1785-493F-91A7-5F5EA5E87E4D"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.8.0:update231:*:*:*:*:*:*","matchCriteriaId":"8836399B-AA1F-45DB-A423-B41A93A14281"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*","matchCriteriaId":"80F0FA5D-8D3B-4C0E-81E2-87998286AF33"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*","matchCriteriaId":"CB66DB75-2B16-4EBF-9B93-CE49D8086E41"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*","matchCriteriaId":"815D70A8-47D3-459C-A32C-9FEACA0659D1"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*","matchCriteriaId":"7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","matchCriteriaId":"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*","matchCriteriaId":"CD783B0C-9246-47D9-A937-6144FE8BFF0F"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*","matchCriteriaId":"A31C8344-3E02-4EB8-8BD8-4C84B7959624"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*","versionEndExcluding":"7.13","matchCriteriaId":"086B8913-51FE-4FCA-AB2C-47541F2C3252"},{"vulnerable":true,"criteria":"cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*","versionStartIncluding":"10.0","versionEndExcluding":"10.6","matchCriteriaId":"71143206-77A6-4B8F-964B-FD4E00C1AE60"},{"vulnerable":true,"criteria":"cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*","versionEndExcluding":"12.9.6","matchCriteriaId":"F3310BC8-34F6-4C8A-B6B8-FCEB9033902B"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndExcluding":"12.4","matchCriteriaId":"78127EE5-23FE-4C66-B7EE-2CF3E19F0503"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:10.12.6:security_update_2019-001:*:*:*:*:*:*","matchCriteriaId":"4353B3DF-2371-4A6F-9FF8-2CC3EF7DC4F6"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:10.12.6:security_update_2019-002:*:*:*:*:*:*","matchCriteriaId":"A0334DC1-4D8C-448C-84B3-310499118B44"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:10.12.6:security_update_2019-003:*:*:*:*:*:*","matchCriteriaId":"F80F3626-D093-45F4-80A1-3DB1EC94E0F2"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-001:*:*:*:*:*:*","matchCriteriaId":"754A2DF4-8724-4448-A2AB-AC5442029CB7"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-002:*:*:*:*:*:*","matchCriteriaId":"D392C777-1949-4920-B459-D083228E4688"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-003:*:*:*:*:*:*","matchCriteriaId":"68B0A232-F2A4-4B87-99EB-3A532DFA87DA"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*","versionStartIncluding":"10.4.6","versionEndExcluding":"10.14.6","matchCriteriaId":"2DABA4F3-D814-4190-BDD7-C2F3DBBD9E1A"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*","versionEndExcluding":"12.4","matchCriteriaId":"AC281794-DEC0-4C8A-8B92-F8E5D8785EF6"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2019/Aug/11","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2019/Aug/13","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2019/Aug/14","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2019/Aug/15","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2019/Jul/22","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2019/Jul/23","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2019/Jul/24","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2019/Jul/26","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2019/Jul/31","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2019/Jul/37","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2019/Jul/38","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2019/11/17/2","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069","source":"cve@mitre.org","tags":["Permissions Required"]},{"url":"https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E","source":"cve@mitre.org"},{"url":"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E","source":"cve@mitre.org"},{"url":"https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/","source":"cve@mitre.org"},{"url":"https://oss-fuzz.com/testcase-detail/5197371471822848","source":"cve@mitre.org","tags":["Permissions Required"]},{"url":"https://seclists.org/bugtraq/2019/Aug/21","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://seclists.org/bugtraq/2019/Aug/22","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://seclists.org/bugtraq/2019/Aug/23","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://seclists.org/bugtraq/2019/Aug/25","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://seclists.org/bugtraq/2019/Jul/35","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://seclists.org/bugtraq/2019/Jul/36","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://seclists.org/bugtraq/2019/Jul/37","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://seclists.org/bugtraq/2019/Jul/40","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://seclists.org/bugtraq/2019/Jul/41","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://seclists.org/bugtraq/2019/Jul/42","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20190806-0004/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20200122-0003/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://support.apple.com/kb/HT210346","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://support.apple.com/kb/HT210348","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://support.apple.com/kb/HT210351","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://support.apple.com/kb/HT210353","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://support.apple.com/kb/HT210356","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://support.apple.com/kb/HT210357","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://support.apple.com/kb/HT210358","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/4164-1/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujan2020.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2019/Aug/11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2019/Aug/13","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2019/Aug/14","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2019/Aug/15","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2019/Jul/22","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2019/Jul/23","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2019/Jul/24","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2019/Jul/26","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2019/Jul/31","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2019/Jul/37","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2019/Jul/38","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2019/11/17/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Permissions Required"]},{"url":"https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://oss-fuzz.com/testcase-detail/5197371471822848","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Permissions Required"]},{"url":"https://seclists.org/bugtraq/2019/Aug/21","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://seclists.org/bugtraq/2019/Aug/22","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://seclists.org/bugtraq/2019/Aug/23","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://seclists.org/bugtraq/2019/Aug/25","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://seclists.org/bugtraq/2019/Jul/35","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://seclists.org/bugtraq/2019/Jul/36","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://seclists.org/bugtraq/2019/Jul/37","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://seclists.org/bugtraq/2019/Jul/40","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://seclists.org/bugtraq/2019/Jul/41","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://seclists.org/bugtraq/2019/Jul/42","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20190806-0004/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20200122-0003/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://support.apple.com/kb/HT210346","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://support.apple.com/kb/HT210348","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://support.apple.com/kb/HT210351","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://support.apple.com/kb/HT210353","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://support.apple.com/kb/HT210356","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://support.apple.com/kb/HT210357","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://support.apple.com/kb/HT210358","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/4164-1/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujan2020.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2019-15213","sourceIdentifier":"cve@mitre.org","published":"2019-08-19T22:15:11.253","lastModified":"2026-05-28T19:16:30.633","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver."},{"lang":"es","value":"Se descubrió un problema en el kernel de Linux versiones anteriores a 5.2.3. Se presenta un uso de memoria previamente liberada causado por un dispositivo USB malicioso en el controlador drivers/media/usb/dvb-usb/dvb-usb-init.c."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":0.9,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":0.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:N/A:C","baseScore":4.9,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"5.2.3","matchCriteriaId":"38844317-DEDF-4600-BA0E-C7D28D8EC200"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*","matchCriteriaId":"CDDF61B7-EC5C-467C-B710-B89F502CD04F"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*","matchCriteriaId":"3A756737-1CC4-42C2-A4DF-E1C893B4E2D5"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*","matchCriteriaId":"0EF46487-B64A-454E-AECC-D74B83170ACD"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*","matchCriteriaId":"D6D700C5-F67F-4FFB-BE69-D524592A3D2E"},{"vulnerable":true,"criteria":"cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*","matchCriteriaId":"090AA6F4-4404-4E26-82AB-C3A22636F276"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","matchCriteriaId":"B620311B-34A3-48A6-82DF-6F078D7A4493"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2019/08/20/2","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.3","source":"cve@mitre.org","tags":["Release Notes"]},{"url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6cf97230cd5f36b7665099083272595c55d72be7","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://security.netapp.com/advisory/ntap-20190905-0002/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://syzkaller.appspot.com/bug?id=a53c9c9dd2981bfdbfbcbc1ddbd35595eda8bced","source":"cve@mitre.org","tags":["Exploit"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2019/08/20/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes"]},{"url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6cf97230cd5f36b7665099083272595c55d72be7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://security.netapp.com/advisory/ntap-20190905-0002/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://syzkaller.appspot.com/bug?id=a53c9c9dd2981bfdbfbcbc1ddbd35595eda8bced","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]}]}},{"cve":{"id":"CVE-2019-16168","sourceIdentifier":"cve@mitre.org","published":"2019-09-09T17:15:13.910","lastModified":"2026-05-28T19:16:30.950","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a \"severe division by zero in the query planner.\""},{"lang":"es","value":"En SQLite versiones hasta 3.29.0, la función whereLoopAddBtreeIndex en el archivo sqlite3.c puede bloquear un navegador u otra aplicación debido a la falta de comprobación de un campo sqlite_stat1 sz, también se conoce como \"severe division by zero in the query planner.\"."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-369"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-369"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8.5","versionEndIncluding":"3.29.0","matchCriteriaId":"199DADF1-CA17-4BA1-B94D-251AD1F5FB63"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*","versionStartIncluding":"7.3","matchCriteriaId":"BD075607-09B7-493E-8611-66D041FFDA62"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*","versionStartIncluding":"9.5","matchCriteriaId":"0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"11.0.0","versionEndIncluding":"11.60.3","matchCriteriaId":"BD1E9594-C46F-40D1-8BC2-6B16635B55C4"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*","matchCriteriaId":"F1BE6C1F-2565-4E97-92AA-16563E5660A5"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*","matchCriteriaId":"5735E553-9731-4AAC-BCFF-989377F817B3"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*","matchCriteriaId":"E7CF3019-975D-40BB-A8A4-894E62BD3797"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*","matchCriteriaId":"A372B177-F740-4655-865C-31777A6E140B"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*","matchCriteriaId":"E94F7F59-1785-493F-91A7-5F5EA5E87E4D"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:*:*:*:*","matchCriteriaId":"1F3EFED2-F6BC-46D9-AB22-D5ED87EF4549"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","matchCriteriaId":"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","matchCriteriaId":"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*","matchCriteriaId":"CD783B0C-9246-47D9-A937-6144FE8BFF0F"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*","matchCriteriaId":"A31C8344-3E02-4EB8-8BD8-4C84B7959624"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*","matchCriteriaId":"97A4B8DF-58DA-4AB6-A1F9-331B36409BA3"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tenable:nessus_agent:*:*:*:*:*:*:*:*","versionEndIncluding":"8.2.3","matchCriteriaId":"AE953762-7CCA-4EF3-BAE1-4F04F5BB22E3"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_design_studio:7.3.4.3.0:*:*:*:*:*:*:*","matchCriteriaId":"313F42E5-1BBB-4773-A153-B114C3FDF701"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_design_studio:7.3.5.5.0:*:*:*:*:*:*:*","matchCriteriaId":"AC75FE72-6C3F-428E-9C9A-60982455238B"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_design_studio:7.4.0.4.0:*:*:*:*:*:*:*","matchCriteriaId":"B370B017-2E3B-438B-86B9-EEF70E3A5D3A"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.8.0:update231:*:*:*:*:*:*","matchCriteriaId":"8836399B-AA1F-45DB-A423-B41A93A14281"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.8.0:update231:*:*:*:*:*:*","matchCriteriaId":"45E3A969-BFC2-45E2-B301-813E9335FC5D"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0","versionEndIncluding":"8.0.18","matchCriteriaId":"42EEFA46-41D0-402B-AD80-85345913DF32"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:outside_in_technology:8.5.4:*:*:*:*:*:*:*","matchCriteriaId":"72F1A960-EBA5-4BDB-B629-20F0D2384562"},{"vulnerable":true,"criteria":"cpe:2.3:o:oracle:solaris:11:*:*:*:*:*:*:*","matchCriteriaId":"8E8C192B-8044-4BF9-9F1F-57371FC0E8FD"},{"vulnerable":true,"criteria":"cpe:2.3:o:oracle:zfs_storage_appliance:8.8:*:*:*:*:*:*:*","matchCriteriaId":"18096778-19E1-434F-BD96-A9FBF11A8C81"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mcafee:policy_auditor:*:*:*:*:*:*:*:*","versionEndExcluding":"6.5.1","matchCriteriaId":"CB739B3A-20BB-4118-82DD-7ACFE5881FE2"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00032.html","source":"cve@mitre.org","tags":["Broken Link"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00033.html","source":"cve@mitre.org","tags":["Broken Link"]},{"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10365","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XZARJHJJDBHI7CE5PZEBXS5HKK6HXKW2/","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/202003-16","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20190926-0003/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20200122-0003/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/4205-1/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg116312.html","source":"cve@mitre.org"},{"url":"https://www.oracle.com/security-alerts/cpuapr2020.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujan2020.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.sqlite.org/src/info/e4598ecbdd18bd82945f6029013296690e719a62","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://www.sqlite.org/src/timeline?c=98357d8c1263920b","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://www.tenable.com/security/tns-2021-08","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.tenable.com/security/tns-2021-11","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.tenable.com/security/tns-2021-14","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00032.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00033.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"]},{"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10365","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XZARJHJJDBHI7CE5PZEBXS5HKK6HXKW2/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/202003-16","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20190926-0003/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20200122-0003/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/4205-1/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg116312.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.oracle.com/security-alerts/cpuapr2020.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujan2020.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.sqlite.org/src/info/e4598ecbdd18bd82945f6029013296690e719a62","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.sqlite.org/src/timeline?c=98357d8c1263920b","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://www.tenable.com/security/tns-2021-08","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.tenable.com/security/tns-2021-11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.tenable.com/security/tns-2021-14","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2019-16230","sourceIdentifier":"cve@mitre.org","published":"2019-09-11T16:15:11.130","lastModified":"2026-05-28T19:16:31.410","vulnStatus":"Modified","cveTags":[{"sourceIdentifier":"cve@mitre.org","tags":["disputed"]}],"descriptions":[{"lang":"en","value":"drivers/gpu/drm/radeon/radeon_display.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. NOTE: A third-party software maintainer states that the work queue allocation is happening during device initialization, which for a graphics card occurs during boot. It is not attacker controllable and OOM at that time is highly unlikely"},{"lang":"es","value":"** EN DISPUTA** drivers / gpu / drm / radeon / radeon_display.c en el kernel de Linux 5.2.14 no comprueba el valor de retorno alloc_workqueue, lo que lleva a una desreferencia de puntero NULL. NOTA: Un responsable de mantenimiento de software de terceros declara que la asignación de la cola de trabajo ocurre durante la inicialización del dispositivo, lo que ocurre para una tarjeta gráfica durante el arranque. No es controlable por el atacante y OOM en ese momento es altamente improbable."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:N/I:N/A:C","baseScore":4.7,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":3.4,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.2.14:*:*:*:*:*:*:*","matchCriteriaId":"C324614A-D986-40EF-A933-4CD401A10B30"}]}]}],"references":[{"url":"https://bugzilla.suse.com/show_bug.cgi?id=1150468","source":"cve@mitre.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://lkml.org/lkml/2019/9/9/487","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20191004-0001/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://bugzilla.suse.com/show_bug.cgi?id=1150468","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://lkml.org/lkml/2019/9/9/487","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20191004-0001/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2019-18197","sourceIdentifier":"cve@mitre.org","published":"2019-10-18T21:15:10.793","lastModified":"2026-05-28T19:16:33.373","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed."},{"lang":"es","value":"En la función xsltCopyText en el archivo transform.c en libxslt versión 1.1.33, una variable de puntero no se restablece bajo determinadas circunstancias. Si el área de memoria relevante se liberó y reutilizó de cierta manera, una comprobación de límites podría fallar y podría escribirse la memoria fuera de un búfer o podrían divulgarse datos no inicializados."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:P/I:P/A:P","baseScore":5.1,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":4.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"},{"lang":"en","value":"CWE-908"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-416"},{"lang":"en","value":"CWE-908"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:xmlsoft:libxslt:1.1.33:*:*:*:*:*:*:*","matchCriteriaId":"BBF9724E-ED48-45EB-92DF-1223ECF12693"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*","matchCriteriaId":"8D305F7A-D159-4716-AB26-5E38BB5CD991"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*","matchCriteriaId":"815D70A8-47D3-459C-A32C-9FEACA0659D1"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","matchCriteriaId":"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","matchCriteriaId":"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*","matchCriteriaId":"CD783B0C-9246-47D9-A937-6144FE8BFF0F"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*","matchCriteriaId":"A31C8344-3E02-4EB8-8BD8-4C84B7959624"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html","source":"cve@mitre.org"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","source":"cve@mitre.org"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","source":"cve@mitre.org"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2019/11/17/2","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2020:0514","source":"cve@mitre.org"},{"url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746","source":"cve@mitre.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768","source":"cve@mitre.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914","source":"cve@mitre.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2019/10/msg00037.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20191031-0004/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20200416-0004/","source":"cve@mitre.org"},{"url":"https://usn.ubuntu.com/4164-1/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuapr2020.html","source":"cve@mitre.org"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2019/11/17/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2020:0514","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2019/10/msg00037.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20191031-0004/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20200416-0004/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://usn.ubuntu.com/4164-1/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuapr2020.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2019-11135","sourceIdentifier":"secure@intel.com","published":"2019-11-14T19:15:13.113","lastModified":"2026-05-28T19:16:28.927","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access."},{"lang":"es","value":"Una condición de tipo TSX Asynchronous Abort en algunas CPU que utilizan ejecución especulativa puede habilitar a un usuario autenticado para permitir potencialmente una divulgación de información por medio de un canal lateral con acceso local."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.0,"impactScore":4.0},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.0,"impactScore":4.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*","matchCriteriaId":"F1E78106-58E6-4D59-990F-75DA575BFAD9"},{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","matchCriteriaId":"B620311B-34A3-48A6-82DF-6F078D7A4493"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*","matchCriteriaId":"97A4B8DF-58DA-4AB6-A1F9-331B36409BA3"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*","matchCriteriaId":"80F0FA5D-8D3B-4C0E-81E2-87998286AF33"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:slackware:slackware:14.2:*:*:*:*:*:*:*","matchCriteriaId":"92A1C406-4737-463F-BB57-FAC6C8D2F2E5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:apollo_4200_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.20","matchCriteriaId":"C3CEC11E-34BC-48D3-8CA4-BC5C2E4D9BBC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:apollo_4200:gen10:*:*:*:*:*:*:*","matchCriteriaId":"28CD6A70-DC5A-453B-9551-D79A130380E8"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:apollo_2000_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.20","matchCriteriaId":"9F402DDC-BAAC-4BE4-AB5F-8C96640CC280"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:apollo_2000:-:*:*:*:*:*:*:*","matchCriteriaId":"A9FF05F7-F7FC-4817-805B-A69B22BBEDFC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:proliant_bl460c_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.20","matchCriteriaId":"8D90D90B-821E-4A73-9B27-3AC0A6225A16"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:proliant_bl460c:gen10:*:*:*:*:*:*:*","matchCriteriaId":"BEBE6F01-0FC8-4792-A1F2-290BCC4F6FEB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:proliant_dl580_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.20","matchCriteriaId":"D79DF433-D488-4107-B193-46686559968E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:proliant_dl580:gen10:*:*:*:*:*:*:*","matchCriteriaId":"A85D585D-3324-420F-BE09-1BB656510DFB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:proliant_dl560_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.20","matchCriteriaId":"D736B2EC-E017-40A7-AEF0-F03F40CBD942"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:proliant_dl560:gen10:*:*:*:*:*:*:*","matchCriteriaId":"57437358-2BB2-40B2-B6C7-A184E0989040"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:proliant_dl380_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.20","matchCriteriaId":"2D377C96-3076-4EA0-BCAA-CC7420A068FE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:proliant_dl380:gen10:*:*:*:*:*:*:*","matchCriteriaId":"B7125071-68F6-4832-BED4-2005A6BB34CC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:proliant_dl360_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.20","matchCriteriaId":"3FC37A3E-57D5-473C-9467-3F63C2E7751E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:proliant_dl360:gen10:*:*:*:*:*:*:*","matchCriteriaId":"1E243D38-0202-4198-90F4-3D55ADB46F2B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:proliant_dl180_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.20","matchCriteriaId":"AF4FBC54-0557-442F-8DF2-6A67638063BB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:proliant_dl180:gen10:*:*:*:*:*:*:*","matchCriteriaId":"134B7262-F1BA-4D09-A44F-25C8CF5970BE"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:proliant_dl160_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.20","matchCriteriaId":"A09C6807-228E-485B-A1E2-0D07106D0E75"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:proliant_dl160:gen10:*:*:*:*:*:*:*","matchCriteriaId":"D1F0C75D-049E-4C1D-8B2D-FE728DC17D3E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:proliant_dl120_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.20","matchCriteriaId":"7BA6B1D6-816A-4603-B7A4-2EB2C8573D98"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:proliant_dl120:gen10:*:*:*:*:*:*:*","matchCriteriaId":"B66CA53C-E0DD-4AEE-ABDD-2E72795FE50B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:proliant_dl20_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.10","matchCriteriaId":"23C4F525-5AAB-4215-9A3D-0EF42ADCF470"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:proliant_dl20:gen10:*:*:*:*:*:*:*","matchCriteriaId":"CECC4A42-31FB-4353-B436-F9658BB1A525"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:proliant_ml350_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.20","matchCriteriaId":"DCAE30BC-B101-4350-B268-61CBF41000BD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:proliant_ml350:gen10:*:*:*:*:*:*:*","matchCriteriaId":"45915CF8-D93A-4AF1-B4F8-83603B4F38F7"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:proliant_ml110_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.20","matchCriteriaId":"B46B4176-7B49-40E4-96D2-DDF13917E9E1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:proliant_ml110:gen10:*:*:*:*:*:*:*","matchCriteriaId":"E8273537-FAC9-4E1E-9D04-EEB20A0160F0"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:proliant_ml30_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.10","matchCriteriaId":"A41EE882-6975-4A42-A861-E9A86D1AB1D9"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:proliant_ml30:gen10:*:*:*:*:*:*:*","matchCriteriaId":"84E46134-6B1D-4FD5-B86A-721B7035DC58"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:proliant_xl450_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.20","matchCriteriaId":"D5B63F2C-66A6-439A-A931-79B17894B1E0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:proliant_xl450:gen10:*:*:*:*:*:*:*","matchCriteriaId":"B71F8154-1816-4289-B466-6CE56A4F336A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:proliant_xl270d_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.20","matchCriteriaId":"72B3E5C1-8F87-4B70-8DB0-FBDC6C50D01E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:proliant_xl270d:gen10:*:*:*:*:*:*:*","matchCriteriaId":"13F75491-BE42-4A2C-9BD2-A041EA7BA893"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:proliant_xl230k_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.20","matchCriteriaId":"D46BAB31-57E8-4382-B208-DB8B7BF17E57"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:proliant_xl230k:gen10:*:*:*:*:*:*:*","matchCriteriaId":"CE4E1276-FE6B-4E1B-BFDC-E104AD766DEC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:proliant_xl190r_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.20","matchCriteriaId":"7867023B-EDFA-4E1E-8EFD-D351855F9C56"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:proliant_xl190r:gen10:*:*:*:*:*:*:*","matchCriteriaId":"FFF2E8DC-BE8B-4BA0-B25A-46B6D950AF8A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:proliant_xl170r_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.20","matchCriteriaId":"01244BE2-B003-4474-A2A7-57DF9760A5EB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:proliant_xl170r:gen10:*:*:*:*:*:*:*","matchCriteriaId":"701CA686-2167-45B8-8795-265B80547608"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:synergy_480_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.20","matchCriteriaId":"575B564D-D52C-4194-843D-3F14FEC199E4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:synergy_480:gen10:*:*:*:*:*:*:*","matchCriteriaId":"1D953D08-A1BA-49D0-ADB9-2A032E5C96A3"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:synergy_660_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.20","matchCriteriaId":"96685483-7716-4227-8ADC-D42150E33814"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:synergy_660:gen10:*:*:*:*:*:*:*","matchCriteriaId":"B6B0989B-8548-4902-90E6-294FA5AB768E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:proliant_e910_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.20","matchCriteriaId":"CA7706E3-68D3-4DD6-A3AE-748B1158995C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:proliant_e910:-:*:*:*:*:*:*:*","matchCriteriaId":"236284B7-DC2E-40F8-A265-EE91469ADD9C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:core_i7-10510y_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"27E24442-6697-4D2D-9515-43E4370474B4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:core_i7-10510y:-:*:*:*:*:*:*:*","matchCriteriaId":"FD97F84B-ED73-4FFD-8634-10631FEE03EA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:core_i5-10310y_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"95BC9762-7F9A-483A-8C20-94481FD54000"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:core_i5-10310y:-:*:*:*:*:*:*:*","matchCriteriaId":"C8515D29-3823-4F9B-9578-8BB52336A2A7"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:core_i5-10210y_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"4D188A7A-9456-4535-A230-C16033A22F21"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:core_i5-10210y:-:*:*:*:*:*:*:*","matchCriteriaId":"376B6DD7-1284-4BD9-88A4-5C34303CC5D1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:core_i5-10110y_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"F130A798-2FCC-43DB-9A42-367C4BB580E4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:core_i5-10110y:-:*:*:*:*:*:*:*","matchCriteriaId":"62BFF15A-0C78-45BC-8E71-EDF624AC162D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:core_i7-8500y_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"2495E71F-8DE8-482E-A903-FA00E9A3C697"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:core_i7-8500y:-:*:*:*:*:*:*:*","matchCriteriaId":"957F3AC9-D071-4932-B2C9-1643FB78BC7A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:core_i5-8310y_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"2CE8EAB7-E619-4140-9FF2-F01DD57DD286"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:core_i5-8310y:-:*:*:*:*:*:*:*","matchCriteriaId":"71294A32-F3DD-45EA-A0FC-C3EA0351FA29"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:core_i5-8210y_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"813C2CF3-2370-4FC9-86F1-85FA6597EDA6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:core_i5-8210y:-:*:*:*:*:*:*:*","matchCriteriaId":"6E62309E-1071-4569-8C9A-11748D629CAB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:core_i5-8200y_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"E9C3DCA2-6087-4286-A84A-6091149083C9"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:core_i5-8200y:-:*:*:*:*:*:*:*","matchCriteriaId":"2AC12E92-33CB-4603-AC14-3351CE1D4E3A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:core_m3-8100y_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"E600C57D-AF4C-44F2-B1FB-E6B7D6CBE58F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:core_m3-8100y:-:*:*:*:*:*:*:*","matchCriteriaId":"E5AFFC8B-3AC1-49B4-9A73-18A3EC928591"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_8253_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"D927F922-CAA0-4704-BA73-064AFAC3A7F8"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_8253:-:*:*:*:*:*:*:*","matchCriteriaId":"0BF2BB51-3C3C-470E-8D2B-4DF68BABD783"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_8256_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"0F98BA9B-65E5-4D65-8606-692D3141C779"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_8256:-:*:*:*:*:*:*:*","matchCriteriaId":"D29BE6E2-3F84-4D59-9081-5D496F3CAA88"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_8260_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"7A6DD2CE-76B9-4197-B097-F62678B870FC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_8260:-:*:*:*:*:*:*:*","matchCriteriaId":"11AEDC86-EF7D-4770-A77C-C8D1945A3452"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_8260l_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"48A16123-A5D2-49A6-8DBB-C739B58CD8C0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_8260l:-:*:*:*:*:*:*:*","matchCriteriaId":"F986CC11-55A4-494C-BCB9-8DA8DAB8933C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_8260m_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"9651F3F9-CC5C-464B-A6D7-2F2FC8D32036"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_8260m:-:*:*:*:*:*:*:*","matchCriteriaId":"6F294F87-6173-4EA5-B58B-85F4F3FC9A82"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_8260y_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"BF361B23-A0FB-4188-9397-227C040E0716"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_8260y:-:*:*:*:*:*:*:*","matchCriteriaId":"ADB582F2-85D7-4E14-B915-2C1D32775122"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_8268_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"F9AE46C6-610D-48BE-9D77-47BEE8254D62"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_8268:-:*:*:*:*:*:*:*","matchCriteriaId":"9D1FC83B-1699-4761-BC26-EF40B70FC997"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_8270_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"3319E69E-8BE8-42DD-8CC6-01B90CD198F2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_8270:-:*:*:*:*:*:*:*","matchCriteriaId":"A197DA8A-C3EF-4A50-AFD4-8C9FACE7BAFF"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_8276_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"E913C215-27E1-4708-BBBA-A71BE1897509"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_8276:-:*:*:*:*:*:*:*","matchCriteriaId":"6EE4C360-A12A-4FDC-9B50-DFCBEA48DCB2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_8276l_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"DD98AF43-A79D-48DF-8343-C74009FDAF95"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_8276l:-:*:*:*:*:*:*:*","matchCriteriaId":"94C08C64-ECA6-45ED-A413-8F44A7D1FBC7"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_8276m_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"00BD95C4-E1FA-4A94-9E7E-E551AA2EA1A5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_8276m:-:*:*:*:*:*:*:*","matchCriteriaId":"6C8EFA24-FE2F-4B47-B73C-FAE6E50193F3"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_8280_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"1E726303-685C-4807-8AA9-8A4D7F16D7DB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_8280:-:*:*:*:*:*:*:*","matchCriteriaId":"138173B1-68AB-47AD-A4EE-239304CDE372"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_8280l_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"91E282BA-E56C-4C0F-A764-166825C8A040"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_8280l:-:*:*:*:*:*:*:*","matchCriteriaId":"D486B8BA-D431-4FF8-8541-25D7705C3AFA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_8280m_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"5A1BDB61-DBDC-4C67-A0B9-736130487789"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_8280m:-:*:*:*:*:*:*:*","matchCriteriaId":"B2A1158F-6165-41C4-91AE-5E9AC7210AFC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_9220_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"D644C7B6-D15E-4B5F-81DE-79290EB99611"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_9220:-:*:*:*:*:*:*:*","matchCriteriaId":"5E2F4BE5-9026-48CA-AB29-25BFE86E08E6"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_9221_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"9E8176AD-62A8-4B4E-8426-7F1235E929D3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_9221:-:*:*:*:*:*:*:*","matchCriteriaId":"F4BF66FD-AD34-47C3-8703-666B4D7D9036"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_9222_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"BA25A1DA-2914-405F-B493-837D87BFD657"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_9222:-:*:*:*:*:*:*:*","matchCriteriaId":"DCA9A267-33F3-47CC-A0DE-785417CB11A3"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_9242_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"7850F33C-4D9C-4639-B927-A82207EF2157"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_9242:-:*:*:*:*:*:*:*","matchCriteriaId":"0D833D03-6242-404D-984F-EFC891A4D54B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_9282_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"700B7592-D460-49E8-BCA8-410F370337AA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_9282:-:*:*:*:*:*:*:*","matchCriteriaId":"61326A4A-B670-49FF-9CC1-77405920E969"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_5215_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"CCAE7305-6637-4927-B46C-29B487C11D33"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_5215:-:*:*:*:*:*:*:*","matchCriteriaId":"49517E33-D5F7-41BA-9FFD-909FC659A4E7"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_5215l_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"9FB705C1-0919-4AA2-9393-9BBCAC23C1A2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_5215l:-:*:*:*:*:*:*:*","matchCriteriaId":"0BBE3F53-5DCC-40CF-83DE-3FA8A883CBF4"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_5215m_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"E23DA7D4-3086-493E-97F6-3C84345A28A7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_5215m:-:*:*:*:*:*:*:*","matchCriteriaId":"D0EA0CC2-E673-4875-8A87-60927049DB6F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_5215r_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"1A6972D2-390D-4707-A293-F86191D60F6E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_5215r:-:*:*:*:*:*:*:*","matchCriteriaId":"CE35136C-540F-4C31-ACE3-6BAAE27B9EA3"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_5217_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"6AF41286-0AB6-4354-AAA9-4C3120EF6DAF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_5217:-:*:*:*:*:*:*:*","matchCriteriaId":"D483E398-B918-4F02-A409-B8BD584C18E1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_5218_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"951795AD-3799-4090-80BC-D2DAF7B9197E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_5218:-:*:*:*:*:*:*:*","matchCriteriaId":"F8ED911C-340F-4D10-9DF3-C156EFD8D8F7"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_5218b_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"8E71DA16-070C-4CD1-81F8-30F211DAD76A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_5218b:-:*:*:*:*:*:*:*","matchCriteriaId":"3043F2BC-FB45-48F2-A3BC-D57E1243F17E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_5218n_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"31B39E6E-9013-4545-9EB3-1766084E6144"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_5218n:-:*:*:*:*:*:*:*","matchCriteriaId":"AA39123E-A4D4-4273-88BC-94BB8E2E80FB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_5218t_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"0C1DC0F9-72D9-4E9C-A969-493D7C6FD970"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_5218t:-:*:*:*:*:*:*:*","matchCriteriaId":"24CABD15-90E7-4E34-9929-18C0FCA18770"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_5220_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"7FA2ED7A-5D38-4F16-B3C2-3D7FED7C994E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_5220:-:*:*:*:*:*:*:*","matchCriteriaId":"011670EB-2D98-4AC9-9D63-C5331F16AAB7"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_5220r_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"4C4E67D7-F377-4E4B-9499-8ACC91A105F3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_5220r:-:*:*:*:*:*:*:*","matchCriteriaId":"663E7CBA-AB87-4593-B5E1-EB0D35910CF3"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_5220s_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"2D8161A8-1DBD-4E6B-8DA8-79E124CD56B6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_5220s:-:*:*:*:*:*:*:*","matchCriteriaId":"9290D21E-278C-426D-972C-D5A4923B30E6"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_5220t_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"6744FAB2-671B-4006-B373-DBC27820252C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_5220t:-:*:*:*:*:*:*:*","matchCriteriaId":"A1FE8564-85F9-4947-A688-5985D1AE6AC1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_5222_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"609A2317-B20E-4025-97F8-BA74D6DA0A7C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_5222:-:*:*:*:*:*:*:*","matchCriteriaId":"5FDAEEA6-C3A9-4C1B-B9DA-63B67E67A6E7"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_6222v_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"83284F5B-A039-4556-BA4C-27BF16811898"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_6222v:-:*:*:*:*:*:*:*","matchCriteriaId":"660A7920-8AB2-4C8F-BF63-38FE9968F2DD"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_6226_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"BF6A2447-37E3-4D02-86DF-75BA200FF367"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_6226:-:*:*:*:*:*:*:*","matchCriteriaId":"89628842-78DE-486E-9670-C46F9E0A695E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_6230_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"68D0EA02-C8A4-4683-A4FE-8AF2E72FD346"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_6230:-:*:*:*:*:*:*:*","matchCriteriaId":"0A64CB0E-0E96-4A3E-A091-8CA769393C7E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_6230n_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"8AC959F6-9671-44C7-B055-5F0E1263350D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_6230n:-:*:*:*:*:*:*:*","matchCriteriaId":"984EA8D2-9D83-45A1-824D-BF9082896F4C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_6230t_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"52793911-3034-4084-940B-7C721EEF725F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_6230t:-:*:*:*:*:*:*:*","matchCriteriaId":"57357F28-5263-4F70-A193-BC7FE4DF1CE8"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_6234_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"967259F1-4DC9-49FC-BBA3-FF37A74A988D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_6234:-:*:*:*:*:*:*:*","matchCriteriaId":"668A4B4F-9C05-4284-AB45-A4A5B5D2FBAD"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_6238_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"9FC0D948-631F-494B-AB35-8A0966ABA4CF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_6238:-:*:*:*:*:*:*:*","matchCriteriaId":"6FA293C8-DFD0-4AEF-AFC6-02A61C7CAD33"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_6238l_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"E2884D7D-A9A0-4F74-A34C-00B754547474"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_6238l:-:*:*:*:*:*:*:*","matchCriteriaId":"D5697841-097A-4C8A-B07F-B411EDB2D38F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_6238m_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"A10F05D5-1AE7-400A-AC7A-F00AA1AFA6F8"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_6238m:-:*:*:*:*:*:*:*","matchCriteriaId":"745950EF-ED9F-4FF1-9714-2CE8AA4CDF07"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_6238t_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"58D2A705-571E-45B8-AF09-7647C29D2A9A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_6238t:-:*:*:*:*:*:*:*","matchCriteriaId":"BDEE8054-5683-4DF1-A58C-2638E6708CA8"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_6240_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"1F10DB4A-744B-4C6C-A7A6-2CF182F13963"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_6240:-:*:*:*:*:*:*:*","matchCriteriaId":"C82B8484-1FEE-444B-B422-2AADDCA8C4D3"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_6240l_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"17636B30-24E1-4C3B-85B0-D1FCF32B3DA5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_6240l:-:*:*:*:*:*:*:*","matchCriteriaId":"12FB8906-F4E5-41E7-9CD4-CFC80BE41020"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_6240m_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"D3B3D30A-37A7-4B51-9050-7E1EA3CB9ABA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_6240m:-:*:*:*:*:*:*:*","matchCriteriaId":"67CE28D3-108E-4811-9480-FCC1B95FE132"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_6240y_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"000F0EDB-370A-483C-B428-288CAAF6261B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_6240y:-:*:*:*:*:*:*:*","matchCriteriaId":"E1D1EA80-08AB-4C6C-A8E8-8C6B7C3B4CE2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_6242_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"2FFFCE38-6325-4466-9871-F40390B4E54D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_6242:-:*:*:*:*:*:*:*","matchCriteriaId":"3A80346B-12C4-468C-8E87-049269C732C2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_6244_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"AEF0DD92-E739-4AE1-8E51-83E2A27E0DF0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_6244:-:*:*:*:*:*:*:*","matchCriteriaId":"75DBCDC5-1388-43A9-AF8E-BE6A05DEFC81"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_6246_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"0B29865B-EC51-4164-8F5E-05289CA0D198"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_6246:-:*:*:*:*:*:*:*","matchCriteriaId":"7ECB174B-B235-4D26-9FFA-233AFE428A82"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_6248_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"03907542-C9AE-4E0B-A3F2-58D300D62A22"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_6248:-:*:*:*:*:*:*:*","matchCriteriaId":"CBB5BBDE-E5E2-474A-94FC-3CBF14A61D2F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_6252_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"51FD732F-F5D3-4DBE-AEF4-4C2B2784D68F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_6252:-:*:*:*:*:*:*:*","matchCriteriaId":"9D9451F2-04B7-4C1F-83F8-2766A866E401"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_6252n_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"4A8846E0-BA7A-4426-A5D9-E91B01C00236"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_6252n:-:*:*:*:*:*:*:*","matchCriteriaId":"92783A72-5A43-470F-A402-0ACC21722E73"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_6254_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"F6339774-DD97-4D95-A12D-7A9CA2659F92"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_6254:-:*:*:*:*:*:*:*","matchCriteriaId":"23EDBF24-8D46-4006-A690-D79428DCFB44"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_6262v_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"B182CE6B-50DA-41FC-89CB-D74A0BBD2B68"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_6262v:-:*:*:*:*:*:*:*","matchCriteriaId":"7A459FF4-07AC-49C7-B7CA-AF97A997F3C1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_4208_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"41DE84DE-214E-4125-93C5-DB1E4291EA6B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_4208:-:*:*:*:*:*:*:*","matchCriteriaId":"8EF69471-E209-4C2C-8ECD-D6231B9069A7"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_4208r_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"4DF7E7AA-39C9-4006-814E-FE3AAFCB25C1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_4208r:-:*:*:*:*:*:*:*","matchCriteriaId":"A155856F-F279-4095-AF87-268BB90AA9D9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_4209t_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"3B7DCE4E-3195-4228-9491-C3374F0A610E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_4209t:-:*:*:*:*:*:*:*","matchCriteriaId":"3732AE58-8496-4314-86E2-B8039BF1B1C8"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_4210_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"D8CC38C7-FD58-445C-BF21-6DA485E10E75"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_4210:-:*:*:*:*:*:*:*","matchCriteriaId":"A2F83818-64D0-4219-8DEB-716F0614B842"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_4210r_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"BE8AD5AC-7CED-4C57-83CB-CAF5FB891F5D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_4210r:-:*:*:*:*:*:*:*","matchCriteriaId":"F8DBEAE8-0313-40DA-9C81-EDD14A16D2D4"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_4214_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"BDF2252C-624F-456A-A73F-3EEF6901F3AB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_4214:-:*:*:*:*:*:*:*","matchCriteriaId":"F6F6A060-985A-4357-AF1B-79E22D20F01E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_4214c_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"B9298728-1039-44E0-8364-0BA535D8439A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_4214c:-:*:*:*:*:*:*:*","matchCriteriaId":"8CCEAF57-5F6C-4EE7-A256-FC93C493CA46"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_4214r_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"0392E515-7C04-4003-BC42-0674E55B97FC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_4214r:-:*:*:*:*:*:*:*","matchCriteriaId":"22A52E84-1D29-400A-AD48-0C126D5F2362"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_4214y_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"65E5E40A-84C0-4C47-9BCB-12038D8F18D9"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_4214y:-:*:*:*:*:*:*:*","matchCriteriaId":"472453F1-923B-4BAC-A424-23660A850ADD"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_4215_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"07862A92-E3A0-4482-AF95-E8EA22F6B00E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_4215:-:*:*:*:*:*:*:*","matchCriteriaId":"44179A12-7879-4BC7-86E8-7CC74DD0B6F2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_4216_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"4416A15B-1B14-4C3F-BC84-CB90B93CF254"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_4216:-:*:*:*:*:*:*:*","matchCriteriaId":"6E70BE52-A032-44BE-B492-8890AC5A634E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_4216r_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"B14C3F2C-A5FD-4106-8D05-9AC52B70A30C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_4216r:-:*:*:*:*:*:*:*","matchCriteriaId":"12EF1D06-814A-4F46-AAA3-A04B1C54FE78"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_3204_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"BF093B50-2F3C-4B20-9F3D-66CD306B1F4F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_3204:-:*:*:*:*:*:*:*","matchCriteriaId":"B8A7CA0D-9DB0-4905-B65A-52F731B33904"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_3206r_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"990CA598-5320-49F8-8307-B482E8A87F82"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_3206r:-:*:*:*:*:*:*:*","matchCriteriaId":"4F262205-C8F7-4BBC-9062-24B64AA9D386"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_w-3275m_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"2550330E-3A54-45BD-8B2F-8CD8D5561DA1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_w-3275m:-:*:*:*:*:*:*:*","matchCriteriaId":"F693457C-3529-4E62-A672-1B862F235D0F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_w-3275_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"25CC3D78-CE53-4ADF-9D6B-73255508FCDA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_w-3275:-:*:*:*:*:*:*:*","matchCriteriaId":"AE519C62-F5BB-461C-91EF-2979CD506C63"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_w-3265m_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"6E23B39A-513F-4388-8F28-C711414E2BF6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_w-3265m:-:*:*:*:*:*:*:*","matchCriteriaId":"020B6FED-EAE2-478C-8FF4-CB75F24E9A9D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_w-3265_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"97A8F5B9-B820-4E84-9863-FF734DE45B9E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_w-3265:-:*:*:*:*:*:*:*","matchCriteriaId":"2215D655-0EA9-4530-AB68-7B1C7360D692"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_w-3245m_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"93849DA1-D6A5-4FA2-99F1-D8AD3B4DE8CE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_w-3245m:-:*:*:*:*:*:*:*","matchCriteriaId":"35380FB9-90FF-405F-8E2E-01C1DD209540"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_w-3245_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"A054F0CE-BD0C-4E56-9EBA-79A113FCA659"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_w-3245:-:*:*:*:*:*:*:*","matchCriteriaId":"DF9E723E-1095-424E-A90D-380CA0D2795E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_w-3235_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"AF1FA2A8-5000-4E03-B659-1112C4EAA1A4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_w-3235:-:*:*:*:*:*:*:*","matchCriteriaId":"C39B6A99-7060-4011-8FA3-E5ABE5C02813"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_w-3225_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"D53DDDB1-DA94-4BC2-A934-4FFE55F0D1E7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_w-3225:-:*:*:*:*:*:*:*","matchCriteriaId":"3ECEBDB0-2E0A-416B-9737-82C1FC65A06C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_w-3223_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"8F619828-436D-4A0B-84F6-968893B96710"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_w-3223:-:*:*:*:*:*:*:*","matchCriteriaId":"ADA1FA19-A836-4D6A-8C2D-718ECE6866D2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_w-2295_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"87F3E569-3A87-4D31-B80A-E0FD74B25AFE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_w-2295:-:*:*:*:*:*:*:*","matchCriteriaId":"D1340A29-3428-4FAD-AA07-7F625915E34D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_w-2275_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"21189344-DC9C-4DAD-A33A-C0A9004BFD4F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_w-2275:-:*:*:*:*:*:*:*","matchCriteriaId":"750A77C5-1367-4E04-9ABF-1AB2D46C29C6"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_w-2265_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"8EF592A6-20F6-4220-8A9C-282F21EBCBF7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_w-2265:-:*:*:*:*:*:*:*","matchCriteriaId":"C6D23470-A702-426D-A63C-4F7BAC158762"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_w-2255_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"3D0A0072-4ECD-4F88-8BA5-8BDB026F95B2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_w-2255:-:*:*:*:*:*:*:*","matchCriteriaId":"2ADF328B-D286-4C36-9F21-11A58D55D03A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_w-2245_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"42A4C795-500D-4B83-8DC5-327E011BA7E5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_w-2245:-:*:*:*:*:*:*:*","matchCriteriaId":"D132291B-AADD-49E3-ADD6-333E1F1D8DFE"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_w-2235_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"5E8852E4-C6AF-41D1-AF12-646B06C99600"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_w-2235:-:*:*:*:*:*:*:*","matchCriteriaId":"AC75E5CF-4241-45A8-AD45-1F7F077CEEA1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_w-2225_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"32D47430-800D-43F5-AA6E-8852969BEFAB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_w-2225:-:*:*:*:*:*:*:*","matchCriteriaId":"0CD8EE0E-2BA3-49DD-91D1-81AB67F16475"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_w-2223_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"2D44FD82-EEBB-4388-B346-EB29B852F2EA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_w-2223:-:*:*:*:*:*:*:*","matchCriteriaId":"708D6E00-A2E5-4B08-88E7-C872ACFC341D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:core_i9-9980hk_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"AD455EBB-69AE-464A-93AA-13227FBD17E2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:core_i9-9980hk:-:*:*:*:*:*:*:*","matchCriteriaId":"A48A2969-DC53-48E2-A5CA-4DF2B00D1960"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:core_i9-9880h_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"F9A727A1-219F-4B78-B490-0E47340B38F3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:core_i9-9880h:-:*:*:*:*:*:*:*","matchCriteriaId":"659206BB-510A-47F8-8B6E-FD030A6BE1DA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:core_i7-9850h_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"7BB8CB49-D52E-4C92-9CD5-465615916213"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:core_i7-9850h:-:*:*:*:*:*:*:*","matchCriteriaId":"4D0320CB-05E3-4D5B-BCEF-D862566B0AA2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:core_i7-9750hf_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"455BC769-5B19-4B91-844B-15B4FB2401E2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:core_i7-9750hf:-:*:*:*:*:*:*:*","matchCriteriaId":"31CD303F-AAE9-4635-987D-742031232BDD"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:core_i5-9400h_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"D95AB3F9-7B28-46F8-8882-4976DBBCC767"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:core_i5-9400h:-:*:*:*:*:*:*:*","matchCriteriaId":"85F465BF-4548-45EB-AC40-384F4E6248EE"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:core_i5-9300h_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"37E9BA09-E255-438E-9938-3F51A78A3331"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:core_i5-9300h:-:*:*:*:*:*:*:*","matchCriteriaId":"9A735A90-47E1-44C6-AE76-F6C7FFDCD4D0"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:core_i9-9900k_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"BA036BD6-38AF-4763-9B84-8CD7019BF262"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:core_i9-9900k:-:*:*:*:*:*:*:*","matchCriteriaId":"7C3257F5-CA55-4F35-9D09-5B85253DE786"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:core_i9-9900kf_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"DD9D4C3C-BD9C-4AF1-92BF-127D9A6B7B44"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:core_i9-9900kf:-:*:*:*:*:*:*:*","matchCriteriaId":"B6F8CEA0-1CD6-4F17-85E3-C1CB04D9833A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:core_i7-9700k_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"6CCE2EBC-82FE-49AB-857B-403C7ACE5091"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:core_i7-9700k:-:*:*:*:*:*:*:*","matchCriteriaId":"1FB0C1DA-60C6-4C9E-99D6-7A47696DACD8"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:core_i7-9700kf_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"1163CF40-4D70-4965-8229-B102D754ECD2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:core_i7-9700kf:-:*:*:*:*:*:*:*","matchCriteriaId":"F2EB81B1-7DEF-4CC3-ADC9-A4CB1042E406"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:core_i5-9600k_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"B26CE379-73B5-4E3C-B0B2-7550A3A670BC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:core_i5-9600k:-:*:*:*:*:*:*:*","matchCriteriaId":"B1DFFFEB-CC63-4F51-8828-C5D4E0287264"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:core_i5-9600kf_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"79F5E016-5AB5-4DB5-BDB0-75AE14253413"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:core_i5-9600kf:-:*:*:*:*:*:*:*","matchCriteriaId":"B176D141-26B0-477E-B2DB-2E48D6FB82AE"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:core_i5-9400_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"8AA0AF35-BED8-41EC-831A-57CFA7A5F0D0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:core_i5-9400:-:*:*:*:*:*:*:*","matchCriteriaId":"8AC9F52F-6669-459A-A0A9-8F472E1F2761"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:core_i5-9400f_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"EC4DDD41-51CD-40FF-BCB0-29D559C1CAD5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:core_i5-9400f:-:*:*:*:*:*:*:*","matchCriteriaId":"A7E91B92-4DB7-4866-8370-C6F8616D3D81"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_e-2288g_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"3540784A-1B0B-41EE-AB66-A293AC400C39"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_e-2288g:-:*:*:*:*:*:*:*","matchCriteriaId":"5EA930BC-EF68-4AD5-AA1B-0659358028D5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_e-2286m_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"39616E34-9182-485B-B6AE-566DE2E77AA5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_e-2286m:-:*:*:*:*:*:*:*","matchCriteriaId":"556637E1-9502-41E7-B91D-082C92F233A1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_e-2278gel_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"F68C14E0-5711-4D18-B529-AA0EE3BDC99C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_e-2278gel:-:*:*:*:*:*:*:*","matchCriteriaId":"60B582A1-784C-4BE8-A0D5-706DE01D769E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_e-2278ge_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"0DFD79A0-2F24-484C-AD4A-D58B7414788E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_e-2278ge:-:*:*:*:*:*:*:*","matchCriteriaId":"00912C9C-D386-445E-B390-E96361ECDFA6"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:xeon_e-2278g_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"7C02909B-E06F-4786-ABB9-ACF5D9C5E4D0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xeon_e-2278g:-:*:*:*:*:*:*:*","matchCriteriaId":"63650DBF-4DBD-4655-AE93-5CBE53F8E0FB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:core_i7-10510u_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"0D449326-502E-488D-9933-863B9CF997FC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:core_i7-10510u:-:*:*:*:*:*:*:*","matchCriteriaId":"494A828B-F2BF-40CA-AAFB-7D2AF2BAF3AA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:core_i5-10210u_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"16920A34-D1CE-4F1A-BCF7-045E3B3AA9AC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:core_i5-10210u:-:*:*:*:*:*:*:*","matchCriteriaId":"71615EAF-4DF4-4B9E-BF34-6ED0371A53D7"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:pentium_6405u_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"B3408FB7-9D72-4FC2-8E54-5248B6722755"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:pentium_6405u:-:*:*:*:*:*:*:*","matchCriteriaId":"65FEB59A-6AF4-4E64-8BE9-437178D1EA0B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:celeron_5305u_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"C2F8F8B9-FBAC-43AE-AB18-86FF0A2C5DA9"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:celeron_5305u:-:*:*:*:*:*:*:*","matchCriteriaId":"39831D4E-743A-4C09-900F-24DDAB5D1B22"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:core_i7-8565u_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"50E893B9-92D2-4EA9-BDC6-0E73CA4EE484"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:core_i7-8565u:-:*:*:*:*:*:*:*","matchCriteriaId":"F41025AC-6EFE-4562-B1D1-BAB004875B06"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:core_i7-8665u_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"7DF86B5D-4B93-4DFA-945E-723F49D90F1C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:core_i7-8665u:-:*:*:*:*:*:*:*","matchCriteriaId":"34DD3CCB-91D5-48D6-80BC-CA643385BCE4"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:core_i5-8365u_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"78DB74AB-9D98-40B0-9715-EF934125C228"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:core_i5-8365u:-:*:*:*:*:*:*:*","matchCriteriaId":"C9054F35-AAB5-481E-B512-EDF4C3F2EA2F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:intel:core_i5-8265u_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"A7001A74-CFF9-4CBB-A72B-E476C22ADF07"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:core_i5-8265u:-:*:*:*:*:*:*:*","matchCriteriaId":"6D3E166F-3D9F-4D0D-924A-147883598EA3"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*","matchCriteriaId":"815D70A8-47D3-459C-A32C-9FEACA0659D1"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:codeready_linux_builder:8.0:*:*:*:*:*:*:*","matchCriteriaId":"93A089E2-D66E-455C-969A-3140D991BAF4"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:codeready_linux_builder_eus:8.1:*:*:*:*:*:*:*","matchCriteriaId":"445D0C8B-E07B-4F58-9F88-D5B244DAF41B"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:codeready_linux_builder_eus:8.2:*:*:*:*:*:*:*","matchCriteriaId":"860EA789-CC44-409C-882D-4FC4CAB42912"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:codeready_linux_builder_eus:8.4:*:*:*:*:*:*:*","matchCriteriaId":"B399239A-5211-4174-9A47-A71DBA786426"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:codeready_linux_builder_eus:8.6:*:*:*:*:*:*:*","matchCriteriaId":"8BE16CC2-C6B4-4B73-98A1-F28475A92F49"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:virtualization_manager:4.2:*:*:*:*:*:*:*","matchCriteriaId":"E938A8EB-68FE-427B-B67E-C880FBF54BBE"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","matchCriteriaId":"33C068A4-3780-4EAB-A937-6082DF847564"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"5BF3C7A5-9117-42C7-BEA1-4AA378A582EF"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*","matchCriteriaId":"83737173-E12E-4641-BC49-0BD84A6B29D0"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*","matchCriteriaId":"92BC9265-6959-4D37-BE5E-8C45E98992F8"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*","matchCriteriaId":"831F0F47-3565-4763-B16F-C87B1FF2035E"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*","matchCriteriaId":"0E3F09B5-569F-4C58-9FCA-3C0953D107B5"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*","matchCriteriaId":"6C3741B8-851F-475D-B428-523F4F722350"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","matchCriteriaId":"51EF4996-72F4-4FA4-814F-F5991E7A8318"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"B353CE99-D57C-465B-AAB0-73EF581127D1"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*","matchCriteriaId":"7431ABC1-9252-419E-8CC1-311B41360078"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*","matchCriteriaId":"6897676D-53F9-45B3-B27F-7FF9A4C58D33"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*","matchCriteriaId":"E28F226A-CBC7-4A32-BE58-398FA5B42481"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*","matchCriteriaId":"76C24D94-834A-4E9D-8F73-624AFA99AAA2"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"B76AA310-FEC7-497F-AF04-C3EC1E76C4CC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*","matchCriteriaId":"17F256A9-D3B9-4C72-B013-4EFD878BFEA8"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*","matchCriteriaId":"B09ACF2D-D83F-4A86-8185-9569605D8EE1"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*","matchCriteriaId":"AC10D919-57FD-4725-B8D2-39ECB476902F"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*","matchCriteriaId":"1272DF03-7674-4BD4-8E64-94004B195448"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","matchCriteriaId":"825ECE2D-E232-46E0-A047-074B34DB1E97"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*","matchCriteriaId":"D3E503FB-6279-4D4A-91D8-E237ECF9D2B0"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00045.html","source":"secure@intel.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00046.html","source":"secure@intel.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00042.html","source":"secure@intel.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://packetstormsecurity.com/files/155375/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html","source":"secure@intel.com","tags":["Patch","Third Party Advisory","VDB Entry"]},{"url":"http://www.openwall.com/lists/oss-security/2019/12/10/3","source":"secure@intel.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2019/12/10/4","source":"secure@intel.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2019/12/11/1","source":"secure@intel.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2019:3936","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2020:0026","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2020:0028","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2020:0204","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2020:0279","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2020:0366","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2020:0555","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2020:0666","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2020:0730","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10306","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2019/12/msg00035.html","source":"secure@intel.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5WWPW4BSZDDW7VHU427XTVXV7ROOFFW/","source":"secure@intel.com"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH/","source":"secure@intel.com"},{"url":"https://seclists.org/bugtraq/2019/Dec/28","source":"secure@intel.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://seclists.org/bugtraq/2019/Nov/26","source":"secure@intel.com","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"https://seclists.org/bugtraq/2020/Jan/21","source":"secure@intel.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/202003-56","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"https://support.f5.com/csp/article/K02912734?utm_source=f5support&amp%3Butm_medium=RSS","source":"secure@intel.com"},{"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03968en_us","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/4186-2/","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2020/dsa-4602","source":"secure@intel.com","tags":["Third Party Advisory"]},{"url":"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00270.html","source":"secure@intel.com","tags":["Vendor Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujan2021.html","source":"secure@intel.com","tags":["Patch","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00045.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00046.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00042.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://packetstormsecurity.com/files/155375/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory","VDB Entry"]},{"url":"http://www.openwall.com/lists/oss-security/2019/12/10/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2019/12/10/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2019/12/11/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2019:3936","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2020:0026","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2020:0028","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2020:0204","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2020:0279","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2020:0366","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2020:0555","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2020:0666","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2020:0730","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10306","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2019/12/msg00035.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5WWPW4BSZDDW7VHU427XTVXV7ROOFFW/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://seclists.org/bugtraq/2019/Dec/28","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://seclists.org/bugtraq/2019/Nov/26","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"https://seclists.org/bugtraq/2020/Jan/21","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/202003-56","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://support.f5.com/csp/article/K02912734?utm_source=f5support&amp%3Butm_medium=RSS","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03968en_us","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/4186-2/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2020/dsa-4602","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00270.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujan2021.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2019-6852","sourceIdentifier":"cybersecurity@se.com","published":"2019-11-20T22:15:12.030","lastModified":"2026-05-28T20:16:19.880","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A CWE-200: Information Exposure vulnerability exists in Modicon Controllers (M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions), which could cause the disclosure of FTP hardcoded credentials when using the Web server of the controller on an unsecure network."},{"lang":"es","value":"Una CWE-200: Se presenta una vulnerabilidad de Exposición de Información en los Controladores Modicon (CPU M340, módulos de comunicación M340, CPU Premium, módulos de comunicación Premium, CPU Quantum, módulos de comunicación Quantum; consulte la notificación de seguridad para versiones específicas), lo que podría causar una divulgación de credenciales embebidas en FTP cuando se utiliza el servidor web del controlador en una red no segura."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cybersecurity@se.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:bmx_p34x_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"14850FBA-6534-47DB-963A-9D1973CD743E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:bmx_p34x:-:*:*:*:*:*:*:*","matchCriteriaId":"31641D9C-5A26-4632-AF77-DF0596027EBF"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:bmx_noe_0100_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"357C2EC3-AF99-4C28-9F25-7535B6279039"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:bmx_noe_0100:-:*:*:*:*:*:*:*","matchCriteriaId":"2E25BD42-AEA0-4834-8EF6-A030F34F3C0E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:bmx_noe_0110_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"245BC693-0C80-433D-B966-7EEC40BDF4B2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:bmx_noe_0110:-:*:*:*:*:*:*:*","matchCriteriaId":"8F06E131-2AAE-4A34-AA96-A4828C01E9FB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:bmx_noc_0401_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"0A897B7E-4CBC-48F5-BAF0-D127A73E287C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:bmx_noc_0401:-:*:*:*:*:*:*:*","matchCriteriaId":"790F8548-142B-4F0E-9A1E-B4570DA76917"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsx_p57x_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"0194B54A-6A29-4539-8BD3-0A0CCC04DB59"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsx_p57x:-:*:*:*:*:*:*:*","matchCriteriaId":"1556D664-D4CF-4B0E-A2AD-262B511F1FBF"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsx_ety_x103_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"2B550F75-2542-4DED-A588-3D7783652B8D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsx_ety_x103:-:*:*:*:*:*:*:*","matchCriteriaId":"E63E90D7-795C-4B98-91D5-BD11DCA34AFA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:140_cpu6x_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"3C678406-4896-4209-B75C-49D4A946DBF1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:140_cpu6x:-:*:*:*:*:*:*:*","matchCriteriaId":"BF08312C-4614-4FE1-AE24-21E1F6E6D3BF"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:140_noe_771x1_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"6090B04C-F4C2-4261-896A-F70019DCD5BC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:140_noe_771x1:-:*:*:*:*:*:*:*","matchCriteriaId":"22AB350E-16AF-433A-A4B6-409DE325B63D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:140_noc_78x00_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"7B735DC2-F3B6-4F16-9747-665466B43EC6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:140_noc_78x00:-:*:*:*:*:*:*:*","matchCriteriaId":"65ED8C96-0B54-4BB6-BFD6-71D54905C517"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:140_noc_77101_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"6EDC7834-486B-4B72-A18D-C6B900F7D090"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:140_noc_77101:-:*:*:*:*:*:*:*","matchCriteriaId":"E7F4A0D3-FD4D-47E9-B4A6-C78348464907"}]}]}],"references":[{"url":"https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02/","source":"cybersecurity@se.com","tags":["Not Applicable","Vendor Advisory"]},{"url":"https://www.se.com/ww/en/download/document/SEVD-2019-316-02%20/","source":"nvd@nist.gov","tags":["Vendor Advisory"]},{"url":"https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Not Applicable","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2019-13721","sourceIdentifier":"chrome-cve-admin@google.com","published":"2019-11-25T15:15:33.963","lastModified":"2026-05-28T19:16:30.417","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Use after free in PDFium in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."},{"lang":"es","value":"Un uso de la memoria previamente liberada en PDFium en Google Chrome versiones anteriores a 78.0.3904.87, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"},{"lang":"en","value":"CWE-787"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-416"},{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"78.0.3904.87","matchCriteriaId":"ECD9EE0F-00A6-4AE5-807C-9416801B515E"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00022.html","source":"chrome-cve-admin@google.com"},{"url":"https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_31.html","source":"chrome-cve-admin@google.com"},{"url":"https://crbug.com/1013868","source":"chrome-cve-admin@google.com"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00022.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_31.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://crbug.com/1013868","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2019-19378","sourceIdentifier":"cve@mitre.org","published":"2019-11-29T17:15:11.840","lastModified":"2026-05-28T19:16:34.723","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image can lead to slab-out-of-bounds write access in index_rbio_pages in fs/btrfs/raid56.c."},{"lang":"es","value":"En el kernel de Linux versión 5.0.21, montar una imagen del sistema de archivos btrfs diseñada puede conllevar a un acceso de escritura fuera de límites en la función index_rbio_pages en el archivo fs/btrfs/raid56.c."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.0.21:*:*:*:*:*:*:*","matchCriteriaId":"38A8931B-87F4-4F2A-87CE-AB8DD402BE9F"}]}]}],"references":[{"url":"https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19378","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20200103-0001/","source":"cve@mitre.org"},{"url":"https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19378","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20200103-0001/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2019-17571","sourceIdentifier":"security@apache.org","published":"2019-12-20T17:15:11.893","lastModified":"2026-05-28T19:16:31.683","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17."},{"lang":"es","value":"Incluido en Log4j versión 1.2 existe una clase SocketServer que es vulnerable a la deserialización de datos no confiables, que pueden ser explotada para ejecutar código arbitrario  remotamente cuando se combina con un dispositivo de deserialización al escuchar el tráfico de red no confiable para datos de registro. Esto afecta a Log4j versiones desde 1.2 hasta 1.2.17."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security@apache.org","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*","versionEndIncluding":"1.2.17","matchCriteriaId":"362179E0-FF81-4DED-B456-552615222A8C"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","matchCriteriaId":"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","matchCriteriaId":"B620311B-34A3-48A6-82DF-6F078D7A4493"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0","versionEndIncluding":"3.1.3","matchCriteriaId":"B9273745-6408-4CD3-94E8-9385D4F5FE69"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*","matchCriteriaId":"5735E553-9731-4AAC-BCFF-989377F817B3"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*","matchCriteriaId":"A125E817-F974-4509-872C-B71933F42AD1"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_network_integrity:*:*:*:*:*:*:*:*","versionStartIncluding":"7.3.2","versionEndIncluding":"7.3.6","matchCriteriaId":"ABD748C9-24F6-4739-9772-208B98616EE2"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*","matchCriteriaId":"9D03A8C9-35A5-4B75-9711-7A4A60457307"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:financial_services_lending_and_leasing:*:*:*:*:*:*:*:*","versionStartIncluding":"14.1.0","versionEndIncluding":"14.8.0","matchCriteriaId":"2959030B-A9B7-4423-A2E8-9352FC83C4A2"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:financial_services_lending_and_leasing:12.5.0:*:*:*:*:*:*:*","matchCriteriaId":"317CA916-61F3-4E24-B42F-610A1C88A5BA"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*","versionEndIncluding":"8.0.29","matchCriteriaId":"B0EBAC6D-D0CE-42A1-AEA0-2D50C8035747"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*","versionStartIncluding":"16.2","versionEndIncluding":"16.2.11","matchCriteriaId":"1CB8F81A-D028-4258-9A4F-ADEE25BE95FC"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*","versionStartIncluding":"17.12.0","versionEndIncluding":"17.12.7","matchCriteriaId":"E4AA3854-C9FD-4287-85A0-EE7907D1E1ED"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*","matchCriteriaId":"19A0F1AF-F2E6-44E7-8E2D-190E103B72D3"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*","matchCriteriaId":"6D53690D-3390-4A27-988A-709CD89DD05B"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_extract_transform_and_load:19.0:*:*:*:*:*:*:*","matchCriteriaId":"4E306B67-E1BD-4A67-A77D-A7DC72D5B957"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*","matchCriteriaId":"378A6656-252B-4929-83EA-BC107FDFD357"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*","matchCriteriaId":"363395FA-C296-4B2B-9D6F-BCB8DBE6FACE"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*","matchCriteriaId":"F62A2144-5EF8-4319-B8C2-D7975F51E5FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*","matchCriteriaId":"B40B13B7-68B3-4510-968C-6A730EB46462"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*","matchCriteriaId":"C93CC705-1F8C-4870-99E6-14BF264C3811"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*","matchCriteriaId":"F14A818F-AA16-4438-A3E4-E64C9287AC66"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*","matchCriteriaId":"04BCDC24-4A21-473C-8733-0D9CFB38A752"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:bookkeeper:*:*:*:*:*:*:*:*","versionEndExcluding":"4.14.3","matchCriteriaId":"8AF2C94A-428B-47AF-B0A5-09EFB109941C"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00022.html","source":"security@apache.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.apache.org/thread.html/277b4b5c2b0e06a825ccec565fa65bd671f35a4d58e3e2ec5d0618e1%40%3Cdev.tika.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/44491fb9cc19acc901f7cff34acb7376619f15638439416e3e14761c%40%3Cdev.tika.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/479471e6debd608c837b9815b76eab24676657d4444fcfd5ef96d6e6%40%3Cdev.tika.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/564f03b4e9511fcba29c68fc0299372dadbdb002718fa8edcc4325e4%40%3Cjira.kafka.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/6114ce566200d76e3cc45c521a62c2c5a4eac15738248f58a99f622c%40%3Cissues.activemq.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/752ec92cd1e334a639e79bfbd689a4ec2c6579ec5bb41b53ffdf358d%40%3Cdev.kafka.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/8ab32b4c9f1826f20add7c40be08909de9f58a89dc1de9c09953f5ac%40%3Cissues.activemq.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/eea03d504b36e8f870e8321d908e1def1addda16adda04327fe7c125%40%3Cdev.logging.apache.org%3E","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"https://lists.apache.org/thread.html/r05755112a8c164abc1004bb44f198b1e3d8ca3d546a8f13ebd3aa05f%40%3Cissues.zookeeper.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r107c8737db39ec9ec4f4e7147b249e29be79170b9ef4b80528105a2d%40%3Cdev.zookeeper.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r13d4b5c60ff63f3c4fab51d6ff266655be503b8a1884e2f2fab67c3a%40%3Ccommon-issues.hadoop.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r189aaeaad897f7d6b96f7c43a8ef2dfb9f6e9f8c1cc9ad182ce9b9ae%40%3Cjira.kafka.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r18f1c010b554a3a2d761e8ffffd8674fd4747bcbcf16c643d708318c%40%3Cissues.activemq.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r1b7734dfdfd938640f2f5fb6f4231a267145c71ed60cc7faa1cbac07%40%3Ccommon-issues.hadoop.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r26244f9f7d9a8a27a092eb0b2a0ca9395e88fcde8b5edaeca7ce569c%40%3Ccommon-issues.hadoop.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe%40%3Cusers.kafka.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r2756fd570b6709d55a61831ca028405bcb3e312175a60bc5d911c81f%40%3Cjira.kafka.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r2ce8d26154bea939536e6cf27ed02d3192bf5c5d04df885a80fe89b3%40%3Cissues.activemq.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r2ff63f210842a3c5e42f03a35d8f3a345134d073c80a04077341c211%40%3Cissues.activemq.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r3543ead2317dcd3306f69ee37b07dd383dbba6e2f47ff11eb55879ad%40%3Cusers.activemq.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r356d57d6225f91fdc30f8b0a2bed229d1ece55e16e552878c5fa809a%40%3Cissues.zookeeper.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r3784834e80df2f284577a5596340fb84346c91a2dea6a073e65e3397%40%3Cissues.activemq.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r3a85514a518f3080ab1fc2652cfe122c2ccf67cfb32356acb1b08fe8%40%3Cdev.tika.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r3bf7b982dfa0779f8a71f843d2aa6b4184a53e6be7f149ee079387fd%40%3Cdev.kafka.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r3c575cabc7386e646fb12cb82b0b38ae5a6ade8a800f827107824495%40%3Cjira.kafka.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r3cf50d05ce8cec8c09392624b7bae750e7643dae60ef2438641ee015%40%3Cissues.zookeeper.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r3d666e4e8905157f3c046d31398b04f2bfd4519e31f266de108c6919%40%3Cissues.activemq.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r48d5019bd42e0770f7e5351e420a63a41ff1f16924942442c6aff6a8%40%3Ccommits.zookeeper.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r48efc7cb5aeb4e1f67aaa06fb4b5479a5635d12f07d0b93fc2d08809%40%3Ccommits.zookeeper.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r4ac89cbecd9e298ae9fafb5afda6fa77ac75c78d1ac957837e066c4e%40%3Cuser.zookeeper.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r4b25538be50126194cc646836c718b1a4d8f71bd9c912af5b59134ad%40%3Cdev.tika.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r52a5129df402352adc34d052bab9234c8ef63596306506a89fdc7328%40%3Cusers.activemq.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r594411f4bddebaf48a4c70266d0b7849e0d82bb72826f61b3a35bba7%40%3Cissues.bookkeeper.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r5c084578b3e3b40bd903c9d9e525097421bcd88178e672f612102eb2%40%3Cjira.kafka.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r61590890edcc64140e0c606954b29a063c3d08a2b41d447256d51a78%40%3Cissues.activemq.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r6236b5f8646d48af8b66d5050f288304016840788e508c883356fe0e%40%3Clog4j-user.logging.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r681b4432d0605f327b68b9f8a42662993e699d04614de4851c35ffd1%40%3Cdev.tika.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r696507338dd5f44efc23d98cafe30f217cf3ba78e77ed1324c7a5179%40%3Cjira.kafka.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r6aec6b8f70167fa325fb98b3b5c9ce0ffaed026e697b69b85ac24628%40%3Cissues.zookeeper.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r6b45a2fcc8e98ac93a179183dbb7f340027bdb8e3ab393418076b153%40%3Ccommon-issues.hadoop.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r6d34da5a0ca17ab08179a30c971446c7421af0e96f6d60867eabfc52%40%3Cissues.bookkeeper.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r71e26f9c2d5826c6f95ad60f7d052d75e1e70b0d2dd853db6fc26d5f%40%3Cjira.kafka.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r746fbc3fc13aee292ae6851f7a5080f592fa3a67b983c6887cdb1fc5%40%3Cdev.tika.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r7a1acc95373105169bd44df710c2f462cad31fb805364d2958a5ee03%40%3Cjira.kafka.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r7bcdc710857725c311b856c0b82cee6207178af5dcde1bd43d289826%40%3Cissues.activemq.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r7f462c69d5ded4c0223e014d95a3496690423c5f6f05c09e2f2a407a%40%3Cjira.kafka.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd%40%3Cusers.activemq.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r8418a0dff1729f19cf1024937e23a2db4c0f94f2794a423f5c10e8e7%40%3Cissues.bookkeeper.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r8890b8f18f1de821595792b58b968a89692a255bc20d86d395270740%40%3Ccommits.druid.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r8a1cfd4705258c106e488091fcec85f194c82f2bbde6bd151e201870%40%3Cjira.kafka.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r8c392ca48bb7e50754e4bc05865e9731b23d568d18a520fe3d8c1f75%40%3Ccommon-issues.hadoop.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r8c6300245c0bcef095e9f07b48157e2c6471df0816db3408fcf1d748%40%3Ccommon-issues.hadoop.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r8d78a0fbb56d505461e29868d1026e98c402e6a568c13a6da67896a2%40%3Cdev.jena.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r8e3f7da12bf5750b0a02e69a78a61073a2ac950eed7451ce70a65177%40%3Ccommits.zookeeper.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r909b8e3a36913944d3b7bafe9635d4ca84f8f0e2cd146a1784f667c2%40%3Cissues.zookeeper.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r90c23eb8c82835fa82df85ae5e88c81fd9241e20a22971b0fb8f2c34%40%3Cissues.bookkeeper.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r944183c871594fe9a555b8519a7c945bbcf6714d72461aa6c929028f%40%3Cissues.zookeeper.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r9a9e3b42cd5d1c4536a14ef04f75048dec8e2740ac6a138ea912177f%40%3Cpluto-dev.portals.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r9d0d03f2e7d9e13c68b530f81d02b0fec33133edcf27330d8089fcfb%40%3Cissues.zookeeper.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r9d2e28e71f91ba0b6f4114c8ecd96e2b1f7e0d06bdf8eb768c183aa9%40%3Ccommon-issues.hadoop.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r9dc2505651788ac668299774d9e7af4dc616be2f56fdc684d1170882%40%3Cusers.activemq.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r9fb3238cfc3222f2392ca6517353aadae18f76866157318ac562e706%40%3Ccommon-issues.hadoop.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/ra18a903f785aed9403aea38bc6f36844a056283c00dcfc6936b6318c%40%3Cissues.bookkeeper.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/ra38785cfc0e7f17f8e24bebf775dd032c033fadcaea29e5bc9fffc60%40%3Cdev.tika.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/ra54fa49be3e773d99ccc9c2a422311cf77e3ecd3b8594ee93043a6b1%40%3Cdev.zookeeper.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/ra9611a8431cb62369bce8909d7645597e1dd45c24b448836b1e54940%40%3Cissues.bookkeeper.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/raedd12dc24412b3780432bf202a2618a21a727788543e5337a458ead%40%3Cissues.activemq.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/rb1b29aee737e1c37fe1d48528cb0febac4f5deed51f5412e6fdfe2bf%40%3Cissues.activemq.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/rb3c94619728c8f8c176d8e175e0a1086ca737ecdfcd5a2214bb768bc%40%3Ccommits.bookkeeper.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/rbc45eb0f53fd6242af3e666c2189464f848a851d408289840cecc6e3%40%3Ccommits.zookeeper.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/rbd19de368abf0764e4383ec44d527bc9870176f488a494f09a40500d%40%3Ccommon-dev.hadoop.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/rbdf18e39428b5c80fc35113470198b1fe53b287a76a46b0f8780b5fd%40%3Cdev.zookeeper.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/rc17d8491beee51607693019857e41e769795366b85be00aa2f4b3159%40%3Cnotifications.zookeeper.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/rc1eaed7f7d774d5d02f66e49baced31e04827a1293d61a70bd003ca7%40%3Cdev.tika.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/rc628307962ae1b8cc2d21b8e4b7dd6d7755b2dd52fa56a151a27e4fd%40%3Cissues.zookeeper.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/rca24a281000fb681d7e26e5c031a21eb4b0593a7735f781b53dae4e2%40%3Cdev.tika.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/rcd71280585425dad7e232f239c5709e425efdd0d3de4a92f808a4767%40%3Cissues.bookkeeper.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/rd3a9511eebab60e23f224841390a3f8cd5358cff605c5f7042171e47%40%3Cdev.tinkerpop.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/rd5dbeee4808c0f2b9b51479b50de3cc6adb1072c332a200d9107f13e%40%3Cissues.activemq.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/rd6254837403e8cbfc7018baa9be29705f3f06bd007c83708f9a97679%40%3Cissues.zookeeper.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/rd7805c1bf9388968508c6c8f84588773216e560055ddcc813d19f347%40%3Ccommon-issues.hadoop.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/rd882ab6b642fe59cbbe94dc02bd197342058208f482e57b537940a4b%40%3Cpluto-dev.portals.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/rda4849c6823dd3e83c7a356eb883180811d5c28359fe46865fd151c3%40%3Cusers.kafka.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/rdb7ddf28807e27c7801f6e56a0dfb31092d34c61bdd4fa2de9182119%40%3Cissues.bookkeeper.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/rdec0d8ac1f03e6905b0de2df1d5fcdb98b94556e4f6cccf7519fdb26%40%3Cdev.tika.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/rdf2a0d94c3b5b523aeff7741ae71347415276062811b687f30ea6573%40%3Ccommits.zookeeper.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/re36da78e4f3955ba6c1c373a2ab85a4deb215ca74b85fcd66142fea1%40%3Cissues.bookkeeper.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/re8c21ed9dd218c217d242ffa90778428e446b082b5e1c29f567e8374%40%3Cissues.activemq.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/reaf6b996f74f12b4557bc221abe88f58270ac583942fa41293c61f94%40%3Cpluto-scm.portals.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/rec34b1cccf907898e7cb36051ffac3ccf1ea89d0b261a2a3b3fb267f%40%3Ccommits.zookeeper.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/rf1b434e11834a4449cd7addb69ed0aef0923112b5938182b363a968c%40%3Cnotifications.zookeeper.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/rf2567488cfc9212b42e34c6393cfa1c14e30e4838b98dda84d71041f%40%3Cdev.tika.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/rf53eeefb7e7e524deaacb9f8671cbf01b8a253e865fb94e7656722c0%40%3Cissues.bookkeeper.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/rf77f79699c8d7e430c14cf480f12ed1297e6e8cf2ed379a425941e80%40%3Cpluto-dev.portals.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/rf9c19bcc2f7a98a880fa3e3456c003d331812b55836b34ef648063c9%40%3Cjira.kafka.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/rfdf65fa675c64a64459817344e0e6c44d51ee264beea6e5851fb60dc%40%3Cissues.bookkeeper.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.debian.org/debian-lts-announce/2020/01/msg00008.html","source":"security@apache.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20200110-0001/","source":"security@apache.org","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/4495-1/","source":"security@apache.org","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2020/dsa-4686","source":"security@apache.org","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuApr2021.html","source":"security@apache.org","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuapr2020.html","source":"security@apache.org","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html","source":"security@apache.org","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujul2020.html","source":"security@apache.org","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujul2022.html","source":"security@apache.org","tags":["Patch","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00022.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.apache.org/thread.html/277b4b5c2b0e06a825ccec565fa65bd671f35a4d58e3e2ec5d0618e1%40%3Cdev.tika.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/44491fb9cc19acc901f7cff34acb7376619f15638439416e3e14761c%40%3Cdev.tika.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/479471e6debd608c837b9815b76eab24676657d4444fcfd5ef96d6e6%40%3Cdev.tika.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/564f03b4e9511fcba29c68fc0299372dadbdb002718fa8edcc4325e4%40%3Cjira.kafka.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/6114ce566200d76e3cc45c521a62c2c5a4eac15738248f58a99f622c%40%3Cissues.activemq.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/752ec92cd1e334a639e79bfbd689a4ec2c6579ec5bb41b53ffdf358d%40%3Cdev.kafka.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/8ab32b4c9f1826f20add7c40be08909de9f58a89dc1de9c09953f5ac%40%3Cissues.activemq.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/eea03d504b36e8f870e8321d908e1def1addda16adda04327fe7c125%40%3Cdev.logging.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Vendor Advisory"]},{"url":"https://lists.apache.org/thread.html/r05755112a8c164abc1004bb44f198b1e3d8ca3d546a8f13ebd3aa05f%40%3Cissues.zookeeper.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r107c8737db39ec9ec4f4e7147b249e29be79170b9ef4b80528105a2d%40%3Cdev.zookeeper.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r13d4b5c60ff63f3c4fab51d6ff266655be503b8a1884e2f2fab67c3a%40%3Ccommon-issues.hadoop.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r189aaeaad897f7d6b96f7c43a8ef2dfb9f6e9f8c1cc9ad182ce9b9ae%40%3Cjira.kafka.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r18f1c010b554a3a2d761e8ffffd8674fd4747bcbcf16c643d708318c%40%3Cissues.activemq.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r1b7734dfdfd938640f2f5fb6f4231a267145c71ed60cc7faa1cbac07%40%3Ccommon-issues.hadoop.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r26244f9f7d9a8a27a092eb0b2a0ca9395e88fcde8b5edaeca7ce569c%40%3Ccommon-issues.hadoop.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe%40%3Cusers.kafka.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r2756fd570b6709d55a61831ca028405bcb3e312175a60bc5d911c81f%40%3Cjira.kafka.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r2ce8d26154bea939536e6cf27ed02d3192bf5c5d04df885a80fe89b3%40%3Cissues.activemq.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r2ff63f210842a3c5e42f03a35d8f3a345134d073c80a04077341c211%40%3Cissues.activemq.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r3543ead2317dcd3306f69ee37b07dd383dbba6e2f47ff11eb55879ad%40%3Cusers.activemq.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r356d57d6225f91fdc30f8b0a2bed229d1ece55e16e552878c5fa809a%40%3Cissues.zookeeper.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r3784834e80df2f284577a5596340fb84346c91a2dea6a073e65e3397%40%3Cissues.activemq.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r3a85514a518f3080ab1fc2652cfe122c2ccf67cfb32356acb1b08fe8%40%3Cdev.tika.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r3bf7b982dfa0779f8a71f843d2aa6b4184a53e6be7f149ee079387fd%40%3Cdev.kafka.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r3c575cabc7386e646fb12cb82b0b38ae5a6ade8a800f827107824495%40%3Cjira.kafka.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r3cf50d05ce8cec8c09392624b7bae750e7643dae60ef2438641ee015%40%3Cissues.zookeeper.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r3d666e4e8905157f3c046d31398b04f2bfd4519e31f266de108c6919%40%3Cissues.activemq.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r48d5019bd42e0770f7e5351e420a63a41ff1f16924942442c6aff6a8%40%3Ccommits.zookeeper.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r48efc7cb5aeb4e1f67aaa06fb4b5479a5635d12f07d0b93fc2d08809%40%3Ccommits.zookeeper.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r4ac89cbecd9e298ae9fafb5afda6fa77ac75c78d1ac957837e066c4e%40%3Cuser.zookeeper.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r4b25538be50126194cc646836c718b1a4d8f71bd9c912af5b59134ad%40%3Cdev.tika.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r52a5129df402352adc34d052bab9234c8ef63596306506a89fdc7328%40%3Cusers.activemq.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r594411f4bddebaf48a4c70266d0b7849e0d82bb72826f61b3a35bba7%40%3Cissues.bookkeeper.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r5c084578b3e3b40bd903c9d9e525097421bcd88178e672f612102eb2%40%3Cjira.kafka.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r61590890edcc64140e0c606954b29a063c3d08a2b41d447256d51a78%40%3Cissues.activemq.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r6236b5f8646d48af8b66d5050f288304016840788e508c883356fe0e%40%3Clog4j-user.logging.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r681b4432d0605f327b68b9f8a42662993e699d04614de4851c35ffd1%40%3Cdev.tika.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r696507338dd5f44efc23d98cafe30f217cf3ba78e77ed1324c7a5179%40%3Cjira.kafka.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r6aec6b8f70167fa325fb98b3b5c9ce0ffaed026e697b69b85ac24628%40%3Cissues.zookeeper.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r6b45a2fcc8e98ac93a179183dbb7f340027bdb8e3ab393418076b153%40%3Ccommon-issues.hadoop.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r6d34da5a0ca17ab08179a30c971446c7421af0e96f6d60867eabfc52%40%3Cissues.bookkeeper.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r71e26f9c2d5826c6f95ad60f7d052d75e1e70b0d2dd853db6fc26d5f%40%3Cjira.kafka.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r746fbc3fc13aee292ae6851f7a5080f592fa3a67b983c6887cdb1fc5%40%3Cdev.tika.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r7a1acc95373105169bd44df710c2f462cad31fb805364d2958a5ee03%40%3Cjira.kafka.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r7bcdc710857725c311b856c0b82cee6207178af5dcde1bd43d289826%40%3Cissues.activemq.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r7f462c69d5ded4c0223e014d95a3496690423c5f6f05c09e2f2a407a%40%3Cjira.kafka.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd%40%3Cusers.activemq.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r8418a0dff1729f19cf1024937e23a2db4c0f94f2794a423f5c10e8e7%40%3Cissues.bookkeeper.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r8890b8f18f1de821595792b58b968a89692a255bc20d86d395270740%40%3Ccommits.druid.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r8a1cfd4705258c106e488091fcec85f194c82f2bbde6bd151e201870%40%3Cjira.kafka.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r8c392ca48bb7e50754e4bc05865e9731b23d568d18a520fe3d8c1f75%40%3Ccommon-issues.hadoop.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r8c6300245c0bcef095e9f07b48157e2c6471df0816db3408fcf1d748%40%3Ccommon-issues.hadoop.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r8d78a0fbb56d505461e29868d1026e98c402e6a568c13a6da67896a2%40%3Cdev.jena.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r8e3f7da12bf5750b0a02e69a78a61073a2ac950eed7451ce70a65177%40%3Ccommits.zookeeper.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r909b8e3a36913944d3b7bafe9635d4ca84f8f0e2cd146a1784f667c2%40%3Cissues.zookeeper.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r90c23eb8c82835fa82df85ae5e88c81fd9241e20a22971b0fb8f2c34%40%3Cissues.bookkeeper.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r944183c871594fe9a555b8519a7c945bbcf6714d72461aa6c929028f%40%3Cissues.zookeeper.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r9a9e3b42cd5d1c4536a14ef04f75048dec8e2740ac6a138ea912177f%40%3Cpluto-dev.portals.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r9d0d03f2e7d9e13c68b530f81d02b0fec33133edcf27330d8089fcfb%40%3Cissues.zookeeper.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r9d2e28e71f91ba0b6f4114c8ecd96e2b1f7e0d06bdf8eb768c183aa9%40%3Ccommon-issues.hadoop.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r9dc2505651788ac668299774d9e7af4dc616be2f56fdc684d1170882%40%3Cusers.activemq.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r9fb3238cfc3222f2392ca6517353aadae18f76866157318ac562e706%40%3Ccommon-issues.hadoop.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/ra18a903f785aed9403aea38bc6f36844a056283c00dcfc6936b6318c%40%3Cissues.bookkeeper.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/ra38785cfc0e7f17f8e24bebf775dd032c033fadcaea29e5bc9fffc60%40%3Cdev.tika.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/ra54fa49be3e773d99ccc9c2a422311cf77e3ecd3b8594ee93043a6b1%40%3Cdev.zookeeper.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/ra9611a8431cb62369bce8909d7645597e1dd45c24b448836b1e54940%40%3Cissues.bookkeeper.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/raedd12dc24412b3780432bf202a2618a21a727788543e5337a458ead%40%3Cissues.activemq.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rb1b29aee737e1c37fe1d48528cb0febac4f5deed51f5412e6fdfe2bf%40%3Cissues.activemq.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rb3c94619728c8f8c176d8e175e0a1086ca737ecdfcd5a2214bb768bc%40%3Ccommits.bookkeeper.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rbc45eb0f53fd6242af3e666c2189464f848a851d408289840cecc6e3%40%3Ccommits.zookeeper.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rbd19de368abf0764e4383ec44d527bc9870176f488a494f09a40500d%40%3Ccommon-dev.hadoop.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rbdf18e39428b5c80fc35113470198b1fe53b287a76a46b0f8780b5fd%40%3Cdev.zookeeper.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rc17d8491beee51607693019857e41e769795366b85be00aa2f4b3159%40%3Cnotifications.zookeeper.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rc1eaed7f7d774d5d02f66e49baced31e04827a1293d61a70bd003ca7%40%3Cdev.tika.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rc628307962ae1b8cc2d21b8e4b7dd6d7755b2dd52fa56a151a27e4fd%40%3Cissues.zookeeper.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rca24a281000fb681d7e26e5c031a21eb4b0593a7735f781b53dae4e2%40%3Cdev.tika.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rcd71280585425dad7e232f239c5709e425efdd0d3de4a92f808a4767%40%3Cissues.bookkeeper.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rd3a9511eebab60e23f224841390a3f8cd5358cff605c5f7042171e47%40%3Cdev.tinkerpop.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rd5dbeee4808c0f2b9b51479b50de3cc6adb1072c332a200d9107f13e%40%3Cissues.activemq.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rd6254837403e8cbfc7018baa9be29705f3f06bd007c83708f9a97679%40%3Cissues.zookeeper.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rd7805c1bf9388968508c6c8f84588773216e560055ddcc813d19f347%40%3Ccommon-issues.hadoop.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rd882ab6b642fe59cbbe94dc02bd197342058208f482e57b537940a4b%40%3Cpluto-dev.portals.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rda4849c6823dd3e83c7a356eb883180811d5c28359fe46865fd151c3%40%3Cusers.kafka.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rdb7ddf28807e27c7801f6e56a0dfb31092d34c61bdd4fa2de9182119%40%3Cissues.bookkeeper.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rdec0d8ac1f03e6905b0de2df1d5fcdb98b94556e4f6cccf7519fdb26%40%3Cdev.tika.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rdf2a0d94c3b5b523aeff7741ae71347415276062811b687f30ea6573%40%3Ccommits.zookeeper.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/re36da78e4f3955ba6c1c373a2ab85a4deb215ca74b85fcd66142fea1%40%3Cissues.bookkeeper.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/re8c21ed9dd218c217d242ffa90778428e446b082b5e1c29f567e8374%40%3Cissues.activemq.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/reaf6b996f74f12b4557bc221abe88f58270ac583942fa41293c61f94%40%3Cpluto-scm.portals.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rec34b1cccf907898e7cb36051ffac3ccf1ea89d0b261a2a3b3fb267f%40%3Ccommits.zookeeper.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rf1b434e11834a4449cd7addb69ed0aef0923112b5938182b363a968c%40%3Cnotifications.zookeeper.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rf2567488cfc9212b42e34c6393cfa1c14e30e4838b98dda84d71041f%40%3Cdev.tika.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rf53eeefb7e7e524deaacb9f8671cbf01b8a253e865fb94e7656722c0%40%3Cissues.bookkeeper.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rf77f79699c8d7e430c14cf480f12ed1297e6e8cf2ed379a425941e80%40%3Cpluto-dev.portals.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rf9c19bcc2f7a98a880fa3e3456c003d331812b55836b34ef648063c9%40%3Cjira.kafka.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rfdf65fa675c64a64459817344e0e6c44d51ee264beea6e5851fb60dc%40%3Cissues.bookkeeper.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.debian.org/debian-lts-announce/2020/01/msg00008.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20200110-0001/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/4495-1/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2020/dsa-4686","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuApr2021.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuapr2020.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujul2020.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujul2022.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2020-7477","sourceIdentifier":"cybersecurity@se.com","published":"2020-03-23T20:15:12.230","lastModified":"2026-05-28T21:16:26.807","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Quantum Ethernet Network module 140NOE771x1 (Versions 7.0 and prior), Quantum processors with integrated Ethernet – 140CPU65xxxxx (all Versions), and Premium processors with integrated Ethernet (all Versions), which could cause a Denial of Service when sending a specially crafted command over Modbus."},{"lang":"es","value":"Una CWE-754: Se presenta una vulnerabilidad Comprobación Inapropiada de Condiciones Inusuales o Excepcionales en el módulo Quantum Ethernet Network 140NOE771x1 (Versiones 7.0 y anteriores), procesadores Quantum con Ethernet integrado - 140CPU65xxxxx (todas las Versiones) y procesadores Premium con Ethernet integrado (todas las Versiones), lo que podría causar una Denegación de servicio al enviar un comando especialmente diseñado sobre Modbus."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cybersecurity@se.com","type":"Secondary","description":[{"lang":"en","value":"CWE-754"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-754"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:140noe77101_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"7.0","matchCriteriaId":"5BBD41A9-D8AD-4DDE-88F3-B182E9DF527A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:140noe77101:-:*:*:*:*:*:*:*","matchCriteriaId":"DBA60BB0-1725-45E7-9191-0D300EB05082"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:140noe77111_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"7.0","matchCriteriaId":"D7044736-5FE7-427E-9933-201FB3864A0E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:140noe77111:-:*:*:*:*:*:*:*","matchCriteriaId":"7CBDCA32-398A-4AC3-A477-DEF9ACD4D3F4"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxh5744m_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"03DE0D33-EB6F-47E6-BDFC-60AE40B6F585"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxh5744m:-:*:*:*:*:*:*:*","matchCriteriaId":"8B57B894-5AA4-4412-B425-7338CB2FFA3C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxh5724m_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"5B475AAF-5C7A-423A-938B-FF74C2D58282"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxh5724m:-:*:*:*:*:*:*:*","matchCriteriaId":"C1F56BA4-6A19-44FB-8555-7360C77F83AF"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxp576634m_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"97308761-4337-47F6-94F2-EC522AC518BF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxp576634m_:-:*:*:*:*:*:*:*","matchCriteriaId":"7F683564-419D-418B-A4D5-BB203F709DD7"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxp57554m_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"9DB2158C-7A06-40F6-8262-E6D6B57C8F28"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxp57554m:-:*:*:*:*:*:*:*","matchCriteriaId":"5572E616-5D86-46FF-AEA7-4A12E66F0ED4"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxp575634m_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"FBC3C419-7110-415D-937F-5D45EC3F004C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxp575634m:-:*:*:*:*:*:*:*","matchCriteriaId":"57BF89C2-27F8-4FF5-9E4F-4F0CB6C2F0E9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxp57454m_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"30F1E476-CB01-45B1-B6B0-3CC128335724"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxp57454m:-:*:*:*:*:*:*:*","matchCriteriaId":"CC537593-1AB7-438E-AB71-EDB469A1DFF7"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxp574634m_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"97DCF441-ECDE-447C-A7FE-1C24F88E731C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxp574634m:-:*:*:*:*:*:*:*","matchCriteriaId":"FE60505D-0211-4E8C-B32C-988E25698B1E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxp573634m_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"A68B9A93-214C-4438-AD41-67567A55FA68"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxp573634m:-:*:*:*:*:*:*:*","matchCriteriaId":"80500883-2825-46DD-8ED9-4F324A4494CC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxp57304m_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"B525CDB6-2B83-45BD-8C8A-FDF047A3CD35"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxp57304m:-:*:*:*:*:*:*:*","matchCriteriaId":"B5FDBAB3-C8C2-47F6-ACAA-B89BA53849B9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxp57254m_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"4C13CD97-D5D1-4CD9-A4F4-E20F2A467A3B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxp57254m:-:*:*:*:*:*:*:*","matchCriteriaId":"57B75D71-11CA-4DDF-849A-08A9D84C95AC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxp572634m_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"8BE4DCA8-BC70-49FF-A9DF-9CB765BA988B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxp572634m:-:*:*:*:*:*:*:*","matchCriteriaId":"EA2094F4-976F-44FA-A7E5-93E20A80DA00"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxp57204m_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"3EF98525-6247-4851-992E-2DC8C6289756"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxp57204m_:-:*:*:*:*:*:*:*","matchCriteriaId":"0E25651C-E4B5-47A2-A6CE-79F7ECAE246E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxp571634m_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"8343247E-6A03-4786-933C-5ABE1CDEA6CE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxp571634m:-:*:*:*:*:*:*:*","matchCriteriaId":"31A5DCC8-9E3D-4919-9DE3-73FC8733E73D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxp57154m_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"24AA6AD6-CB6E-41BA-962C-06617383861A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxp57154m:-:*:*:*:*:*:*:*","matchCriteriaId":"5CC8F0AB-C4A8-40B3-88E0-92F52EA05692"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxp57104m_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"08174753-EE13-43FA-A570-BAEC87A861BE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxp57104m:-:*:*:*:*:*:*:*","matchCriteriaId":"587226C6-6BE2-4A42-B593-34498F647B24"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:140cpu65150_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"8048EA69-8FC8-4415-BA20-D2813F8BD83D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:140cpu65150:-:*:*:*:*:*:*:*","matchCriteriaId":"EC3E5496-C3D0-4DF4-A9AF-F227F889840E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:140cpu65160_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"5CD78FFA-3F5F-43DA-979D-42B0673C36D0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:140cpu65160:-:*:*:*:*:*:*:*","matchCriteriaId":"B2C2AF70-F0BB-4D17-901C-1FCBECDC44FB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:140cpu65260_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"9AB1DB30-D2E6-49C9-9140-09B9F331D257"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:140cpu65260:-:*:*:*:*:*:*:*","matchCriteriaId":"3D7304B0-EE18-454B-B3F0-5EF387285D90"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:140cpu67261_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"8C5F7FC8-CA35-476E-A302-12FF21F3394C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:140cpu67261:-:*:*:*:*:*:*:*","matchCriteriaId":"164AEEA1-666F-428A-BFCB-5DEEEFE1D771"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:140cpu67060_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"8FF5FB95-4A51-4E92-B1AA-BA52C1E600D2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:140cpu67060:-:*:*:*:*:*:*:*","matchCriteriaId":"8AF2A7A3-89EF-480D-8E6E-20E11CF60A97"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:140cpu67160_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"88CF4155-F52E-43C6-A227-17833C585B14"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:140cpu67160:-:*:*:*:*:*:*:*","matchCriteriaId":"3870E952-7A32-43DA-8C66-DE43C862639B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:140cpu67261_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"8C5F7FC8-CA35-476E-A302-12FF21F3394C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:140cpu67261:-:*:*:*:*:*:*:*","matchCriteriaId":"164AEEA1-666F-428A-BFCB-5DEEEFE1D771"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:140cpu67260_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"83B90A1C-1273-40CF-9051-5A83418BC03F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:140cpu67260:-:*:*:*:*:*:*:*","matchCriteriaId":"C9E4FCBA-4980-4C8F-A185-5E9C4CF9E8B5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:140cpu65860_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"9BD1061C-2DED-42E8-8B53-9BE8B4643A39"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:140cpu65860:-:*:*:*:*:*:*:*","matchCriteriaId":"9B8230FD-0C0A-467C-9BAD-09257739D462"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:140cpu67861_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"EECFF950-0AD8-439C-A0E0-898EC4BBFB07"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:140cpu67861:-:*:*:*:*:*:*:*","matchCriteriaId":"CF97B5A6-960F-42BA-A397-09C819A3200C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:140cpu65160s_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"F32298B8-D999-43E8-BEEF-7680A0D67F80"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:140cpu65160s:-:*:*:*:*:*:*:*","matchCriteriaId":"95E48F27-F241-4491-AFF7-8BD562F21A52"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:140cpu67160s_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"4CE373AE-04E2-456E-A59E-5DAD7227D74A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:140cpu67160s:-:*:*:*:*:*:*:*","matchCriteriaId":"71C1C17A-9111-49B8-A2CE-3A2FB87616F1"}]}]}],"references":[{"url":"https://www.se.com/ww/en/download/document/SEVD-2020-070-02/","source":"cybersecurity@se.com","tags":["Vendor Advisory"]},{"url":"https://www.se.com/ww/en/download/document/SEVD-2020-070-02/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2020-7488","sourceIdentifier":"cybersecurity@se.com","published":"2020-04-22T19:15:11.717","lastModified":"2026-05-28T21:16:27.067","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists which could leak sensitive information transmitted between the software and the Modicon M218, M241, M251, and M258 controllers."},{"lang":"es","value":"CWE-319: Hay una vulnerabilidad de Transmisión de  Información Confidencial en Texto Sin Cifrar que podría filtrar información confidencial transmitida entre el software y los controladores Modicon M218, M241, M251 y M258."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cybersecurity@se.com","type":"Secondary","description":[{"lang":"en","value":"CWE-319"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-319"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:schneider-electric:ecostruxure_machine_expert:*:*:*:*:*:*:*:*","matchCriteriaId":"E30E4E9A-2FD2-4F8E-B9EE-7771CEB93094"},{"vulnerable":true,"criteria":"cpe:2.3:a:schneider-electric:somachine:*:*:*:*:*:*:*:*","matchCriteriaId":"29636208-D72F-493A-A94A-A230AEA8733C"},{"vulnerable":true,"criteria":"cpe:2.3:a:schneider-electric:somachine_motion:*:*:*:*:*:*:*:*","matchCriteriaId":"D458B41F-DE55-4E06-97FA-E2F7A71C2EAF"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m218_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"59FFF30B-4201-41F0-AAFE-7A8D619805A6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m218:-:*:*:*:*:*:*:*","matchCriteriaId":"852DBDD1-E960-4D87-9F77-8B8CB94222BB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m241_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"363D8E9E-0169-472F-A891-EF2E7D329EA2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m241:-:*:*:*:*:*:*:*","matchCriteriaId":"4D8FD9D9-F59F-470E-9F7F-CDDD80B0633C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m251_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"FB11232E-0DC2-436F-985A-94BCE6A4F6D4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m251:-:*:*:*:*:*:*:*","matchCriteriaId":"B8E03A25-B0B6-4BA2-80BC-52C16A6837E0"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m258_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"686716B7-1C82-483C-A62F-A33F7C5BF32F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m258:-:*:*:*:*:*:*:*","matchCriteriaId":"FFBF6514-3E32-4C8E-81BA-D6464824351F"}]}]}],"references":[{"url":"https://www.se.com/ww/en/download/document/SEVD-2020-105-02","source":"cybersecurity@se.com","tags":["Vendor Advisory"]},{"url":"https://www.se.com/ww/en/download/document/SEVD-2020-105-02","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2020-7489","sourceIdentifier":"cybersecurity@se.com","published":"2020-04-22T19:15:11.777","lastModified":"2026-05-28T21:16:27.280","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability exists on EcoStruxure Machine Expert – Basic or SoMachine Basic programming software (versions in security notification). The result of this vulnerability, DLL substitution, could allow the transference of malicious code to the controller."},{"lang":"es","value":"A CWE-74: Hay una vulnerabilidad de Neutralización Inapropiada de Elementos Especiales en una Salida Utilizada por un Componente Descendente ('Injection') en el software de programación EcoStruxure Machine Expert – Basic o SoMachine Basic (versiones en notificación de seguridad). El resultado de esta vulnerabilidad, la sustitución de la DLL, que podría permitir la transferencia de código malicioso al controlador."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cybersecurity@se.com","type":"Secondary","description":[{"lang":"en","value":"CWE-74"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-74"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:schneider-electric:ecostruxure_machine_expert:*:*:*:*:*:*:*:*","matchCriteriaId":"E30E4E9A-2FD2-4F8E-B9EE-7771CEB93094"},{"vulnerable":true,"criteria":"cpe:2.3:a:schneider-electric:somachine_basic:*:*:*:*:*:*:*:*","matchCriteriaId":"2BCEA269-6242-41FD-B141-F72CAFC8F114"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m100_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"817B5BC0-1368-4E03-994D-DECDC0B48F0F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m100:-:*:*:*:*:*:*:*","matchCriteriaId":"3FDBB3F0-20B6-4585-AEA1-F732C83AA791"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m200_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"802A6F54-4630-4434-A9DA-FCE7634F7C73"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m200:-:*:*:*:*:*:*:*","matchCriteriaId":"A184ABF9-9C27-46AB-88DB-78246FC779AF"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m221_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"97963104-B620-4AE1-BD6C-7BF714497F78"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m221:-:*:*:*:*:*:*:*","matchCriteriaId":"BB0D83F4-B718-47AB-AFB8-B576CB138AAC"}]}]}],"references":[{"url":"https://www.se.com/ww/en/download/document/SEVD-2020-105-01","source":"cybersecurity@se.com","tags":["Patch","Vendor Advisory"]},{"url":"https://www.se.com/ww/en/download/document/SEVD-2020-105-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2020-15368","sourceIdentifier":"cve@mitre.org","published":"2020-06-29T21:15:13.917","lastModified":"2026-05-28T21:16:24.623","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"AsrDrv103.sys in the ASRock RGB Driver does not properly restrict access from user space, as demonstrated by triggering a triple fault via a request to zero CR3."},{"lang":"es","value":"La biblioteca AsrDrv103.sys en el ASRock RGB Driver no restringe apropiadamente el acceso desde el espacio de usuario, como es demostrado al desencadenar un fallo triple por medio de una petición de cero CR3"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":4.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:P/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:asrock:rgb_driver_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"307D23D4-91A6-416D-9714-CD44FB8051D2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:asrock:rgb_driver:-:*:*:*:*:*:*:*","matchCriteriaId":"FD3312B9-78C8-4AD3-BCDF-B78704471D98"}]}]}],"references":[{"url":"https://codetector.org/post/asrock_rgb_driver/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://github.com/stong/CVE-2020-15368?tab=readme-ov-file","source":"cve@mitre.org"},{"url":"https://codetector.org/post/asrock_rgb_driver/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://github.com/stong/CVE-2020-15368?tab=readme-ov-file","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2020-28210","sourceIdentifier":"cybersecurity@se.com","published":"2020-11-19T21:15:12.277","lastModified":"2026-05-28T21:16:26.213","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability exists in EcoStruxure Building Operation WebStation V2.0 - V3.1 that could cause an attacker to inject HTML and JavaScript code into the user's browser."},{"lang":"es","value":"Se presenta una vulnerabilidad de Neutralización Inapropiada de la Entrada Durante la Generación de Páginas Web CWE-79 (Cross-site Scripting) en EcoStruxure Building Operation WebStation versiones V2.0 - V3.1, que podría hacer que un atacante inyecte código HTML y JavaScript en el navegador del usuario"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"cybersecurity@se.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:schneider-electric:ecostruxure_building_operation:*:*:*:*:*:*:*:*","versionStartIncluding":"2.0","versionEndIncluding":"3.1","matchCriteriaId":"C6245CC6-6583-4D2F-AB15-84D42A287B61"}]}]}],"references":[{"url":"https://www.se.com/ww/en/download/document/SEVD-2020-315-04/","source":"cybersecurity@se.com","tags":["Vendor Advisory"]},{"url":"https://www.se.com/ww/en/download/document/SEVD-2020-315-04/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2020-28209","sourceIdentifier":"cybersecurity@se.com","published":"2020-11-19T22:15:13.287","lastModified":"2026-05-28T21:16:25.990","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A CWE-428 Windows Unquoted Search Path vulnerability exists in EcoStruxure Building Operation Enterprise Server installer V1.9 - V3.1 and Enterprise Central installer V2.0 - V3.1 that could cause any local Windows user who has write permission on at least one of the subfolders of the Connect Agent service binary path, being able to gain the privilege of the user who started the service. By default, the Enterprise Server and Enterprise Central is always installed at a location requiring Administrator privileges so the vulnerability is only valid if the application has been installed on a non-secure location."},{"lang":"es","value":"Se presenta una vulnerabilidad de Ruta de Búsqueda sin Comillas de Windows CWE-428 en el instalador de EcoStruxure Building Operation Enterprise Server versiones V1.9 - V3.1 y el instalador de Enterprise Central versiones V2.0 - V3.1 que podría causar que cualquier usuario de Windows local que tenga permiso de escritura en al menos uno de las subcarpetas de la ruta binaria del servicio Connect Agent, sea capaz de alcanzar el privilegio del usuario que inició el servicio.&#xa0;Por defecto, Enterprise Server y Enterprise Central siempre se instalan en una ubicación que requiere privilegios de administrador, por lo que la vulnerabilidad solo es válida si la aplicación se ha instalado en una ubicación no segura"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:P/I:P/A:P","baseScore":4.4,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.4,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cybersecurity@se.com","type":"Secondary","description":[{"lang":"en","value":"CWE-428"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:schneider-electric:enterprise_server_installer:*:*:*:*:*:*:*:*","versionStartIncluding":"1.9","versionEndIncluding":"3.1","matchCriteriaId":"B28FFE82-8B00-4D0F-94AA-6C498EBCE363"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://www.se.com/ww/en/download/document/SEVD-2020-315-04/","source":"cybersecurity@se.com","tags":["Patch","Product","Vendor Advisory"]},{"url":"https://www.se.com/ww/en/download/document/SEVD-2020-315-04/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Product","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2020-28214","sourceIdentifier":"cybersecurity@se.com","published":"2020-12-11T01:15:11.407","lastModified":"2026-05-28T21:16:26.400","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A CWE-760: Use of a One-Way Hash with a Predictable Salt vulnerability exists in Modicon M221 (all references, all versions), that could allow an attacker to pre-compute the hash value using dictionary attack technique such as rainbow tables, effectively disabling the protection that an unpredictable salt would provide."},{"lang":"es","value":"Una CWE-760: Una vulnerabilidad de un Uso de Hash Unidireccional con una Sal Predecible se presenta en Modicon M221 (todas las referencias, todas las versiones), que podría permitir a un atacante precalcular el valor del hash utilizando una técnica de ataque de diccionario tal y como tablas de arco iris, deshabilitando efectivamente la protección que una sal impredecible podría proporcionar"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cybersecurity@se.com","type":"Secondary","description":[{"lang":"en","value":"CWE-760"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m221_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"97963104-B620-4AE1-BD6C-7BF714497F78"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m221:-:*:*:*:*:*:*:*","matchCriteriaId":"BB0D83F4-B718-47AB-AFB8-B576CB138AAC"}]}]}],"references":[{"url":"https://us-cert.cisa.gov/ics/advisories/icsa-20-343-04","source":"cybersecurity@se.com","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://www.se.com/ww/en/download/document/SEVD-2020-315-05/","source":"cybersecurity@se.com","tags":["Vendor Advisory"]},{"url":"https://us-cert.cisa.gov/ics/advisories/icsa-20-343-04","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://www.se.com/ww/en/download/document/SEVD-2020-315-05/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2020-28220","sourceIdentifier":"cybersecurity@se.com","published":"2020-12-11T01:15:11.940","lastModified":"2026-05-28T21:16:26.607","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Modicon M258 Firmware (All versions prior to V5.0.4.11) and SoMachine/SoMachine Motion software (All versions), that could cause a buffer overflow when the length of a file transferred to the webserver is not verified."},{"lang":"es","value":"Una CWE-119: Se presenta una vulnerabilidad Restricción Inapropiada de Operaciones dentro de los Límites de un Búfer de Memoria en Modicon M258 Firmware (todas las versiones anteriores a V5.0.4.11) y el software SoMachine/SoMachine Motion (todas las versiones), que podría causar un desbordamiento del búfer cuando la longitud de un archivo transferido al servidor web no es verificado"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.9,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.2,"impactScore":3.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:A/AC:L/Au:S/C:P/I:P/A:P","baseScore":5.2,"accessVector":"ADJACENT_NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":5.1,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cybersecurity@se.com","type":"Secondary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m258_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.0.4.11","matchCriteriaId":"33239FF5-5E5D-45E8-932B-DA50AA8744E0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m258:-:*:*:*:*:*:*:*","matchCriteriaId":"FFBF6514-3E32-4C8E-81BA-D6464824351F"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:schneider-electric:somachine:*:*:*:*:*:*:*:*","matchCriteriaId":"29636208-D72F-493A-A94A-A230AEA8733C"},{"vulnerable":true,"criteria":"cpe:2.3:a:schneider-electric:somachine_motion:*:*:*:*:*:*:*:*","matchCriteriaId":"D458B41F-DE55-4E06-97FA-E2F7A71C2EAF"}]}]}],"references":[{"url":"https://www.se.com/ww/en/download/document/SEVD-2020-343-09/","source":"cybersecurity@se.com","tags":["Vendor Advisory"]},{"url":"https://www.se.com/ww/en/download/document/SEVD-2020-343-09/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2020-7549","sourceIdentifier":"cybersecurity@se.com","published":"2020-12-11T01:15:12.627","lastModified":"2026-05-28T22:16:57.820","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause denial of HTTP and FTP services when a series of specially crafted requests is sent to the controller over HTTP."},{"lang":"es","value":"Una CWE-754: Se presenta una vulnerabilidad de Comprobación Inapropiada de Condiciones Inusuales o Excepcionales en el Servidor Web en Modicon M340, Legacy Offers Modicon Quantum y Modicon Premium y Módulos de Comunicación asociados (consulte la notificación de seguridad para las versiones afectadas), que podría causar una denegación de servicios HTTP y FTP cuando una serie de peticiones especialmente diseñadas  a través de HTTP son enviadas hacia el controlador"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cybersecurity@se.com","type":"Secondary","description":[{"lang":"en","value":"CWE-754"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.30","matchCriteriaId":"C440362A-7E0E-497C-B275-409E9B57D8A2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:*:*:*:*:*:*:*","matchCriteriaId":"178D2338-E48E-493C-992F-337AACE794DE"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m340_bmxp342000_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.30","matchCriteriaId":"B6ACCC66-4075-4EE9-A6BA-01EF7529C568"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340_bmxp342000:-:*:*:*:*:*:*:*","matchCriteriaId":"6D150239-27E2-4CBE-A931-5107C15E362F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.30","matchCriteriaId":"FD031F4E-9F3C-4035-AFB8-B7442F1B2475"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102:-:*:*:*:*:*:*:*","matchCriteriaId":"98212CF5-BCF4-4A55-B62A-484569687B4E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102cl_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.30","matchCriteriaId":"1C1D1498-1069-4080-8EB4-3BA6C0DC2CEA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102cl:-:*:*:*:*:*:*:*","matchCriteriaId":"D30336F0-EDCF-486C-B52E-D0C53BCDFC65"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.30","matchCriteriaId":"E5481772-5E18-4985-A5E5-F7223B52A90B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*","matchCriteriaId":"99F2F851-C18F-4CB8-B47C-516F2AC7955D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.30","matchCriteriaId":"1A83CF92-F35F-416F-B571-CA5600BF671F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:*:*:*:*:*:*:*","matchCriteriaId":"354968F7-C41B-4C21-8E47-81DC07DF0EA5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302cl_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.30","matchCriteriaId":"8E506AD9-C302-4D41-B971-46DE19AF83FB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302cl:-:*:*:*:*:*:*:*","matchCriteriaId":"32091F91-9397-4506-8801-C68B9E8B60F0"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:bmxnoe0100_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.4","matchCriteriaId":"4C045040-20CA-488D-A36D-A433754A33E8"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:bmxnoe0100:-:*:*:*:*:*:*:*","matchCriteriaId":"80FC6FF2-D662-4A57-AAA6-BC04351DC779"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:bmxnoe0110_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"6.6","matchCriteriaId":"1A33A381-6772-4137-A677-5F73EA398FF6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:bmxnoe0110:-:*:*:*:*:*:*:*","matchCriteriaId":"98F3B055-8919-4E09-9827-288F0A03DAFF"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:bmxnoc0401_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"FEF0DA3B-F89B-487D-AAE6-AEA88E28055A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:bmxnoc0401:-:*:*:*:*:*:*:*","matchCriteriaId":"DF08654A-FFCB-47D3-AC82-DF7284548962"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:140noe77111_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"7.3","matchCriteriaId":"3FC49273-1C5D-4E0E-B484-0269CDA4E655"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:140noe77111:-:*:*:*:*:*:*:*","matchCriteriaId":"7CBDCA32-398A-4AC3-A477-DEF9ACD4D3F4"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:140noc78100_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"D11C9B98-3119-41CF-8320-447E7E00977E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:140noc78100:-:*:*:*:*:*:*:*","matchCriteriaId":"1067FDEA-33BC-4AA9-AC5B-099BA757065B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:140noc78000_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"1A62DEBF-6343-48BB-835C-64AE9D8F956A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:140noc78000:-:*:*:*:*:*:*:*","matchCriteriaId":"876CE5BA-B45D-4FFD-8176-E26181DAC355"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:140cpu65150_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"8048EA69-8FC8-4415-BA20-D2813F8BD83D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:140cpu65150:-:*:*:*:*:*:*:*","matchCriteriaId":"EC3E5496-C3D0-4DF4-A9AF-F227F889840E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxety4103_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"066E3E6C-8A0E-4360-A4ED-32A84B7647FC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxety4103:-:*:*:*:*:*:*:*","matchCriteriaId":"18B13865-038C-4073-955A-36E6F5037C2C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxety5103_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"C7B418F6-DCED-40B9-8B35-DC50FD8EF6FD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxety5103:-:*:*:*:*:*:*:*","matchCriteriaId":"6A901BF2-9316-4067-9AFC-8A7CB3549F68"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxp574634_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"C32BDE35-7AC6-44C3-8135-BAA128B44559"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxp574634:-:*:*:*:*:*:*:*","matchCriteriaId":"76B1122A-56A2-44BB-8648-C6E96D1966D9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxp575634_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"8CAEBC02-9BA6-4D36-AC3D-E1CE531F918E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxp575634:-:*:*:*:*:*:*:*","matchCriteriaId":"A0678A50-FE23-49BD-A6CF-A7094EFDAFA1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxp576634_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"23918D88-851B-480E-972E-EB48CAFA7AF4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxp576634:-:*:*:*:*:*:*:*","matchCriteriaId":"38F83CCC-4A66-4D47-A563-777A16028F3B"}]}]}],"references":[{"url":"https://www.se.com/ww/en/download/document/SEVD-2020-343-06/","source":"cybersecurity@se.com","tags":["Vendor Advisory"]},{"url":"https://www.se.com/ww/en/download/document/SEVD-2020-343-06/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2021-3522","sourceIdentifier":"secalert@redhat.com","published":"2021-06-02T15:15:07.857","lastModified":"2026-05-28T20:16:20.743","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags."},{"lang":"es","value":"GStreamer versiones anteriores a 1.18.4, puede llevar a cabo una lectura fuera de límites al manejar determinadas etiquetas ID3v2"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*","versionEndExcluding":"1.18.4","matchCriteriaId":"52AA7D6C-FB55-4117-93C5-91EE2C840E50"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*","matchCriteriaId":"3A756737-1CC4-42C2-A4DF-E1C893B4E2D5"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*","matchCriteriaId":"B55E8D50-99B4-47EC-86F9-699B67D473CE"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"11.0.0","versionEndIncluding":"11.70.1","matchCriteriaId":"FF971916-C526-43A9-BD80-985BCC476569"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*","matchCriteriaId":"0D9CC59D-6182-4B5E-96B5-226FCD343916"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*","matchCriteriaId":"1AEFF829-A8F2-4041-8DDF-E705DB3ADED2"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*","matchCriteriaId":"A3C19813-E823-456A-B1CE-EC0684CE1953"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*","matchCriteriaId":"F1BE6C1F-2565-4E97-92AA-16563E5660A5"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*","matchCriteriaId":"5735E553-9731-4AAC-BCFF-989377F817B3"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*","matchCriteriaId":"A372B177-F740-4655-865C-31777A6E140B"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*","matchCriteriaId":"26A2B713-7D6D-420A-93A4-E0D983C983DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*","matchCriteriaId":"64DE38C8-94F1-4860-B045-F33928F676A8"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*","matchCriteriaId":"A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*","matchCriteriaId":"56F2883B-6A1B-4081-8877-07AF3A73F6CD"}]}]}],"references":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1954761","source":"secalert@redhat.com","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/202208-31","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20211022-0004/","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuoct2021.html","source":"secalert@redhat.com","tags":["Patch","Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1954761","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/202208-31","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20211022-0004/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuoct2021.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2021-22897","sourceIdentifier":"support@hackerone.com","published":"2021-06-11T16:15:10.963","lastModified":"2026-05-28T21:16:27.513","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single \"static\" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this weakens transport security significantly."},{"lang":"es","value":"curl versiones 7.61.0 hasta 7.76.1, sufre de exposición de un elemento de datos a una sesión equivocada debido a un error en el código para la función CURLOPT_SSL_CIPHER_LIST cuando libcurl es construído para usar la biblioteca TLS de Schannel. El ajuste de cifrado seleccionado se almacenaba en una única variable \"static\" en la biblioteca, lo que tiene el sorprendente efecto secundario de que si una aplicación establece múltiples transferencias concurrentes, la última que ajusta los cifrados controlará accidentalmente el ajuste usado por todas las transferencias. En el peor de los casos, esto debilita significativamente la seguridad del transporte"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-840"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-668"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*","versionStartIncluding":"7.61.0","versionEndIncluding":"7.76.1","matchCriteriaId":"5681F65E-9839-4E10-8245-C878D384C944"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.11.0:*:*:*:*:*:*:*","matchCriteriaId":"10323322-F6C0-4EA7-9344-736F7A80AA5F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*","matchCriteriaId":"C2A5B24D-BDF2-423C-98EA-A40778C01A05"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*","matchCriteriaId":"6F60E32F-0CA0-4C2D-9848-CB92765A9ACB"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.1:*:*:*:*:*:*:*","matchCriteriaId":"DF616620-88CE-4A77-B904-C1728A2E6F9B"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*","matchCriteriaId":"3AA09838-BF13-46AC-BB97-A69F48B73A8A"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.15.0:*:*:*:*:*:*:*","matchCriteriaId":"175B97A7-0B00-4378-AD9F-C01B6D9FD570"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:essbase:*:*:*:*:*:*:*:*","versionEndExcluding":"11.1.2.4.047","matchCriteriaId":"6A0BD5BD-E2F8-4B4E-B5CF-9787E6F2E4AE"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:essbase:*:*:*:*:*:*:*:*","versionStartIncluding":"21.0","versionEndExcluding":"21.3","matchCriteriaId":"3197F464-F0A5-4BD4-9068-65CD448D8F4C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*","versionEndIncluding":"5.7.34","matchCriteriaId":"10630209-CF90-455D-B70F-DB50BAFC5499"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0","versionEndIncluding":"8.0.25","matchCriteriaId":"181677F8-59EE-49BC-91A7-845819742869"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*","matchCriteriaId":"5C2089EE-5D7F-47EC-8EA5-0F69790564C4"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:solidfire\\,_enterprise_sds_\\&_hci_storage_node:-:*:*:*:*:*:*:*","matchCriteriaId":"DAA3919C-B2B1-4CB5-BA76-7A079AAFFC52"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*","matchCriteriaId":"D6D700C5-F67F-4FFB-BE69-D524592A3D2E"},{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"FB9B8171-F6CA-427D-81E0-6536D3BBFA8D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"F921BC85-568E-4B69-A3CD-CF75C76672F1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*","matchCriteriaId":"AD7447BC-F315-4298-A822-549942FC118B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"108A2215-50FB-4074-94CF-C130FA14566D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*","matchCriteriaId":"7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"6770B6C3-732E-4E22-BF1C-2D2FD610061C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*","matchCriteriaId":"9F9C8C20-42EB-4AB5-BD97-212DEB070C43"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"D0B4AD8A-F172-4558-AEC6-FF424BA2D912"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*","matchCriteriaId":"8497A4C9-8474-4A62-8331-3FE862ED4098"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"32F0B6C0-F930-480D-962B-3F4EFDCC13C7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*","matchCriteriaId":"803BC414-B250-4E3A-A478-A3881340D6B8"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"7FFF7106-ED78-49BA-9EC5-B889E3685D53"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*","matchCriteriaId":"E63D8B0F-006E-4801-BF9D-1C001BBFB4F9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"0FEB3337-BFDE-462A-908B-176F92053CEC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*","matchCriteriaId":"736AEAE9-782B-4F71-9893-DED53367E102"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"56409CEC-5A1E-4450-AA42-641E459CC2AF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*","matchCriteriaId":"B06F4839-D16A-4A61-9BB5-55B13F41E47F"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.1.1","matchCriteriaId":"B0F46497-4AB0-49A7-9453-CC26837BF253"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*","versionStartIncluding":"8.2.0","versionEndExcluding":"8.2.12","matchCriteriaId":"5722E753-75DE-4944-A11B-556CB299B57D"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*","versionStartIncluding":"9.0.0","versionEndExcluding":"9.0.6","matchCriteriaId":"DC0F9351-81A4-4FEA-B6B5-6E960A933D32"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*","matchCriteriaId":"EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC"}]}]}],"references":[{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","source":"support@hackerone.com","tags":["Patch","Third Party Advisory"]},{"url":"https://curl.se/docs/CVE-2021-22897.html","source":"support@hackerone.com","tags":["Patch","Vendor Advisory"]},{"url":"https://github.com/curl/curl/commit/bbb71507b7bab52002f9b1e0880bed6a32834511","source":"support@hackerone.com","tags":["Patch","Third Party Advisory"]},{"url":"https://hackerone.com/reports/1172857","source":"support@hackerone.com","tags":["Exploit","Issue Tracking","Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20210727-0007/","source":"support@hackerone.com","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com//security-alerts/cpujul2021.html","source":"support@hackerone.com","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html","source":"support@hackerone.com","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujan2022.html","source":"support@hackerone.com","tags":["Patch","Third Party Advisory"]},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://curl.se/docs/CVE-2021-22897.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://github.com/curl/curl/commit/bbb71507b7bab52002f9b1e0880bed6a32834511","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://hackerone.com/reports/1172857","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking","Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20210727-0007/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com//security-alerts/cpujul2021.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujan2022.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://hackerone.com/reports/1172857","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Issue Tracking","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2021-22926","sourceIdentifier":"support@hackerone.com","published":"2021-08-05T21:15:11.553","lastModified":"2026-05-28T21:16:27.860","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the `CURLOPT_SSLCERT` option (`--cert` with the command line tool).When libcurl is built to use the macOS native TLS library Secure Transport, an application can ask for the client certificate by name or with a file name - using the same option. If the name exists as a file, it will be used instead of by name.If the appliction runs with a current working directory that is writable by other users (like `/tmp`), a malicious user can create a file name with the same name as the app wants to use by name, and thereby trick the application to use the file based cert instead of the one referred to by name making libcurl send the wrong client certificate in the TLS connection handshake."},{"lang":"es","value":"Las aplicaciones que usan libcurl pueden pedir un certificado de cliente específico para ser usado en una transferencia. Esto se hace con la opción \"CURLOPT_SSLCERT\" (\"--cert\" con la herramienta de línea de comandos).Cuando libcurl se construye para usar la biblioteca TLS nativa de macOS Transporte Seguro, una aplicación puede pedir el certificado del cliente por su nombre o con un nombre de archivo - usando la misma opción. Si la aplicación se ejecuta con un directorio de trabajo actual que puede ser escrito por otros usuarios (como \"/tmp\"), un usuario malintencionado puede crear un nombre de archivo con el mismo nombre que la aplicación quiere usar por nombre, y así engañar a la aplicación para que use el certificado basado en el archivo en lugar del referido por nombre, haciendo que libcurl envíe el certificado de cliente incorrecto en el handshake de la conexión TLS"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-840"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-295"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*","versionStartIncluding":"7.33.0","versionEndExcluding":"7.78.0","matchCriteriaId":"2D8F65E4-C15D-47AB-BE9C-687300329EE7"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*","matchCriteriaId":"3A756737-1CC4-42C2-A4DF-E1C893B4E2D5"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*","matchCriteriaId":"B55E8D50-99B4-47EC-86F9-699B67D473CE"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*","matchCriteriaId":"1FE996B1-6951-4F85-AA58-B99A379D2163"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*","matchCriteriaId":"A3C19813-E823-456A-B1CE-EC0684CE1953"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*","matchCriteriaId":"F1BE6C1F-2565-4E97-92AA-16563E5660A5"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*","matchCriteriaId":"5735E553-9731-4AAC-BCFF-989377F817B3"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*","matchCriteriaId":"BDFB1169-41A0-4A86-8E4F-FDA9730B1E94"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*","matchCriteriaId":"A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*","versionStartIncluding":"5.7.0","versionEndIncluding":"5.7.35","matchCriteriaId":"E667933A-37EA-4BC2-9180-C3B4B7038866"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0","versionEndIncluding":"8.0.26","matchCriteriaId":"709E83B4-8C66-4255-870B-2F72B37BA8C6"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*","matchCriteriaId":"7E1E416B-920B-49A0-9523-382898C2979D"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*","matchCriteriaId":"D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*","matchCriteriaId":"C8AF00C6-B97F-414D-A8DF-057E6BFD8597"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.1.1","matchCriteriaId":"B0F46497-4AB0-49A7-9453-CC26837BF253"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"6770B6C3-732E-4E22-BF1C-2D2FD610061C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*","matchCriteriaId":"9F9C8C20-42EB-4AB5-BD97-212DEB070C43"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"108A2215-50FB-4074-94CF-C130FA14566D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*","matchCriteriaId":"7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"32F0B6C0-F930-480D-962B-3F4EFDCC13C7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*","matchCriteriaId":"803BC414-B250-4E3A-A478-A3881340D6B8"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"7FFF7106-ED78-49BA-9EC5-B889E3685D53"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*","matchCriteriaId":"E63D8B0F-006E-4801-BF9D-1C001BBFB4F9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"56409CEC-5A1E-4450-AA42-641E459CC2AF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*","matchCriteriaId":"B06F4839-D16A-4A61-9BB5-55B13F41E47F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"0FEB3337-BFDE-462A-908B-176F92053CEC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*","matchCriteriaId":"736AEAE9-782B-4F71-9893-DED53367E102"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"D0B4AD8A-F172-4558-AEC6-FF424BA2D912"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*","matchCriteriaId":"8497A4C9-8474-4A62-8331-3FE862ED4098"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*","versionStartIncluding":"8.2.0","versionEndExcluding":"8.2.12","matchCriteriaId":"5722E753-75DE-4944-A11B-556CB299B57D"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*","versionStartIncluding":"9.0.0","versionEndExcluding":"9.0.6","matchCriteriaId":"DC0F9351-81A4-4FEA-B6B5-6E960A933D32"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*","matchCriteriaId":"EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC"}]}]}],"references":[{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","source":"support@hackerone.com","tags":["Patch","Third Party Advisory"]},{"url":"https://hackerone.com/reports/1234760","source":"support@hackerone.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E","source":"support@hackerone.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E","source":"support@hackerone.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E","source":"support@hackerone.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E","source":"support@hackerone.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/202212-01","source":"support@hackerone.com","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20210902-0003/","source":"support@hackerone.com","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20211022-0003/","source":"support@hackerone.com","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujan2022.html","source":"support@hackerone.com","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuoct2021.html","source":"support@hackerone.com","tags":["Patch","Third Party Advisory"]},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://hackerone.com/reports/1234760","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/202212-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20210902-0003/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20211022-0003/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujan2022.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuoct2021.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2021-35556","sourceIdentifier":"secalert_us@oracle.com","published":"2021-10-20T11:16:33.723","lastModified":"2026-05-28T21:16:28.230","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."},{"lang":"es","value":"Una vulnerabilidad en el producto Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Swing). Las versiones compatibles que están afectadas son Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 y 21.2.0. La vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red por medio de múltiples protocolos comprometer Java SE, Oracle GraalVM Enterprise Edition. Los ataques con éxito de esta vulnerabilidad pueden resultar en una capacidad no autorizada de causar una negación parcial de servicio (DOS parcial) de Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad se aplica a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan código que no es confiable (por ejemplo, código que viene de Internet) y dependen de la sandbox de Java para la seguridad. Esta vulnerabilidad no se aplica a las implantaciones de Java, normalmente en servidores, que cargan y ejecutan únicamente código confiable (por ejemplo, código instalado por un administrador). CVSS 3.1 Puntuación Base 5.3 (impactos en la Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)"}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-693"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:graalvm:20.3.3:*:*:*:enterprise:*:*:*","matchCriteriaId":"53B2BB06-A2F7-4603-89C3-C8500E55483A"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:graalvm:21.2.0:*:*:*:enterprise:*:*:*","matchCriteriaId":"01E88C86-8C04-4A4A-BF45-9082AA783056"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:7:update311:*:*:*:*:*:*","matchCriteriaId":"9F6F0137-F91F-4028-BED2-C29640D52C23"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*","matchCriteriaId":"56F2883B-6A1B-4081-8877-07AF3A73F6CD"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:11.0.12:*:*:*:*:*:*:*","matchCriteriaId":"190C4FEC-ECFD-4E46-8C4D-F99241CF0F75"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:17:*:*:*:*:*:*:*","matchCriteriaId":"4D0A929D-6054-4EFB-8BAD-58826D22D34B"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*","matchCriteriaId":"3A756737-1CC4-42C2-A4DF-E1C893B4E2D5"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*","matchCriteriaId":"B55E8D50-99B4-47EC-86F9-699B67D473CE"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"11.0.0","versionEndIncluding":"11.50.2","matchCriteriaId":"27723C4B-C434-4733-96E4-397AA6ECE601"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*","matchCriteriaId":"0D9CC59D-6182-4B5E-96B5-226FCD343916"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*","matchCriteriaId":"1AEFF829-A8F2-4041-8DDF-E705DB3ADED2"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*","matchCriteriaId":"A3C19813-E823-456A-B1CE-EC0684CE1953"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*","matchCriteriaId":"F1BE6C1F-2565-4E97-92AA-16563E5660A5"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*","matchCriteriaId":"5735E553-9731-4AAC-BCFF-989377F817B3"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*","matchCriteriaId":"A372B177-F740-4655-865C-31777A6E140B"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*","matchCriteriaId":"26A2B713-7D6D-420A-93A4-E0D983C983DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*","matchCriteriaId":"64DE38C8-94F1-4860-B045-F33928F676A8"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*","matchCriteriaId":"A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","matchCriteriaId":"FA6FEEC2-9F11-4643-8827-749718254FED"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*","matchCriteriaId":"E460AA51-FCDA-46B9-AE97-E6676AA5E194"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*","matchCriteriaId":"A930E247-0B43-43CB-98FF-6CE7B8189835"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*","matchCriteriaId":"80E516C0-98A4-4ADE-B69F-66A772E2BAAA"}]}]}],"references":[{"url":"https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html","source":"secalert_us@oracle.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/","source":"secalert_us@oracle.com"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WTVCIVHTX3XONYOEGUMLKCM4QEC6INT/","source":"secalert_us@oracle.com"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJILEHYV2U37HKMGFEQ7CAVOV4DUWW2O/","source":"secalert_us@oracle.com"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/","source":"secalert_us@oracle.com"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/","source":"secalert_us@oracle.com"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V362B2BWTH5IJDL45QPQGMBKIQOG7JX5/","source":"secalert_us@oracle.com"},{"url":"https://security.gentoo.org/glsa/202209-05","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20211022-0004/","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20240621-0006/","source":"secalert_us@oracle.com"},{"url":"https://www.debian.org/security/2021/dsa-5000","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2021/dsa-5012","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuoct2021.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WTVCIVHTX3XONYOEGUMLKCM4QEC6INT/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJILEHYV2U37HKMGFEQ7CAVOV4DUWW2O/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V362B2BWTH5IJDL45QPQGMBKIQOG7JX5/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/202209-05","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20211022-0004/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20240621-0006/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.debian.org/security/2021/dsa-5000","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2021/dsa-5012","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuoct2021.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2021-4104","sourceIdentifier":"security@apache.org","published":"2021-12-14T12:15:12.200","lastModified":"2026-05-28T21:16:28.573","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions."},{"lang":"es","value":"JMSAppender en Log4j versión 1.2 es vulnerable a una deserialización de datos no confiables cuando el atacante presenta acceso de escritura a la configuración de Log4j. El atacante puede proporcionar configuraciones TopicBindingName y TopicConnectionFactoryBindingName haciendo que JMSAppender realice peticiones JNDI que resulten en la ejecución de código remota de forma similar a CVE-2021-44228. Tenga en cuenta que este problema sólo afecta a Log4j versión 1.2 cuando es configurado específicamente para usar JMSAppender, que no es el predeterminado. Apache Log4j versión 1.2 llegó al final de su vida útil en agosto de 2015. Los usuarios deberían actualizar a Log4j 2 ya que aborda otros numerosos problemas de las versiones anteriores"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:P/A:P","baseScore":6.0,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":6.8,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:log4j:1.2:*:*:*:*:*:*:*","matchCriteriaId":"2954BDA9-F03D-44AC-A9EA-3E89036EEFA8"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*","matchCriteriaId":"80E516C0-98A4-4ADE-B69F-66A772E2BAAA"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:codeready_studio:12.0:*:*:*:*:*:*:*","matchCriteriaId":"1BAF877F-B8D5-4313-AC5C-26BB82006B30"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:*","matchCriteriaId":"B87C8AD3-8878-4546-86C2-BF411876648C"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:integration_camel_quarkus:-:*:*:*:*:*:*:*","matchCriteriaId":"F039C746-2001-4EE5-835F-49607A94F12B"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:jboss_a-mq:6.0.0:*:*:*:*:*:*:*","matchCriteriaId":"33C4404A-CFB7-4B47-9487-F998825C31CA"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:jboss_a-mq:7:*:*:*:*:*:*:*","matchCriteriaId":"A58966CB-36AF-4E64-AB39-BE3A0753E155"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:jboss_a-mq_streaming:-:*:*:*:*:*:*:*","matchCriteriaId":"8C7257E5-B4A7-4299-8FE1-A94121E47528"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:jboss_data_grid:7.0.0:*:*:*:*:*:*:*","matchCriteriaId":"CD354E32-A8B0-484C-B4C6-9FBCD3430D2D"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:jboss_data_virtualization:6.0.0:*:*:*:*:*:*:*","matchCriteriaId":"5CDDAFDB-E67A-4795-B2C4-C2D31734ABC8"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*","matchCriteriaId":"B142ACCC-F7A9-4A3B-BE60-0D6691D5058D"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0:*:*:*:*:*:*:*","matchCriteriaId":"88BF3B2C-B121-483A-AEF2-8082F6DA5310"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:jboss_fuse:6.0.0:*:*:*:*:*:*:*","matchCriteriaId":"A305F012-544E-4245-9D69-1C8CD37748B1"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*","matchCriteriaId":"B40CCE4F-EA2C-453D-BB76-6388767E5C6D"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:jboss_fuse_service_works:6.0:*:*:*:*:*:*:*","matchCriteriaId":"3B78438D-1321-4BF4-AEB1-DAF60D589530"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:jboss_operations_network:3.0:*:*:*:*:*:*:*","matchCriteriaId":"C077D692-150C-4AE9-8C0B-7A3EA5EB1100"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:jboss_web_server:3.0:*:*:*:*:*:*:*","matchCriteriaId":"54EB07A0-FB38-4F17-9C8D-DB629967F07B"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:*:*:*:*","matchCriteriaId":"A33441B3-B301-426C-A976-08CE5FE72EFB"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform:4.6:*:*:*:*:*:*:*","matchCriteriaId":"6B62E762-2878-455A-93C9-A5DB430D7BB5"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform:4.7:*:*:*:*:*:*:*","matchCriteriaId":"14CF53D2-B585-4EA5-8F18-21BC9ECBB4B6"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform:4.8:*:*:*:*:*:*:*","matchCriteriaId":"91B493F0-5542-49F7-AAAE-E6CA6E468D7B"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*","matchCriteriaId":"20A6B40D-F991-4712-8E30-5FE008505CB7"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*","matchCriteriaId":"9EFEC7CA-8DDA-48A6-A7B6-1F1D14792890"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:software_collections:-:*:*:*:*:*:*:*","matchCriteriaId":"749804DA-4B27-492A-9ABA-6BB562A6B3AC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","matchCriteriaId":"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_supply_chain_planning:12.1:*:*:*:*:*:*:*","matchCriteriaId":"A62E2A25-1AD7-4B4B-9D1B-F0DEA4550557"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_supply_chain_planning:12.2:*:*:*:*:*:*:*","matchCriteriaId":"0331158C-BBE0-42DB-8180-EB1FCD290567"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*","matchCriteriaId":"B602F9E8-1580-436C-A26D-6E6F8121A583"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*","matchCriteriaId":"77C3DD16-1D81-40E1-B312-50FBD275507C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*","matchCriteriaId":"81DAC8C0-D342-44B5-9432-6B88D389584F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*","matchCriteriaId":"E869C417-C0E6-4FC3-B406-45598A1D1906"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"DFEFE2C0-7B98-44F9-B3AD-D6EC607E90DA"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:*:*:*:*:*:*:*","matchCriteriaId":"C68536CA-C7E2-4228-A6B8-F0DB6A9D29EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*","matchCriteriaId":"E1214FDF-357A-4BB9-BADE-50FB2BD16D10"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*","matchCriteriaId":"B21E6EEF-2AB7-4E96-B092-1F49D11B4175"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:*","versionEndExcluding":"12.0.0.4.0","matchCriteriaId":"28CDCE04-B074-4D7A-B6E4-48193458C9A0"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.5.0:*:*:*:*:*:*:*","matchCriteriaId":"5933FEA2-B79E-4EE7-B821-54D676B45734"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*","matchCriteriaId":"0D299528-8EF0-49AF-9BDE-4B6C6B1DA36C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*","matchCriteriaId":"17A91FD9-9F77-42D3-A4D9-48BC7568ADE1"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*","matchCriteriaId":"A7637F8B-15F1-42E2-BE18-E1FF7C66587D"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*","matchCriteriaId":"E43D793A-7756-4D58-A8ED-72DC4EC9CEA7"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:e-business_suite_cloud_manager_and_cloud_backup_module:2.2.1.1.1:*:*:*:*:*:*:*","matchCriteriaId":"6ED0EE39-C080-4E75-AE0F-3859B57EF851"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*","matchCriteriaId":"D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*","matchCriteriaId":"6E8758C8-87D3-450A-878B-86CE8C9FC140"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7.0.0:*:*:*:*:*:*:*","matchCriteriaId":"054B56E0-F11B-4939-B7E1-E722C67A041A"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7.0.1:*:*:*:*:*:*:*","matchCriteriaId":"250A493C-E052-4978-ABBE-786DC8038448"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8.0.0:*:*:*:*:*:*:*","matchCriteriaId":"2E2B771B-230A-4811-94D7-065C2722E428"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:fusion_middleware_common_libraries_and_tools:12.2.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"F17531CB-DE8A-4ACD-93A0-6A5A8481D51B"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:goldengate:-:*:*:*:*:*:*:*","matchCriteriaId":"507E7AEE-C2FC-4EED-B0F7-5E41642C0BF7"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:healthcare_data_repository:8.1.0:*:*:*:*:*:*:*","matchCriteriaId":"66C673C4-A825-46C0-816B-103E1C058D03"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:hyperion_data_relationship_management:*:*:*:*:*:*:*:*","versionEndExcluding":"11.2.8.0","matchCriteriaId":"E8E7FBA9-0FFF-4C86-B151-28C17A142E0B"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:hyperion_infrastructure_technology:*:*:*:*:*:*:*:*","versionEndExcluding":"11.2.8.0","matchCriteriaId":"55BBCD48-BCC6-4E19-A4CE-970E524B9FF4"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:identity_management_suite:12.2.1.3.0:*:*:*:*:*:*:*","matchCriteriaId":"1489DDA7-EDBE-404C-B48D-F0B52B741708"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:identity_management_suite:12.2.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"535BC19C-21A1-48E3-8CC0-B276BA5D494E"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*","matchCriteriaId":"228DA523-4D6D-48C5-BDB0-DB1A60F23F8B"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*","versionEndIncluding":"8.0.29","matchCriteriaId":"B0EBAC6D-D0CE-42A1-AEA0-2D50C8035747"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_allocation:14.1.3.2:*:*:*:*:*:*:*","matchCriteriaId":"51E83F05-B691-4450-BCA9-32209AEC4F6A"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_allocation:15.0.3.1:*:*:*:*:*:*:*","matchCriteriaId":"288235F9-2F9E-469A-BE14-9089D0782875"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_allocation:16.0.3:*:*:*:*:*:*:*","matchCriteriaId":"6672F9C1-DA04-47F1-B699-C171511ACE38"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_allocation:19.0.1:*:*:*:*:*:*:*","matchCriteriaId":"11E57939-A543-44F7-942A-88690E39EABA"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2.5:*:*:*:*:*:*:*","matchCriteriaId":"30501D23-5044-477A-8DC3-7610126AEFD7"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:stream_analytics:-:*:*:*:*:*:*:*","matchCriteriaId":"0B45A731-11D1-433B-B202-9C8D67C609F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:timesten_grid:-:*:*:*:*:*:*:*","matchCriteriaId":"900D9DBF-8071-4CE5-A67A-9E0C00D04B87"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:tuxedo:12.2.2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"EB7D0A30-3986-49AB-B7F3-DAE0024504BA"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.1.1:*:*:*:*:*:*:*","matchCriteriaId":"A3ED272C-A545-4F8C-86C0-2736B3F2DCAF"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.2.2:*:*:*:*:*:*:*","matchCriteriaId":"C5B4C338-11E1-4235-9D5A-960B2711AC39"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.3.1:*:*:*:*:*:*:*","matchCriteriaId":"8C93F84E-9680-44EF-8656-D27440B51698"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*","matchCriteriaId":"F14A818F-AA16-4438-A3E4-E64C9287AC66"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*","matchCriteriaId":"04BCDC24-4A21-473C-8733-0D9CFB38A752"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2022/01/18/3","source":"security@apache.org"},{"url":"https://access.redhat.com/security/cve/CVE-2021-4104","source":"security@apache.org"},{"url":"https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126","source":"security@apache.org"},{"url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0033","source":"security@apache.org"},{"url":"https://security.gentoo.org/glsa/202209-02","source":"security@apache.org"},{"url":"https://security.gentoo.org/glsa/202310-16","source":"security@apache.org"},{"url":"https://security.gentoo.org/glsa/202312-02","source":"security@apache.org"},{"url":"https://security.gentoo.org/glsa/202312-04","source":"security@apache.org"},{"url":"https://security.netapp.com/advisory/ntap-20211223-0007/","source":"security@apache.org"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-44228","source":"security@apache.org"},{"url":"https://www.kb.cert.org/vuls/id/930724","source":"security@apache.org"},{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html","source":"security@apache.org"},{"url":"https://www.oracle.com/security-alerts/cpujan2022.html","source":"security@apache.org"},{"url":"https://www.oracle.com/security-alerts/cpujul2022.html","source":"security@apache.org"},{"url":"http://www.openwall.com/lists/oss-security/2022/01/18/3","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/security/cve/CVE-2021-4104","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0033","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/202209-02","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/202310-16","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/202312-02","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/202312-04","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.netapp.com/advisory/ntap-20211223-0007/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-44228","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.kb.cert.org/vuls/id/930724","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.oracle.com/security-alerts/cpujan2022.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.oracle.com/security-alerts/cpujul2022.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2020-7534","sourceIdentifier":"cybersecurity@se.com","published":"2022-02-04T23:15:10.390","lastModified":"2026-05-28T22:16:57.373","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists on the web server used, that could cause a leak of sensitive data or unauthorized actions on the web server during the time the user is logged in. Affected Products: Modicon M340 CPUs: BMXP34 (All Versions), Modicon Quantum CPUs with integrated Ethernet (Copro): 140CPU65 (All Versions), Modicon Premium CPUs with integrated Ethernet (Copro): TSXP57 (All Versions), Modicon M340 ethernet modules: (BMXNOC0401, BMXNOE01, BMXNOR0200H) (All Versions), Modicon Quantum and Premium factory cast communication modules: (140NOE77111, 140NOC78*00, TSXETY5103, TSXETY4103) (All Versions)"},{"lang":"es","value":"Una CWE-352: Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) se presenta en el servidor web usado, que podría causar un filtrado de datos confidenciales o acciones no autorizadas en el servidor web durante el tiempo en que el usuario está conectado. Productos afectados: CPUs Modicon M340: BMXP34 (Todas las versiones), CPUs Modicon Quantum con Ethernet integrada (Copro): 140CPU65 (Todas las versiones), CPUs Modicon Premium con Ethernet integrada (Copro): TSXP57 (Todas las versiones), Módulos ethernet Modicon M340: (BMXNOC0401, BMXNOE01, BMXNOR0200H) (Todas las versiones), Módulos de comunicación de fábrica Modicon Quantum y Premium: (140NOE77111, 140NOC78*00, TSXETY5103, TSXETY4103) (Todas las versiones)"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"cybersecurity@se.com","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"C747D719-51A2-44F5-B940-89D84437DA95"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*","matchCriteriaId":"99F2F851-C18F-4CB8-B47C-516F2AC7955D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:140cpu65_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"12B6D628-61AA-4999-B71F-FF93182A035B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:140cpu65:-:*:*:*:*:*:*:*","matchCriteriaId":"F6E9922C-D583-4820-9BAC-8D8CC31F482B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxp57_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"B20CF298-0E3F-4142-B7CF-791FA5E5545C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxp57:-:*:*:*:*:*:*:*","matchCriteriaId":"D2161791-5948-4C6E-B0FC-8DC7686CD87A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:bmxnoc0401_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"FEF0DA3B-F89B-487D-AAE6-AEA88E28055A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:bmxnoc0401:-:*:*:*:*:*:*:*","matchCriteriaId":"DF08654A-FFCB-47D3-AC82-DF7284548962"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:bmxnoe01_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"E77A9929-C08B-4C29-ADA9-A53E6A2750D5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:bmxnoe01:-:*:*:*:*:*:*:*","matchCriteriaId":"50ED0C5D-0F0F-42D9-9E44-133A89ED940C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:bmxnor0200h_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"AECF5778-C5F5-4789-BD3D-793B35DDDBDF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:bmxnor0200h:-:*:*:*:*:*:*:*","matchCriteriaId":"60D9A366-3394-4275-B884-AE6E7227156E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:140noe77111_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"36A93454-1251-4EC9-8FFB-E7152E346C5B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:140noe77111:-:*:*:*:*:*:*:*","matchCriteriaId":"7CBDCA32-398A-4AC3-A477-DEF9ACD4D3F4"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:140noc78000_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"1A62DEBF-6343-48BB-835C-64AE9D8F956A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:140noc78000:-:*:*:*:*:*:*:*","matchCriteriaId":"876CE5BA-B45D-4FFD-8176-E26181DAC355"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxety5103_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"C7B418F6-DCED-40B9-8B35-DC50FD8EF6FD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxety5103:-:*:*:*:*:*:*:*","matchCriteriaId":"6A901BF2-9316-4067-9AFC-8A7CB3549F68"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxety4103_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"066E3E6C-8A0E-4360-A4ED-32A84B7647FC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxety4103:-:*:*:*:*:*:*:*","matchCriteriaId":"18B13865-038C-4073-955A-36E6F5037C2C"}]}]}],"references":[{"url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-01","source":"cybersecurity@se.com","tags":["Patch","Vendor Advisory"]},{"url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2023-25136","sourceIdentifier":"cve@mitre.org","published":"2023-02-03T06:15:09.350","lastModified":"2026-05-28T18:16:28.073","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states \"remote code execution is theoretically possible.\""},{"lang":"es","value":"OpenSSH server (sshd) v9.1 introdujo una vulnerabilidad de doble liberación durante el manejo de \"options.key_algorithms\". Esto se ha corregido en OpenSSH v9.2. La doble liberación puede ser aprovechada por un atacante remoto no autenticado en la configuración por defecto, para saltar a cualquier ubicación en el espacio de direcciones de sshd. Un informe de terceros afirma que \"la ejecución remota de código es teóricamente posible\"."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":4.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-415"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-415"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:9.1:*:*:*:*:*:*:*","matchCriteriaId":"779485D0-83A2-404C-9477-82BDE8D63A40"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*","matchCriteriaId":"E30D0E6F-4AE8-4284-8716-991DFA48CC5D"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*","matchCriteriaId":"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*","matchCriteriaId":"E7CF3019-975D-40BB-A8A4-894E62BD3797"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:a250_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"1236B66D-EB11-4324-929F-E2B86683C3C7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:a250:-:*:*:*:*:*:*:*","matchCriteriaId":"281DFC67-46BB-4FC2-BE03-3C65C9311F65"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:500f_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"ECF32BB1-9A58-4821-AE49-5D5C8200631F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:500f:-:*:*:*:*:*:*:*","matchCriteriaId":"F21DE67F-CDFD-4D36-9967-633CD0240C6F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:c250_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"F1AB1EC2-2560-494A-A51B-6F20CE318FEB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:c250:-:*:*:*:*:*:*:*","matchCriteriaId":"58DE2B52-4E49-4CD0-9310-00291B0352C7"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2023/02/13/1","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2023/02/22/1","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2023/02/22/2","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2023/02/23/3","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2023/03/06/1","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2023/03/09/2","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://bugzilla.mindrot.org/show_bug.cgi?id=3522","source":"cve@mitre.org","tags":["Exploit","Issue Tracking","Third Party Advisory"]},{"url":"https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/017_sshd.patch.sig","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://github.com/openssh/openssh-portable/commit/486c4dc3b83b4b67d663fb0fa62bc24138ec3946","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://jfrog.com/blog/openssh-pre-auth-double-free-cve-2023-25136-writeup-and-proof-of-concept/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JGAUIXJ3TEKCRKVWFQ6GDAGQFTIIGQQP/","source":"cve@mitre.org"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7LKQDFZWKYHQ65TBSH2X2HJQ4V2THS3/","source":"cve@mitre.org"},{"url":"https://news.ycombinator.com/item?id=34711565","source":"cve@mitre.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/202307-01","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20230309-0003/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.openwall.com/lists/oss-security/2023/02/02/2","source":"cve@mitre.org","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2023/02/13/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2023/02/22/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2023/02/22/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2023/02/23/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2023/03/06/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2023/03/09/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://bugzilla.mindrot.org/show_bug.cgi?id=3522","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking","Third Party Advisory"]},{"url":"https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/017_sshd.patch.sig","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://github.com/openssh/openssh-portable/commit/486c4dc3b83b4b67d663fb0fa62bc24138ec3946","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://jfrog.com/blog/openssh-pre-auth-double-free-cve-2023-25136-writeup-and-proof-of-concept/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JGAUIXJ3TEKCRKVWFQ6GDAGQFTIIGQQP/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7LKQDFZWKYHQ65TBSH2X2HJQ4V2THS3/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://news.ycombinator.com/item?id=34711565","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/202307-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20230309-0003/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.openwall.com/lists/oss-security/2023/02/02/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-28531","sourceIdentifier":"cve@mitre.org","published":"2023-03-17T04:15:14.553","lastModified":"2026-05-28T19:16:36.563","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*","versionStartIncluding":"8.9","versionEndExcluding":"9.3","matchCriteriaId":"84F1ED1E-4AD0-4903-A9FD-F4BBC21328E4"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:brocade_fabric_operating_system:-:*:*:*:*:*:*:*","matchCriteriaId":"A2119FFC-08F9-4C3F-881C-9C72916BC652"},{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*","matchCriteriaId":"1C767AA1-88B7-48F0-9F31-A89D16DCD52C"},{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:solidfire_element_os:-:*:*:*:*:*:*:*","matchCriteriaId":"6E379272-A79A-4A27-9861-71DCBD4B1FEF"}]}]}],"references":[{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AN2UDTXEUSKFIOIYMV6JNI5VSBMYZOFT/","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/202307-01","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20230413-0008/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2023/dsa-5586","source":"cve@mitre.org"},{"url":"https://www.openwall.com/lists/oss-security/2023/03/15/8","source":"cve@mitre.org","tags":["Mailing List","Release Notes"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AN2UDTXEUSKFIOIYMV6JNI5VSBMYZOFT/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AN2UDTXEUSKFIOIYMV6JNI5VSBMYZOFT/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/202307-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20230413-0008/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2023/dsa-5586","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.openwall.com/lists/oss-security/2023/03/15/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Release Notes"]},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-082556.html","source":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e"}]}},{"cve":{"id":"CVE-2023-21968","sourceIdentifier":"secalert_us@oracle.com","published":"2023-04-18T20:15:16.470","lastModified":"2026-05-28T19:16:36.203","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries).  Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and  22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)."}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:graalvm:20.3.9:*:*:*:enterprise:*:*:*","matchCriteriaId":"FE7FF02E-5A54-47BD-8FAC-E1F1E23CBD0B"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:graalvm:21.3.5:*:*:*:enterprise:*:*:*","matchCriteriaId":"725D21E1-8FEF-492C-9CCF-75DDD286FA71"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:graalvm:22.3.1:*:*:*:enterprise:*:*:*","matchCriteriaId":"CBC05434-18E2-43D2-901F-BA97A3A3AC3A"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.8.0:update361:*:*:*:*:*:*","matchCriteriaId":"BB648C28-DCDF-4CEE-816C-2D7EF91D2689"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:11.0.18:*:*:*:*:*:*:*","matchCriteriaId":"CA4C6A6B-46BA-471A-959C-D1819B5D5196"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:17.0.6:*:*:*:*:*:*:*","matchCriteriaId":"751BA15B-1950-4ABD-AFEB-B4F90587FF61"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:20:*:*:*:*:*:*:*","matchCriteriaId":"F26CDEF2-A840-4957-A390-19E48AEEC70A"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.8.0:update361:*:*:*:*:*:*","matchCriteriaId":"DB18EEA4-9670-4EBC-8559-6766740980F3"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:11.0.18:*:*:*:*:*:*:*","matchCriteriaId":"B85FB47B-1A8B-4758-83A7-3AC5B74D73FB"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:17.0.6:*:*:*:*:*:*:*","matchCriteriaId":"0B973ADC-5F00-4CC5-985F-F4E1BB9FF1EF"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:20:*:*:*:*:*:*:*","matchCriteriaId":"AC10C81D-E148-4208-BA86-086B935A1254"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*","matchCriteriaId":"7EF6650C-558D-45C8-AE7D-136EE70CB6D7"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:brocade_san_navigator:-:*:*:*:*:*:*:*","matchCriteriaId":"25FA7A4D-B0E2-423E-8146-E221AE2D6120"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*","matchCriteriaId":"CCAA4004-9319-478C-9D55-0E8307F872F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*","matchCriteriaId":"3B199052-5732-4726-B06B-A12C70DFB891"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*","matchCriteriaId":"F1BE6C1F-2565-4E97-92AA-16563E5660A5"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*","versionStartIncluding":"11","versionEndIncluding":"11.0.18","matchCriteriaId":"90F6CEC5-2FD9-4ADB-9D86-B741C0ABCD7B"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*","versionStartIncluding":"17","versionEndIncluding":"17.0.6","matchCriteriaId":"83395182-E46E-47FF-A781-4EF235BC83B6"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*","matchCriteriaId":"70892D06-6E75-4425-BBF0-4B684EC62A1C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*","matchCriteriaId":"7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*","matchCriteriaId":"7417B2BB-9AC2-4AF4-A828-C89A0735AD92"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*","matchCriteriaId":"6A0A57B5-6F88-4288-9CDE-F6613FE068D2"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*","matchCriteriaId":"67ED8559-C348-4932-B7CE-CB96976A30EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*","matchCriteriaId":"40AC3D91-263F-4345-9FAA-0E573EA64590"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*","matchCriteriaId":"DD92AFA9-81F8-48D4-B79A-E7F066F69A99"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*","matchCriteriaId":"2C4B2F24-A730-4818-90C8-A2D90C081F03"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*","matchCriteriaId":"464087F2-C285-4574-957E-CE0663F07DE0"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*","matchCriteriaId":"3E9BB880-A4F6-4887-8BB9-47AA298753D5"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*","matchCriteriaId":"18DCFF53-B298-4534-AB5C-8A5EF59C616F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*","matchCriteriaId":"083419F8-FDDF-4E36-88F8-857DB317C1D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*","matchCriteriaId":"D7A74F65-57E8-4C9A-BA96-5EF401504F13"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*","matchCriteriaId":"0D0B90FC-57B6-4315-9B29-3C36E58B2CF5"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*","matchCriteriaId":"07812576-3C35-404C-A7D7-9BE9E3D76E00"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*","matchCriteriaId":"00C52B1C-5447-4282-9667-9EBE0720B423"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*","matchCriteriaId":"92BB9EB0-0C12-4E77-89EE-FB77097841B8"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*","matchCriteriaId":"FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*","matchCriteriaId":"ABC0E7BB-F8B7-4369-9910-71240E4073A3"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*","matchCriteriaId":"551B2640-8CEC-4C24-AF8B-7A7CEF864D9D"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*","matchCriteriaId":"0AE30779-48FB-451E-8CE1-F469F93B8772"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*","matchCriteriaId":"60590FDE-7156-4314-A012-AA38BD2ADDC9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*","matchCriteriaId":"BE51AD3A-8331-4E8F-9DB1-7A0051731DFB"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*","matchCriteriaId":"F24F6122-2256-41B6-9033-794C6424ED99"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*","matchCriteriaId":"0EAFA79E-8C7A-48CF-8868-11378FE4B26F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*","matchCriteriaId":"D1D6F19F-59B5-4BB6-AD35-013384025970"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*","matchCriteriaId":"E7BA97BC-3ADA-465A-835B-6C3C5F416B56"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*","matchCriteriaId":"B71F77A4-B7EB-47A1-AAFD-431A7D040B86"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*","matchCriteriaId":"91D6BEA9-5943-44A4-946D-CEAA9BA99376"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*","matchCriteriaId":"C079A3E0-44EB-4B9C-B4FC-B7621D165C3B"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*","matchCriteriaId":"2CB74086-14B8-4237-8357-E0C6B5BB8313"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*","matchCriteriaId":"3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*","matchCriteriaId":"00C2B9C9-1177-4DA6-96CE-55F37F383F99"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*","matchCriteriaId":"435CF189-0BD8-40DF-A0DC-99862CDEAF8A"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*","matchCriteriaId":"12A3F367-33AD-47C3-BFDC-871A17E72C94"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*","matchCriteriaId":"A18F994F-72CA-4AF5-A7D1-9F5AEA286D85"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*","matchCriteriaId":"78261932-7373-4F16-91E0-1A72ADBEBC3E"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*","matchCriteriaId":"9BD90D3D-9B3A-4101-9A8A-5090F0A9719F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*","matchCriteriaId":"B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*","matchCriteriaId":"F5A40B8A-D428-4008-9F21-AF21394C51D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*","matchCriteriaId":"FEC5B777-01E1-45EE-AF95-C3BD1F098B2F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*","matchCriteriaId":"3B504718-5DCE-43B4-B19A-C6B6E7444BD3"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*","matchCriteriaId":"3102AA10-99A8-49A9-867E-7EEC56865680"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*","matchCriteriaId":"5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*","matchCriteriaId":"15BA8A26-2CDA-442B-A549-6BE92DCCD205"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*","matchCriteriaId":"56F2883B-6A1B-4081-8877-07AF3A73F6CD"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*","matchCriteriaId":"98C0742E-ACDD-4DB4-8A4C-B96702C8976C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*","matchCriteriaId":"F8483034-DD5A-445D-892F-CDE90A7D58EE"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*","matchCriteriaId":"1716A5CD-1C32-4F19-9DDE-F9C7CCB6B420"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:update322:*:*:*:*:*:*","matchCriteriaId":"DAB4F663-BCAF-43DB-BCC3-24C060B0CBAB"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:update332:*:*:*:*:*:*","matchCriteriaId":"A8EF5BB8-7DAF-49B0-A11E-14E89EF7377A"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:update342:*:*:*:*:*:*","matchCriteriaId":"383F0B07-59BF-4744-87F2-04C98BC183B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:update352:*:*:*:*:*:*","matchCriteriaId":"494C17C6-54A3-4BE6-A4FF-2D54DF2B38D5"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:update362:*:*:*:*:*:*","matchCriteriaId":"1058ABDC-D652-4E2D-964D-C9C98FD404F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*","matchCriteriaId":"8279718F-878F-4868-8859-1728D13CD0D8"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*","matchCriteriaId":"2C024E1A-FD2C-42E8-B227-C2AFD3040436"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*","matchCriteriaId":"4F24389D-DDD0-4204-AA24-31C920A4F47E"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*","matchCriteriaId":"966979BE-1F21-4729-B6B8-610F74648344"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*","matchCriteriaId":"F8534265-33BF-460D-BF74-5F55FDE50F29"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*","matchCriteriaId":"F77AFC25-1466-4E56-9D5F-6988F3288E16"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*","matchCriteriaId":"A650BEB8-E56F-4E42-9361-8D2DB083F0F8"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*","matchCriteriaId":"799FFECD-E80A-44B3-953D-CDB5E195F3AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*","matchCriteriaId":"A7047507-7CAF-4A14-AA9A-5CEF806EDE98"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*","matchCriteriaId":"CFC7B179-95D3-4F94-84F6-73F1034A1AF2"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*","matchCriteriaId":"9FB28526-9385-44CA-AF08-1899E6C3AE4D"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*","matchCriteriaId":"E26B69E4-0B43-415F-A82B-52FDCB262B3E"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*","matchCriteriaId":"27BC4150-70EC-462B-8FC5-20B3442CBB31"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*","matchCriteriaId":"02646989-ECD9-40AE-A83E-EFF4080C69B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:openjdk:20:*:*:*:*:*:*:*","matchCriteriaId":"77172BC0-8637-41F6-AE3B-83006D6735DE"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","matchCriteriaId":"FA6FEEC2-9F11-4643-8827-749718254FED"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*","matchCriteriaId":"46D69DCC-AE4D-4EA5-861C-D60951444C6C"}]}]}],"references":[{"url":"https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html","source":"secalert_us@oracle.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20230427-0008/","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20240621-0006/","source":"secalert_us@oracle.com"},{"url":"https://www.couchbase.com/alerts/","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2023/dsa-5430","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2023/dsa-5478","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuapr2023.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20230427-0008/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20240621-0006/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.couchbase.com/alerts/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2023/dsa-5430","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2023/dsa-5478","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuapr2023.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2023-47359","sourceIdentifier":"cve@mitre.org","published":"2023-11-07T16:15:29.140","lastModified":"2026-05-28T19:16:36.777","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket() and results in a memory corruption."},{"lang":"es","value":"Videolan VLC anterior a la versión 3.0.20 contiene una lectura de desplazamiento incorrecta que provoca un desbordamiento del búfer en la función GetPacket() y provoca daños en la memoria."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*","versionEndExcluding":"3.0.20","matchCriteriaId":"0FEB882C-531D-4002-9CAB-98A0C6EDC382"}]}]}],"references":[{"url":"https://0xariana.github.io/blog/real_bugs/vlc/mms","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2023/11/msg00034.html","source":"cve@mitre.org"},{"url":"https://0xariana.github.io/blog/real_bugs/vlc/mms","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2023/11/msg00034.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2023-47360","sourceIdentifier":"cve@mitre.org","published":"2023-11-07T16:15:29.190","lastModified":"2026-05-28T19:16:36.973","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length."},{"lang":"es","value":"Videolan VLC anterior a la versión 3.0.20 contiene un desbordamiento insuficiente de enteros que conduce a una longitud de paquete incorrecta."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-191"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-191"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*","versionEndExcluding":"3.0.20","matchCriteriaId":"0FEB882C-531D-4002-9CAB-98A0C6EDC382"}]}]}],"references":[{"url":"https://0xariana.github.io/blog/real_bugs/vlc/mms","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2023/11/msg00034.html","source":"cve@mitre.org"},{"url":"https://0xariana.github.io/blog/real_bugs/vlc/mms","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2023/11/msg00034.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2023-51384","sourceIdentifier":"cve@mitre.org","published":"2023-12-18T19:15:08.720","lastModified":"2026-05-28T20:16:22.260","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys."},{"lang":"es","value":"En ssh-agent en OpenSSH anterior a 9.6, ciertas restricciones de destino se pueden aplicar de forma incompleta. Cuando se especifican restricciones de destino durante la adición de claves privadas alojadas en PKCS#11, estas restricciones solo se aplican a la primera clave, incluso si un token PKCS#11 devuelve varias claves."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*","versionStartIncluding":"8.9","versionEndExcluding":"9.6","matchCriteriaId":"D91DE00B-AE34-46AC-A5B3-C40A4C1F4C17"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","matchCriteriaId":"FA6FEEC2-9F11-4643-8827-749718254FED"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*","matchCriteriaId":"46D69DCC-AE4D-4EA5-861C-D60951444C6C"}]}]}],"references":[{"url":"http://seclists.org/fulldisclosure/2024/Mar/21","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://github.com/openssh/openssh-portable/commit/881d9c6af9da4257c69c327c4e2f1508b2fa754b","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20240105-0005/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://support.apple.com/kb/HT214084","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2023/dsa-5586","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.openssh.com/txt/release-9.6","source":"cve@mitre.org","tags":["Release Notes"]},{"url":"https://www.openwall.com/lists/oss-security/2023/12/18/2","source":"cve@mitre.org","tags":["Mailing List","Release Notes"]},{"url":"http://seclists.org/fulldisclosure/2024/Mar/21","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://github.com/openssh/openssh-portable/commit/881d9c6af9da4257c69c327c4e2f1508b2fa754b","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20240105-0005/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://support.apple.com/kb/HT214084","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2023/dsa-5586","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.openssh.com/txt/release-9.6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes"]},{"url":"https://www.openwall.com/lists/oss-security/2023/12/18/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Release Notes"]},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-082556.html","source":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e"},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-769027.html","source":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e"},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-794697.html","source":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e"}]}},{"cve":{"id":"CVE-2024-49894","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2024-10-21T18:15:11.913","lastModified":"2026-05-28T15:12:45.613","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix index out of bounds in degamma hardware format translation\n\nFixes index out of bounds issue in\n`cm_helper_translate_curve_to_degamma_hw_format` function. The issue\ncould occur when the index 'i' exceeds the number of transfer function\npoints (TRANSFER_FUNC_POINTS).\n\nThe fix adds a check to ensure 'i' is within bounds before accessing the\ntransfer function points. If 'i' is out of bounds the function returns\nfalse to indicate an error.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:594 cm_helper_translate_curve_to_degamma_hw_format() error: buffer overflow 'output_tf->tf_pts.red' 1025 <= s32max\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:595 cm_helper_translate_curve_to_degamma_hw_format() error: buffer overflow 'output_tf->tf_pts.green' 1025 <= s32max\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:596 cm_helper_translate_curve_to_degamma_hw_format() error: buffer overflow 'output_tf->tf_pts.blue' 1025 <= s32max"},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: Corrige el índice fuera de los límites en la traducción del formato de hardware degamma Corrige el problema del índice fuera de los límites en la función `cm_helper_translate_curve_to_degamma_hw_format`. El problema podría ocurrir cuando el índice 'i' excede el número de puntos de función de transferencia (TRANSFER_FUNC_POINTS). La corrección agrega una verificación para garantizar que 'i' esté dentro de los límites antes de acceder a los puntos de función de transferencia. Si 'i' está fuera de los límites, la función devuelve falso para indicar un error. Reportado por smatch: drivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:594 cm_helper_translate_curve_to_degamma_hw_format() error: desbordamiento de búfer 'output_tf-&gt;tf_pts.red' 1025 &lt;= s32max drivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:595 cm_helper_translate_curve_to_degamma_hw_format() error: desbordamiento de búfer 'output_tf-&gt;tf_pts.green' 1025 &lt;= s32max drivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:596 cm_helper_translate_curve_to_degamma_hw_format() error: desbordamiento de búfer 'output_tf-&gt;tf_pts.blue' 1025 &lt;= s32max"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-129"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:siemens:simatic_s7-1500_tm_mfp_firmware:1.1:*:*:*:*:*:*:*","matchCriteriaId":"33078ADB-41E4-4DCC-BB91-78279581883E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:siemens:simatic_s7-1500_tm_mfp:-:*:*:*:*:*:*:*","matchCriteriaId":"754051AB-27D3-41CA-B2C8-79BAD48C8750"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","matchCriteriaId":"FA6FEEC2-9F11-4643-8827-749718254FED"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"4.19.323","matchCriteriaId":"8AD391D2-9160-4AB6-95CE-F0E8A945DDB0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.20","versionEndExcluding":"5.4.285","matchCriteriaId":"B5A89369-320F-47FC-8695-56F61F87E4C0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"5.10.227","matchCriteriaId":"795A3EE6-0CAB-4409-A903-151C94ACECC0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.168","matchCriteriaId":"4D51C05D-455B-4D8D-89E7-A58E140B864C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.113","matchCriteriaId":"D01BD22E-ACD1-4618-9D01-6116570BE1EE"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.55","matchCriteriaId":"E90B9576-56C4-47BC-AAB0-C5B2D438F5D0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.10.14","matchCriteriaId":"4C16BCE0-FFA0-4599-BE0A-1FD65101C021"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.11","versionEndExcluding":"6.11.3","matchCriteriaId":"54D9C704-D679-41A7-9C40-10A6B1E7FFE9"},{"vulnerable":true,"criteria":"cpe:2.3:o:siemens:sinec_os:*:*:*:*:*:*:*:*","versionEndExcluding":"3.2","matchCriteriaId":"FA64F29A-AD82-4C61-BA69-AC9ABF9CFEF5"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/07078fa5d589a7fbce8f81ea8acf7aa0021ab38e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/122e3a7a8c7bcbe3aacddd6103f67f9f36bed473","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2495c8e272d84685403506833a664fad932e453a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2f5da549535be8ccd2ab7c9abac8562ad370b181","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b3dfa878257a7e98830b3009ca5831a01d8f85fc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b7e99058eb2e86aabd7a10761e76cae33d22b49f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c130a3c09e3746c1a09ce26c20d21d449d039b1d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c6979719012a90e5b8e3bc31725fbfdd0b9b2b79","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f5f6d90087131812c1e4b9d3103f400f1624396d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-265688.html","source":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","tags":["Third Party Advisory"]},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-355557.html","source":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2024-49924","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2024-10-21T18:15:14.450","lastModified":"2026-05-28T15:12:23.970","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: pxafb: Fix possible use after free in pxafb_task()\n\nIn the pxafb_probe function, it calls the pxafb_init_fbinfo function,\nafter which &fbi->task is associated with pxafb_task. Moreover,\nwithin this pxafb_init_fbinfo function, the pxafb_blank function\nwithin the &pxafb_ops struct is capable of scheduling work.\n\nIf we remove the module which will call pxafb_remove to make cleanup,\nit will call unregister_framebuffer function which can call\ndo_unregister_framebuffer to free fbi->fb through\nput_fb_info(fb_info), while the work mentioned above will be used.\nThe sequence of operations that may lead to a UAF bug is as follows:\n\nCPU0                                                CPU1\n\n                                   | pxafb_task\npxafb_remove                       |\nunregister_framebuffer(info)       |\ndo_unregister_framebuffer(fb_info) |\nput_fb_info(fb_info)               |\n// free fbi->fb                    | set_ctrlr_state(fbi, state)\n                                   | __pxafb_lcd_power(fbi, 0)\n                                   | fbi->lcd_power(on, &fbi->fb.var)\n                                   | //use fbi->fb\n\nFix it by ensuring that the work is canceled before proceeding\nwith the cleanup in pxafb_remove.\n\nNote that only root user can remove the driver at runtime."},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fbdev: pxafb: Arregla posible use after free en pxafb_task() En la función pxafb_probe, llama a la función pxafb_init_fbinfo, después de lo cual &amp;fbi-&gt;task se asocia con pxafb_task. Además, dentro de esta función pxafb_init_fbinfo, la función pxafb_blank dentro de la estructura &amp;pxafb_ops es capaz de programar trabajo. Si eliminamos el módulo que llamará a pxafb_remove para hacer la limpieza, llamará a la función unregister_framebuffer que puede llamar a do_unregister_framebuffer para liberar fbi-&gt;fb a través de put_fb_info(fb_info), mientras que se utilizará el trabajo mencionado anteriormente. La secuencia de operaciones que pueden llevar a un error de UAF es la siguiente: CPU0 CPU1 | pxafb_task pxafb_remove | unregister_framebuffer(info) | do_unregister_framebuffer(fb_info) | put_fb_info(fb_info) | // free fbi-&gt;fb | set_ctrlr_state(fbi, state) | __pxafb_lcd_power(fbi, 0) | fbi-&gt;lcd_power(on, &amp;fbi-&gt;fb.var) | //use fbi-&gt;fb Solucione el problema asegurándose de cancelar el trabajo antes de continuar con la limpieza en pxafb_remove. Tenga en cuenta que solo el usuario root puede eliminar el controlador en tiempo de ejecución."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","matchCriteriaId":"FA6FEEC2-9F11-4643-8827-749718254FED"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.27","versionEndExcluding":"4.19.323","matchCriteriaId":"DCE87C32-9DFD-4170-A5F4-3F27B8597055"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.20","versionEndExcluding":"5.4.285","matchCriteriaId":"B5A89369-320F-47FC-8695-56F61F87E4C0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"5.10.227","matchCriteriaId":"795A3EE6-0CAB-4409-A903-151C94ACECC0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.168","matchCriteriaId":"4D51C05D-455B-4D8D-89E7-A58E140B864C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.113","matchCriteriaId":"D01BD22E-ACD1-4618-9D01-6116570BE1EE"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.55","matchCriteriaId":"E90B9576-56C4-47BC-AAB0-C5B2D438F5D0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.10.14","matchCriteriaId":"4C16BCE0-FFA0-4599-BE0A-1FD65101C021"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.11","versionEndExcluding":"6.11.3","matchCriteriaId":"54D9C704-D679-41A7-9C40-10A6B1E7FFE9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/3c0d416eb4bef705f699213cee94bf54b6acdacd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4a6921095eb04a900e0000da83d9475eb958e61e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4cda484e584be34d55ee17436ebf7ad11922b97a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6d0a07f68b66269e167def6c0b90a219cd3e7473","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a3a855764dbacbdb1cc51e15dc588f2d21c93e0e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/aaadc0cb05c999ccd8898a03298b7e5c31509b08","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e657fa2df4429f3805a9b3e47fb1a4a1b02a72bd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e6897e299f57b103e999e62010b88e363b3eebae","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fdda354f60a576d52dcf90351254714681df4370","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2024-54508","sourceIdentifier":"product-security@apple.com","published":"2024-12-12T02:15:31.393","lastModified":"2026-05-28T16:16:20.103","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The issue was addressed with improved memory handling. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.6, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing maliciously crafted web content may lead to an unexpected process crash."},{"lang":"es","value":"El problema se solucionó mejorando el manejo de la memoria. Este problema se solucionó en watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 y iPadOS 18.2. El procesamiento de contenido web creado con fines malintencionados puede provocar un bloqueo inesperado del proceso."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-125"},{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*","versionEndExcluding":"18.2","matchCriteriaId":"12581F66-E5CF-4B04-A94C-E56DE31D0B62"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*","versionEndExcluding":"18.2","matchCriteriaId":"61B67D76-E2DA-46D7-9E43-4E18D542AA57"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndExcluding":"18.2","matchCriteriaId":"02BF92BD-305C-46CA-8A77-C247AF8B1BC0"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*","versionEndExcluding":"15.2","matchCriteriaId":"3750AD63-B023-44CE-B44D-A90F98E3A8C0"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*","versionEndExcluding":"18.2","matchCriteriaId":"3B719BB6-424F-4612-8809-0DF25022C29C"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*","versionEndExcluding":"2.2","matchCriteriaId":"16F83EAF-2879-4515-BC44-6AE5006D35EE"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndExcluding":"11.2","matchCriteriaId":"8C446885-2BC5-454D-88A1-146B17C051C3"}]}]}],"references":[{"url":"https://support.apple.com/en-us/121837","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/en-us/121839","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/en-us/121843","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/en-us/121844","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/en-us/121845","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/en-us/121846","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/en-us/122372","source":"product-security@apple.com"},{"url":"http://seclists.org/fulldisclosure/2024/Dec/11","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://seclists.org/fulldisclosure/2024/Dec/13","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://seclists.org/fulldisclosure/2024/Dec/5","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://seclists.org/fulldisclosure/2024/Dec/7","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://seclists.org/fulldisclosure/2025/Apr/5","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00002.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2025-13954","sourceIdentifier":"vulnerability@ncsc.ch","published":"2025-12-10T09:15:46.067","lastModified":"2026-05-28T13:16:22.237","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Hard-coded cryptographic keys in Admin UI of EZCast Pro II before version 1.17478.177 allows attackers to bypass authorization checks and gain full access to the admin UI"}],"metrics":{"cvssMetricV40":[{"source":"vulnerability@ncsc.ch","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:L/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"LOW","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"vulnerability@ncsc.ch","type":"Secondary","description":[{"lang":"en","value":"CWE-798"}]}],"references":[{"url":"https://www.ncsc.admin.ch/ncsc/en/home/infos-fuer/infos-it-spezialisten/themen/schwachstelle-melden/cvd-cases/cvd-case-1-test.html","source":"vulnerability@ncsc.ch"},{"url":"https://www.nimbletech.com.tw/index.php/release-note/","source":"vulnerability@ncsc.ch"}]}},{"cve":{"id":"CVE-2025-13955","sourceIdentifier":"vulnerability@ncsc.ch","published":"2025-12-10T09:15:46.710","lastModified":"2026-05-28T13:16:22.863","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Predictable default Wi-Fi Password in Access Point functionality in EZCast Pro II before version 1.17478.177 allows attackers in Wi-Fi range to gain access to the dongle by calculating the default password from observable device identifiers"}],"metrics":{"cvssMetricV40":[{"source":"vulnerability@ncsc.ch","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:L/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"LOW","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"vulnerability@ncsc.ch","type":"Secondary","description":[{"lang":"en","value":"CWE-330"}]}],"references":[{"url":"https://www.ncsc.admin.ch/ncsc/en/home/infos-fuer/infos-it-spezialisten/themen/schwachstelle-melden/cvd-cases/cvd-case-1-test.html","source":"vulnerability@ncsc.ch"},{"url":"https://www.nimbletech.com.tw/index.php/release-note/","source":"vulnerability@ncsc.ch"}]}},{"cve":{"id":"CVE-2025-62582","sourceIdentifier":"759f5e80-c8e1-4224-bead-956d7b33c98b","published":"2026-01-16T03:15:59.830","lastModified":"2026-05-29T04:17:04.860","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Delta Electronics DIAView has multiple vulnerabilities."},{"lang":"es","value":"Delta Electronics DIAView tiene múltiples vulnerabilidades."}],"metrics":{"cvssMetricV31":[{"source":"759f5e80-c8e1-4224-bead-956d7b33c98b","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"759f5e80-c8e1-4224-bead-956d7b33c98b","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:deltaww:diaview:*:*:*:*:*:*:*:*","versionEndExcluding":"4.4.0","matchCriteriaId":"F27FF503-4356-4F27-9A1A-15F4680501BB"}]}]}],"references":[{"url":"https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2026-00001_DIAView%20Multiple%20Vulnerabilities%20(CVE-2025-62581,%20CVE-2025-62582)_v1.1.pdf","source":"759f5e80-c8e1-4224-bead-956d7b33c98b"}]}},{"cve":{"id":"CVE-2026-2704","sourceIdentifier":"cna@vuldb.com","published":"2026-02-19T07:17:49.720","lastModified":"2026-05-28T18:16:29.870","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A security vulnerability has been detected in Open Babel up to 3.1.1. The affected element is the function OpenBabel::transform3d::DescribeAsString of the file src/math/transform3d.cpp of the component CIF File Handler. The manipulation leads to out-of-bounds read. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 3.2.0 is sufficient to fix this issue. The identifier of the patch is e23a224b8fd9d7c2a7cde9ef4ec6afb4c05aa08a. It is suggested to install a patch to address this issue."},{"lang":"es","value":"Se ha descubierto una vulnerabilidad de seguridad en Open Babel hasta la versión 3.1.1. La cual afecta a la función OpenBabel::transform3d::DescribeAsString del archivo src/math/transform3d.cpp del componente Gestor de Archivos CIF. si se manipula se puede provocar una lectura fuera de límites. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado públicamente y puede ser utilizado. El proyecto fue informado del problema con antelación a través de un informe de incidencia pero aún no ha respondido."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-119"},{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openbabel:open_babel:*:*:*:*:*:*:*:*","versionEndIncluding":"3.1.1","matchCriteriaId":"C1F53B5D-AE11-4406-B954-7BD33D2E4DE6"}]}]}],"references":[{"url":"https://github.com/VedantMadane/openbabel/commit/e23a224b8fd9d7c2a7cde9ef4ec6afb4c05aa08a","source":"cna@vuldb.com"},{"url":"https://github.com/oneafter/0128/blob/main/ob1/repro.cif","source":"cna@vuldb.com","tags":["Exploit"]},{"url":"https://github.com/openbabel/openbabel/issues/2848","source":"cna@vuldb.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/openbabel/openbabel/pull/2862","source":"cna@vuldb.com"},{"url":"https://github.com/openbabel/openbabel/releases/tag/openbabel-3-2-0","source":"cna@vuldb.com"},{"url":"https://github.com/openbabel/openbabel/security/advisories/GHSA-6xw4-2g22-26h8","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/754378","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/346650","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/346650/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-23300","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-03-25T11:16:25.623","lastModified":"2026-05-28T14:46:05.717","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ipv6: fix panic when IPv4 route references loopback IPv6 nexthop\n\nWhen a standalone IPv6 nexthop object is created with a loopback device\n(e.g., \"ip -6 nexthop add id 100 dev lo\"), fib6_nh_init() misclassifies\nit as a reject route. This is because nexthop objects have no destination\nprefix (fc_dst=::), causing fib6_is_reject() to match any loopback\nnexthop. The reject path skips fib_nh_common_init(), leaving\nnhc_pcpu_rth_output unallocated. If an IPv4 route later references this\nnexthop, __mkroute_output() dereferences NULL nhc_pcpu_rth_output and\npanics.\n\nSimplify the check in fib6_nh_init() to only match explicit reject\nroutes (RTF_REJECT) instead of using fib6_is_reject(). The loopback\npromotion heuristic in fib6_is_reject() is handled separately by\nip6_route_info_create_nh(). After this change, the three cases behave\nas follows:\n\n1. Explicit reject route (\"ip -6 route add unreachable 2001:db8::/64\"):\n   RTF_REJECT is set, enters reject path, skips fib_nh_common_init().\n   No behavior change.\n\n2. Implicit loopback reject route (\"ip -6 route add 2001:db8::/32 dev lo\"):\n   RTF_REJECT is not set, takes normal path, fib_nh_common_init() is\n   called. ip6_route_info_create_nh() still promotes it to reject\n   afterward. nhc_pcpu_rth_output is allocated but unused, which is\n   harmless.\n\n3. Standalone nexthop object (\"ip -6 nexthop add id 100 dev lo\"):\n   RTF_REJECT is not set, takes normal path, fib_nh_common_init() is\n   called. nhc_pcpu_rth_output is properly allocated, fixing the crash\n   when IPv4 routes reference this nexthop."},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nnet: ipv6: corrige el pánico cuando una ruta IPv4 referencia un nexthop IPv6 de loopback\n\nCuando se crea un objeto nexthop IPv6 independiente con un dispositivo de loopback (p. ej., 'ip -6 nexthop add id 100 dev lo'), fib6_nh_init() lo clasifica erróneamente como una ruta de rechazo. Esto se debe a que los objetos nexthop no tienen prefijo de destino (fc_dst=::), lo que hace que fib6_is_reject() coincida con cualquier nexthop de loopback. La ruta de rechazo omite fib_nh_common_init(), dejando nhc_pcpu_rth_output sin asignar. Si una ruta IPv4 referencia posteriormente este nexthop, __mkroute_output() desreferencia nhc_pcpu_rth_output NULL y entra en pánico.\n\nSimplificar la verificación en fib6_nh_init() para que solo coincida con rutas de rechazo explícitas (RTF_REJECT) en lugar de usar fib6_is_reject(). La heurística de promoción de loopback en fib6_is_reject() se maneja por separado por ip6_route_info_create_nh(). Después de este cambio, los tres casos se comportan de la siguiente manera:\n\n1. Ruta de rechazo explícita ('ip -6 route add unreachable 2001:db8::/64'):\n   RTF_REJECT está configurado, entra en la ruta de rechazo, omite fib_nh_common_init().\n   Sin cambio de comportamiento.\n\n2. Ruta de rechazo de loopback implícita ('ip -6 route add 2001:db8::/32 dev lo'):\n   RTF_REJECT no está configurado, toma la ruta normal, se llama a fib_nh_common_init().\n   ip6_route_info_create_nh() aún lo promueve a rechazo posteriormente. nhc_pcpu_rth_output se asigna pero no se usa, lo cual es inofensivo.\n\n3. Objeto nexthop independiente ('ip -6 nexthop add id 100 dev lo'):\n   RTF_REJECT no está configurado, toma la ruta normal, se llama a fib_nh_common_init().\n   nhc_pcpu_rth_output se asigna correctamente, corrigiendo el fallo cuando las rutas IPv4 referencian este nexthop."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3","versionEndExcluding":"5.10.253","matchCriteriaId":"A2D2F803-8C22-4352-AD69-759DA6F15B32"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.203","matchCriteriaId":"20DDB3E9-AABF-4107-ADB0-5362AA067045"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.167","matchCriteriaId":"2EDC6BAF-B710-4E26-B6AA-D68922EE7B43"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.77","matchCriteriaId":"B3D12E00-E42D-4056-B354-BAD4903C03A5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.17","matchCriteriaId":"A5E006E4-59C7-43C1-9231-62A72219F2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.7","matchCriteriaId":"69245D10-0B71-485E-80C3-A64F077004D3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/21ec92774d1536f71bdc90b0e3d052eff99cf093","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/607e68c1b7c5a30c795571be1906d716e989a644","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8650db85b4259d2885d2a80fbc2317ce24194133","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b299121e7453d23faddf464087dff513a495b4fc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b3b5a037d520afe3d5276e653bc0ff516bbda34c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b5062fc2150614c9ea8a611c2e0cb6e047ebfa3a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c11d7c56c2076ee9cd72004f1976fe0734df2ae9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f7c9f8e3607440fe39300efbaf46cf7b5eecb23f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-23301","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-03-25T11:16:25.803","lastModified":"2026-05-28T14:44:19.440","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SDCA: Add allocation failure check for Entity name\n\nCurrently find_sdca_entity_iot() can allocate a string for the\nEntity name but it doesn't check if that allocation succeeded.\nAdd the missing NULL check after the allocation."},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nASoC: SDCA: Añadir comprobación de fallo de asignación para el nombre de la Entidad\n\nActualmente, find_sdca_entity_iot() puede asignar una cadena para el nombre de la Entidad, pero no comprueba si esa asignación tuvo éxito. Añadir la comprobación NULL faltante después de la asignación."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-252"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.7","matchCriteriaId":"69245D10-0B71-485E-80C3-A64F077004D3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/27990181031fdcdbe0f7c46011f6404e5d116386","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bdcc10a86055beb7109a786d94abf5626f375bbd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-23302","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-03-25T11:16:25.923","lastModified":"2026-05-28T14:42:48.333","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: annotate data-races around sk->sk_{data_ready,write_space}\n\nskmsg (and probably other layers) are changing these pointers\nwhile other cpus might read them concurrently.\n\nAdd corresponding READ_ONCE()/WRITE_ONCE() annotations\nfor UDP, TCP and AF_UNIX."},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nnet: anotar condiciones de carrera de datos alrededor de sk-&gt;sk_{data_ready,write_space}\n\nskmsg (y probablemente otras capas) están cambiando estos punteros mientras otras CPUs podrían leerlos concurrentemente.\n\nAñadir las correspondientes anotaciones READ_ONCE()/WRITE_ONCE() para UDP, TCP y AF_UNIX."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-362"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.20","versionEndExcluding":"6.6.136","matchCriteriaId":"6508946E-134B-4941-9550-4B3C2C1D16DD"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.82","matchCriteriaId":"02904CAE-71D2-45B3-9EC3-F6A9D18B6307"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.17","matchCriteriaId":"A5E006E4-59C7-43C1-9231-62A72219F2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.7","matchCriteriaId":"69245D10-0B71-485E-80C3-A64F077004D3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/27fccdbcbbfc4651b6f66756e6fa3f52e051ec23","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2ef2b20cf4e04ac8a6ba68493f8780776ff84300","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7ad01905831c815520f1b0486336a03bb7420465","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c494448bb522bbbb63096540eb2319101a0480ab","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f17c1c4acbe2bd702abce73a847a04a196fab2c5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-23303","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-03-25T11:16:26.060","lastModified":"2026-05-28T14:40:06.433","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: Don't log plaintext credentials in cifs_set_cifscreds\n\nWhen debug logging is enabled, cifs_set_cifscreds() logs the key\npayload and exposes the plaintext username and password. Remove the\ndebug log to avoid exposing credentials."},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nsmb: cliente: No registrar credenciales en texto plano en cifs_set_cifscreds\n\nCuando el registro de depuración está habilitado, cifs_set_cifscreds() registra la carga útil de la clave y expone el nombre de usuario y la contraseña en texto plano. Eliminar el registro de depuración para evitar exponer credenciales."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.3.1","versionEndExcluding":"5.10.253","matchCriteriaId":"FE4099A0-CF1A-4587-B409-7ECEFEBD0176"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.203","matchCriteriaId":"20DDB3E9-AABF-4107-ADB0-5362AA067045"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.167","matchCriteriaId":"2EDC6BAF-B710-4E26-B6AA-D68922EE7B43"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.77","matchCriteriaId":"B3D12E00-E42D-4056-B354-BAD4903C03A5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.17","matchCriteriaId":"A5E006E4-59C7-43C1-9231-62A72219F2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.7","matchCriteriaId":"69245D10-0B71-485E-80C3-A64F077004D3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.3:-:*:*:*:*:*:*","matchCriteriaId":"938CA222-4FA5-49B6-B828-242572B8208E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.3:rc2:*:*:*:*:*:*","matchCriteriaId":"DBFD2ACD-728A-4082-BB6A-A1EF6E58E47D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.3:rc3:*:*:*:*:*:*","matchCriteriaId":"C31B0E51-F62D-4053-B04F-FC4D5BC373D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.3:rc4:*:*:*:*:*:*","matchCriteriaId":"A914303E-1CB6-4AAD-9F5F-DE5433C4E814"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.3:rc5:*:*:*:*:*:*","matchCriteriaId":"203BBA69-90B2-4C5E-8023-C14180742421"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.3:rc6:*:*:*:*:*:*","matchCriteriaId":"0DBFAB53-B889-4028-AC0E-7E165B152A18"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.3:rc7:*:*:*:*:*:*","matchCriteriaId":"FE409AEC-F677-4DEF-8EB7-2C35809043CE"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/2ef0fc3bf49db2b9df36d5f44508c9e384bfa2a1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2f37dc436d4e61ff7ae0b0353cf91b8c10396e4d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3990f352bb0adc8688d0949a9c13e3110570eb61","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3e182701db612ddd794ccd5ed822e6cc1db2b972","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/54c570de9a35860dfa85fe668f23ddfda8cc7e26","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b746a357abfb8fdb0a171d51ec5091e786d34be1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e5a3b11e07b335006371915b2da47b6056c9e3bc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ff0ece8ed04180c52167c003362284b23cf54e8d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-23304","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-03-25T11:16:26.180","lastModified":"2026-05-28T14:34:35.550","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu()\n\nl3mdev_master_dev_rcu() can return NULL when the slave device is being\nun-slaved from a VRF. All other callers deal with this, but we lost\nthe fallback to loopback in ip6_rt_pcpu_alloc() -> ip6_rt_get_dev_rcu()\nwith commit 4832c30d5458 (\"net: ipv6: put host and anycast routes on\ndevice with address\").\n\n  KASAN: null-ptr-deref in range [0x0000000000000108-0x000000000000010f]\n  RIP: 0010:ip6_rt_pcpu_alloc (net/ipv6/route.c:1418)\n  Call Trace:\n   ip6_pol_route (net/ipv6/route.c:2318)\n   fib6_rule_lookup (net/ipv6/fib6_rules.c:115)\n   ip6_route_output_flags (net/ipv6/route.c:2607)\n   vrf_process_v6_outbound (drivers/net/vrf.c:437)\n\nI was tempted to rework the un-slaving code to clear the flag first\nand insert synchronize_rcu() before we remove the upper. But looks like\nthe explicit fallback to loopback_dev is an established pattern.\nAnd I guess avoiding the synchronize_rcu() is nice, too."},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nipv6: corrección de desreferencia de puntero NULL en ip6_rt_get_dev_rcu()\n\nl3mdev_master_dev_rcu() puede devolver NULL cuando el dispositivo esclavo está siendo desasociado de un VRF. Todos los demás llamadores manejan esto, pero perdimos la alternativa a loopback en ip6_rt_pcpu_alloc() -&gt; ip6_rt_get_dev_rcu() con el commit 4832c30d5458 ('net: ipv6: put host and anycast routes on device with address').\n\n  KASAN: desreferencia de puntero nulo en el rango [0x0000000000000108-0x000000000000010f]\n  RIP: 0010:ip6_rt_pcpu_alloc (net/ipv6/route.c:1418)\n  Traza de Llamadas:\n   ip6_pol_route (net/ipv6/route.c:2318)\n   fib6_rule_lookup (net/ipv6/fib6_rules.c:115)\n   ip6_route_output_flags (net/ipv6/route.c:2607)\n   vrf_process_v6_outbound (drivers/net/vrf.c:437)\n\nMe sentí tentado a reelaborar el código de desasociación para borrar la bandera primero e insertar synchronize_rcu() antes de que eliminemos el superior. Pero parece que la alternativa explícita a loopback_dev es un patrón establecido. Y supongo que evitar el synchronize_rcu() también es bueno."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14","versionEndExcluding":"5.10.253","matchCriteriaId":"7144BCBC-124B-49FA-8BCC-259910F77E5A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.203","matchCriteriaId":"20DDB3E9-AABF-4107-ADB0-5362AA067045"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.167","matchCriteriaId":"2EDC6BAF-B710-4E26-B6AA-D68922EE7B43"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.77","matchCriteriaId":"B3D12E00-E42D-4056-B354-BAD4903C03A5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.17","matchCriteriaId":"A5E006E4-59C7-43C1-9231-62A72219F2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.7","matchCriteriaId":"69245D10-0B71-485E-80C3-A64F077004D3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0b5a7826020706057cc5a9d9009e667027f221ee","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2ffb4f5c2ccb2fa1c049dd11899aee7967deef5a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3310fc11fc47387d1dd4759b0bc961643ea11c7f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4a48fe59f29f673a3d042d679f26629a9c3e29d4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/581800298313c9fd75e94985e6d37d21b7e35d34","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a73fe9f4ae84a239d5b2686f47a58c158aee2eb4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ae88c8256547b63980770a9ea7be73a15900d27e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d542e2ac7f9e288d49735be0775611547ca4e0ee","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-23305","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-03-25T11:16:26.347","lastModified":"2026-05-28T14:33:24.890","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\naccel/rocket: fix unwinding in error path in rocket_probe\n\nWhen rocket_core_init() fails (as could be the case with EPROBE_DEFER),\nwe need to properly unwind by decrementing the counter we just\nincremented and if this is the first core we failed to probe, remove the\nrocket DRM device with rocket_device_fini() as well. This matches the\nlogic in rocket_remove(). Failing to properly unwind results in\nout-of-bounds accesses."},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\naccel/rocket: corregir el desenrollado en la ruta de error en rocket_probe\n\nCuando rocket_core_init() falla (como podría ser el caso con EPROBE_DEFER), necesitamos desenrollar correctamente decrementando el contador que acabamos de incrementar y, si este es el primer núcleo que no pudimos sondear, eliminar también el dispositivo DRM de rocket con rocket_device_fini(). Esto coincide con la lógica en rocket_remove(). No desenrollar correctamente resulta en accesos fuera de límites."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.18","versionEndExcluding":"6.18.17","matchCriteriaId":"91D34097-62D4-400A-8894-1A45A5B44EEA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.7","matchCriteriaId":"69245D10-0B71-485E-80C3-A64F077004D3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/34f4495a7f72895776b81969639f527c99eb12b9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7fc4b49474c836cee7d9801abf05e0198fcbfa74","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/eeaf28c8f4defe371a008a5ddefaf18abf534f81","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-23306","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-03-25T11:16:26.487","lastModified":"2026-05-28T14:31:45.513","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: pm8001: Fix use-after-free in pm8001_queue_command()\n\nCommit e29c47fe8946 (\"scsi: pm8001: Simplify pm8001_task_exec()\") refactors\npm8001_queue_command(), however it introduces a potential cause of a double\nfree scenario when it changes the function to return -ENODEV in case of phy\ndown/device gone state.\n\nIn this path, pm8001_queue_command() updates task status and calls\ntask_done to indicate to upper layer that the task has been handled.\nHowever, this also frees the underlying SAS task. A -ENODEV is then\nreturned to the caller. When libsas sas_ata_qc_issue() receives this error\nvalue, it assumes the task wasn't handled/queued by LLDD and proceeds to\nclean up and free the task again, resulting in a double free.\n\nSince pm8001_queue_command() handles the SAS task in this case, it should\nreturn 0 to the caller indicating that the task has been handled."},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nscsi: pm8001: Corrección de uso después de liberación en pm8001_queue_command()\n\nEl commit e29c47fe8946 ('scsi: pm8001: Simplificar pm8001_task_exec()') refactoriza pm8001_queue_command(), sin embargo, introduce una causa potencial de un escenario de doble liberación cuando cambia la función para que devuelva -ENODEV en caso de estado de phy inactivo/dispositivo desaparecido.\n\nEn esta ruta, pm8001_queue_command() actualiza el estado de la tarea y llama a task_done para indicar a la capa superior que la tarea ha sido gestionada. Sin embargo, esto también libera la tarea SAS subyacente. Entonces se devuelve un -ENODEV al llamador. Cuando libsas sas_ata_qc_issue() recibe este valor de error, asume que la tarea no fue gestionada/enviada a la cola por LLDD y procede a limpiar y liberar la tarea de nuevo, resultando en una doble liberación.\n\nDado que pm8001_queue_command() gestiona la tarea SAS en este caso, debería devolver 0 al llamador indicando que la tarea ha sido gestionada."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.18","versionEndExcluding":"6.1.167","matchCriteriaId":"25D24035-467E-4E84-987E-DA8067ECEAC4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.77","matchCriteriaId":"B3D12E00-E42D-4056-B354-BAD4903C03A5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.17","matchCriteriaId":"A5E006E4-59C7-43C1-9231-62A72219F2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.7","matchCriteriaId":"69245D10-0B71-485E-80C3-A64F077004D3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/227ff4af00abc40b95123cc27ee8079069dcd8d7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/38353c26db28efd984f51d426eac2396d299cca7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/824a7672e3540962d5c77d4c6666254d7aa6f0b3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8b00427317ba7b7ec91252b034009f638d0f311b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c5dc39f8ae055520fd778b7fb0423f11586f15c4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ebbb852ffbc952b95ddb7e3872b67b3e74c6da47","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-23307","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-03-25T11:16:26.657","lastModified":"2026-05-28T14:28:13.630","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ncan: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a message\n\nWhen looking at the data in a USB urb, the actual_length is the size of\nthe buffer passed to the driver, not the transfer_buffer_length which is\nset by the driver as the max size of the buffer.\n\nWhen parsing the messages in ems_usb_read_bulk_callback() properly check\nthe size both at the beginning of parsing the message to make sure it is\nbig enough for the expected structure, and at the end of the message to\nmake sure we don't overflow past the end of the buffer for the next\nmessage."},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\ncan: ems_usb: ems_usb_read_bulk_callback(): comprobar la longitud adecuada de un mensaje\n\nAl examinar los datos en un urb USB, la actual_length es el tamaño del búfer pasado al controlador, no la transfer_buffer_length que es establecida por el controlador como el tamaño máximo del búfer.\n\nAl analizar los mensajes en ems_usb_read_bulk_callback(), comprobar correctamente el tamaño tanto al principio del análisis del mensaje para asegurarse de que sea lo suficientemente grande para la estructura esperada, como al final del mensaje para asegurarse de que no desbordemos más allá del final del búfer para el siguiente mensaje."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.32","versionEndExcluding":"5.10.253","matchCriteriaId":"8DB41968-2F6C-4EDB-B464-1CF2AF52EF42"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.203","matchCriteriaId":"20DDB3E9-AABF-4107-ADB0-5362AA067045"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.167","matchCriteriaId":"2EDC6BAF-B710-4E26-B6AA-D68922EE7B43"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.77","matchCriteriaId":"B3D12E00-E42D-4056-B354-BAD4903C03A5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.17","matchCriteriaId":"A5E006E4-59C7-43C1-9231-62A72219F2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.7","matchCriteriaId":"69245D10-0B71-485E-80C3-A64F077004D3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1818974e1b5ef200e27f144c8cb8a246420bb54d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/18f75b9cbdc3703f15965425ab69dee509b07785","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1cf469026d4a2308eaa91d04dca4a900d07a5c2e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2833e13e2b099546abf5d40a483b4eb04ddd1f7b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/38a01c9700b0dcafe97dfa9dc7531bf4a245deff","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/aed172a2e2330131f0977d2acd3ec8883f413ec1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c703bbf8e9b4947e111c88d2ed09236a6772a471","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f10177e6c4575aedaea580ce67d792fab7a2235e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-23308","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-03-25T11:16:26.823","lastModified":"2026-05-28T14:25:49.883","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: equilibrium: fix warning trace on load\n\nThe callback functions 'eqbr_irq_mask()' and 'eqbr_irq_ack()' are also\ncalled in the callback function 'eqbr_irq_mask_ack()'. This is done to\navoid source code duplication. The problem, is that in the function\n'eqbr_irq_mask()' also calles the gpiolib function 'gpiochip_disable_irq()'\n\nThis generates the following warning trace in the log for every gpio on\nload.\n\n[    6.088111] ------------[ cut here ]------------\n[    6.092440] WARNING: CPU: 3 PID: 1 at drivers/gpio/gpiolib.c:3810 gpiochip_disable_irq+0x39/0x50\n[    6.097847] Modules linked in:\n[    6.097847] CPU: 3 UID: 0 PID: 1 Comm: swapper/0 Tainted: G        W          6.12.59+ #0\n[    6.097847] Tainted: [W]=WARN\n[    6.097847] RIP: 0010:gpiochip_disable_irq+0x39/0x50\n[    6.097847] Code: 39 c6 48 19 c0 21 c6 48 c1 e6 05 48 03 b2 38 03 00 00 48 81 fe 00 f0 ff ff 77 11 48 8b 46 08 f6 c4 02 74 06 f0 80 66 09 fb c3 <0f> 0b 90 0f 1f 40 00 c3 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40\n[    6.097847] RSP: 0000:ffffc9000000b830 EFLAGS: 00010046\n[    6.097847] RAX: 0000000000000045 RBX: ffff888001be02a0 RCX: 0000000000000008\n[    6.097847] RDX: ffff888001be9000 RSI: ffff888001b2dd00 RDI: ffff888001be02a0\n[    6.097847] RBP: ffffc9000000b860 R08: 0000000000000000 R09: 0000000000000000\n[    6.097847] R10: 0000000000000001 R11: ffff888001b2a154 R12: ffff888001be0514\n[    6.097847] R13: ffff888001be02a0 R14: 0000000000000008 R15: 0000000000000000\n[    6.097847] FS:  0000000000000000(0000) GS:ffff888041d80000(0000) knlGS:0000000000000000\n[    6.097847] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[    6.097847] CR2: 0000000000000000 CR3: 0000000003030000 CR4: 00000000001026b0\n[    6.097847] Call Trace:\n[    6.097847]  <TASK>\n[    6.097847]  ? eqbr_irq_mask+0x63/0x70\n[    6.097847]  ? no_action+0x10/0x10\n[    6.097847]  eqbr_irq_mask_ack+0x11/0x60\n\nIn an other driver (drivers/pinctrl/starfive/pinctrl-starfive-jh7100.c) the\ninterrupt is not disabled here.\n\nTo fix this, do not call the 'eqbr_irq_mask()' and 'eqbr_irq_ack()'\nfunction. Implement instead this directly without disabling the interrupts."},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\npinctrl: equilibrium: corregir el rastro de advertencia al cargar\n\nLas funciones de callback 'eqbr_irq_mask()' y 'eqbr_irq_ack()' también se llaman en la función de callback 'eqbr_irq_mask_ack()'. Esto se hace para evitar la duplicación de código fuente. El problema, es que en la función 'eqbr_irq_mask()' también llama a la función gpiolib 'gpiochip_disable_irq()'.\n\nEsto genera el siguiente rastro de advertencia en el log para cada gpio al cargar.\n\n[    6.088111] ------------[ cut here ]------------\n[    6.092440] WARNING: CPU: 3 PID: 1 at drivers/gpio/gpiolib.c:3810 gpiochip_disable_irq+0x39/0x50\n[    6.097847] Modules linked in:\n[    6.097847] CPU: 3 UID: 0 PID: 1 Comm: swapper/0 Tainted: G        W          6.12.59+ #0\n[    6.097847] Tainted: [W]=WARN\n[    6.097847] RIP: 0010:gpiochip_disable_irq+0x39/0x50\n[    6.097847] Code: 39 c6 48 19 c0 21 c6 48 c1 e6 05 48 03 b2 38 03 00 00 48 81 fe 00 f0 ff ff 77 11 48 8b 46 08 f6 c4 02 74 06 f0 80 66 09 fb c3 &lt;0f&gt; 0b 90 0f 1f 40 00 c3 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40\n[    6.097847] RSP: 0000:ffffc9000000b830 EFLAGS: 00010046\n[    6.097847] RAX: 0000000000000045 RBX: ffff888001be02a0 RCX: 0000000000000008\n[    6.097847] RDX: ffff888001be9000 RSI: ffff888001b2dd00 RDI: ffff888001be02a0\n[    6.097847] RBP: ffffc9000000b860 R08: 0000000000000000 R09: 0000000000000000\n[    6.097847] R10: 0000000000000001 R11: ffff888001b2a154 R12: ffff888001be0514\n[    6.097847] R13: ffff888001be02a0 R14: 0000000000000008 R15: 0000000000000000\n[    6.097847] FS:  0000000000000000(0000) GS:ffff888041d80000(0000) knlGS:0000000000000000\n[    6.097847] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[    6.097847] CR2: 0000000000000000 CR3: 0000000003030000 CR4: 00000000001026b0\n[    6.097847] Call Trace:\n[    6.097847]  \n[    6.097847]  ? eqbr_irq_mask+0x63/0x70\n[    6.097847]  ? no_action+0x10/0x10\n[    6.097847]  eqbr_irq_mask_ack+0x11/0x60\n\nEn otro controlador (drivers/pinctrl/starfive/pinctrl-starfive-jh7100.c) la interrupción no se deshabilita aquí.\n\nPara solucionar esto, no llame a la función 'eqbr_irq_mask()' y 'eqbr_irq_ack()'. En su lugar, implemente esto directamente sin deshabilitar las interrupciones."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4","versionEndExcluding":"6.6.130","matchCriteriaId":"B5DC2349-A344-41CA-9A54-55596F8AD981"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.77","matchCriteriaId":"B3D12E00-E42D-4056-B354-BAD4903C03A5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.17","matchCriteriaId":"A5E006E4-59C7-43C1-9231-62A72219F2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.7","matchCriteriaId":"69245D10-0B71-485E-80C3-A64F077004D3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/3e00b1b332e54ba50cca6691f628b9c06574024f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/53eba152810ef0fff8567b13ea0f62d48e62df6b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/896449ad9053a42c6c710aeae6175170176cabd0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/af3b0ec98dc1133521b612f8009fdd36b612aabe","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ec54546e8d8a50a9824c139a127a8459d1b0b1bb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-23309","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-03-25T11:16:26.993","lastModified":"2026-05-28T14:24:05.053","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Add NULL pointer check to trigger_data_free()\n\nIf trigger_data_alloc() fails and returns NULL, event_hist_trigger_parse()\njumps to the out_free error path. While kfree() safely handles a NULL\npointer, trigger_data_free() does not. This causes a NULL pointer\ndereference in trigger_data_free() when evaluating\ndata->cmd_ops->set_filter.\n\nFix the problem by adding a NULL pointer check to trigger_data_free().\n\nThe problem was found by an experimental code review agent based on\ngemini-3.1-pro while reviewing backports into v6.18.y."},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\ntracing: Añadir comprobación de puntero NULL a trigger_data_free()\n\nSi trigger_data_alloc() falla y devuelve NULL, event_hist_trigger_parse() salta a la ruta de error out_free. Aunque kfree() maneja de forma segura un puntero NULL, trigger_data_free() no lo hace. Esto causa una desreferencia de puntero NULL en trigger_data_free() al evaluar data-&gt;cmd_ops-&gt;set_filter.\n\nCorregir el problema añadiendo una comprobación de puntero NULL a trigger_data_free().\n\nEl problema fue encontrado por un agente experimental de revisión de código basado en gemini-3.1-pro mientras revisaba backports en v6.18.y."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.165","versionEndExcluding":"6.1.167","matchCriteriaId":"D54E2FD5-7EF9-426A-9AE1-8E8DA970BCC8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.128","versionEndExcluding":"6.6.130","matchCriteriaId":"2099D3D0-97C6-44C5-913D-E616B07A9237"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12.75","versionEndExcluding":"6.12.77","matchCriteriaId":"84A22880-A425-402F-879A-9309659E3D36"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.18.14","versionEndExcluding":"6.18.17","matchCriteriaId":"4AEF99ED-2A46-4ECD-A9A4-D4D616C3DEE3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19.4","versionEndExcluding":"6.19.7","matchCriteriaId":"EABFC675-2A5E-4569-92F7-1E8942DA0683"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/13dcd9269e225e4c4ceabdaeebe2ce4661b54c6e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2ce8ece5a78da67834db7728edc801889a64f643","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/42b380f97d65e76e7b310facd525f730272daf57","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/457965c13f0837a289c9164b842d0860133f6274","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/477469223b2b840f436ce204333de87cb17e5d93","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/59c15b9cc453b74beb9f04c6c398717e73612dc3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-23310","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-03-25T11:16:27.160","lastModified":"2026-05-28T14:20:22.840","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf/bonding: reject vlan+srcmac xmit_hash_policy change when XDP is loaded\n\nbond_option_mode_set() already rejects mode changes that would make a\nloaded XDP program incompatible via bond_xdp_check().  However,\nbond_option_xmit_hash_policy_set() has no such guard.\n\nFor 802.3ad and balance-xor modes, bond_xdp_check() returns false when\nxmit_hash_policy is vlan+srcmac, because the 802.1q payload is usually\nabsent due to hardware offload.  This means a user can:\n\n1. Attach a native XDP program to a bond in 802.3ad/balance-xor mode\n   with a compatible xmit_hash_policy (e.g. layer2+3).\n2. Change xmit_hash_policy to vlan+srcmac while XDP remains loaded.\n\nThis leaves bond->xdp_prog set but bond_xdp_check() now returning false\nfor the same device.  When the bond is later destroyed, dev_xdp_uninstall()\ncalls bond_xdp_set(dev, NULL, NULL) to remove the program, which hits\nthe bond_xdp_check() guard and returns -EOPNOTSUPP, triggering:\n\nWARN_ON(dev_xdp_install(dev, mode, bpf_op, NULL, 0, NULL))\n\nFix this by rejecting xmit_hash_policy changes to vlan+srcmac when an\nXDP program is loaded on a bond in 802.3ad or balance-xor mode.\n\ncommit 39a0876d595b (\"net, bonding: Disallow vlan+srcmac with XDP\")\nintroduced bond_xdp_check() which returns false for 802.3ad/balance-xor\nmodes when xmit_hash_policy is vlan+srcmac.  The check was wired into\nbond_xdp_set() to reject XDP attachment with an incompatible policy, but\nthe symmetric path -- preventing xmit_hash_policy from being changed to an\nincompatible value after XDP is already loaded -- was left unguarded in\nbond_option_xmit_hash_policy_set().\n\nNote:\ncommit 094ee6017ea0 (\"bonding: check xdp prog when set bond mode\")\nlater added a similar guard to bond_option_mode_set(), but\nbond_option_xmit_hash_policy_set() remained unprotected."},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nbpf/bonding: rechazar el cambio de política de hash de transmisión (xmit_hash_policy) a vlan+srcmac cuando XDP está cargado\n\nbond_option_mode_set() ya rechaza los cambios de modo que harían incompatible un programa XDP cargado a través de bond_xdp_check(). Sin embargo, bond_option_xmit_hash_policy_set() no tiene tal protección.\n\nPara los modos 802.3ad y balance-xor, bond_xdp_check() devuelve falso cuando la política de hash de transmisión (xmit_hash_policy) es vlan+srcmac, porque la carga útil 802.1q suele estar ausente debido a la descarga de hardware. Esto significa que un usuario puede:\n\n1. Adjuntar un programa XDP nativo a un bond en modo 802.3ad/balance-xor con una política de hash de transmisión (xmit_hash_policy) compatible (por ejemplo, capa2+3).\n2. Cambiar la política de hash de transmisión (xmit_hash_policy) a vlan+srcmac mientras XDP permanece cargado.\n\nEsto deja bond-&gt;xdp_prog establecido, pero bond_xdp_check() ahora devuelve falso para el mismo dispositivo. Cuando el bond es destruido posteriormente, dev_xdp_uninstall() llama a bond_xdp_set(dev, NULL, NULL) para eliminar el programa, lo que activa la protección de bond_xdp_check() y devuelve -EOPNOTSUPP, desencadenando:\n\nWARN_ON(dev_xdp_install(dev, mode, bpf_op, NULL, 0, NULL))\n\nSolucione esto rechazando los cambios de política de hash de transmisión (xmit_hash_policy) a vlan+srcmac cuando un programa XDP está cargado en un bond en modo 802.3ad o balance-xor.\n\nEl commit 39a0876d595b ('net, bonding: No permitir vlan+srcmac con XDP') introdujo bond_xdp_check() que devuelve falso para los modos 802.3ad/balance-xor cuando la política de hash de transmisión (xmit_hash_policy) es vlan+srcmac. La verificación se integró en bond_xdp_set() para rechazar la asociación de XDP con una política incompatible, pero la ruta simétrica -- impidiendo que la política de hash de transmisión (xmit_hash_policy) se cambie a un valor incompatible después de que XDP ya esté cargado -- se dejó sin protección en bond_option_xmit_hash_policy_set().\n\nNota:\nEl commit 094ee6017ea0 ('bonding: verificar programa xdp al establecer modo de bond') añadió posteriormente una protección similar a bond_option_mode_set(), pero bond_option_xmit_hash_policy_set() permaneció sin protección."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"6.6.130","matchCriteriaId":"E265D934-61CB-43A3-82C6-6D0F5B6DD9D1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.77","matchCriteriaId":"B3D12E00-E42D-4056-B354-BAD4903C03A5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.17","matchCriteriaId":"A5E006E4-59C7-43C1-9231-62A72219F2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.7","matchCriteriaId":"69245D10-0B71-485E-80C3-A64F077004D3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0ace8027e41f6f094ef6c1aca42d2ed6cd7af54e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/479d589b40b836442bbdadc3fdb37f001bb67f26","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5c262bd0e39320a6d6c8277cb8349ce21c01b8c1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d36ad7e126c6a0c5f699583309ccc37e3a3263ea","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e85fa809e507b9d8eff4840888b8c727e4e8448c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-5119","sourceIdentifier":"secalert@redhat.com","published":"2026-03-30T07:15:58.350","lastModified":"2026-05-28T12:16:17.833","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential session hijacking or user impersonation."},{"lang":"es","value":"Se encontró una vulnerabilidad en libsoup. Al establecer túneles HTTPS a través de un proxy HTTP configurado, las cookies de sesión sensibles se transmiten en texto claro dentro de la solicitud HTTP CONNECT inicial. Un atacante posicionado en la red o un proxy HTTP malicioso puede interceptar estas cookies, lo que podría conducir al secuestro potencial de la sesión o a la suplantación de identidad del usuario."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":4.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-319"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gnome:libsoup:-:*:*:*:*:*:*:*","matchCriteriaId":"C5BAC4F4-3ACD-4F4D-920C-F920FD2C5472"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:13978","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:14087","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:15968","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:17482","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19143","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19356","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:21686","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-5119","source":"secalert@redhat.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2452932","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://gitlab.gnome.org/GNOME/libsoup/-/issues/502","source":"secalert@redhat.com","tags":["Exploit","Issue Tracking"]}]}},{"cve":{"id":"CVE-2026-5272","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-04-01T05:16:00.287","lastModified":"2026-05-28T14:33:59.507","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Heap buffer overflow in GPU in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Primary","description":[{"lang":"en","value":"CWE-122"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"146.0.7680.177","matchCriteriaId":"55B0324F-7911-403B-8235-D71996B55DFB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/491732188","source":"chrome-cve-admin@google.com","tags":["Issue Tracking","Permissions Required"]}]}},{"cve":{"id":"CVE-2026-34531","sourceIdentifier":"security-advisories@github.com","published":"2026-04-01T21:17:01.147","lastModified":"2026-05-28T18:16:31.440","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Flask-HTTPAuth provides Basic, Digest and Token HTTP authentication for Flask routes. Prior to version 4.8.1, in a situation where the client makes a request to a token protected resource without passing a token, or passing an empty token, Flask-HTTPAuth would invoke the application's token verification callback function with the token argument set to an empty string. If the application had any users in its database with an empty string set as their token, then it could potentially authenticate the client request against any of those users. This issue has been patched in version 4.8.1."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":4.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:miguelgrinberg:flask-httpauth:*:*:*:*:*:python:*:*","versionEndExcluding":"4.8.1","matchCriteriaId":"27C90FDD-EF05-4AF2-BDE6-4E47481562E2"}]}]}],"references":[{"url":"https://github.com/miguelgrinberg/Flask-HTTPAuth/releases/tag/v4.8.1","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/miguelgrinberg/Flask-HTTPAuth/security/advisories/GHSA-p44q-vqpr-4xmg","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://github.com/miguelgrinberg/flask-httpauth/commit/b15ffe9e50e110d7174ccd944f642079e1dcf9ee","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://lists.debian.org/debian-lts-announce/2026/05/msg00049.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-32201","sourceIdentifier":"secure@microsoft.com","published":"2026-04-14T18:17:27.160","lastModified":"2026-05-28T14:27:53.370","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network."}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}]},"cisaExploitAdd":"2026-04-14","cisaActionDue":"2026-04-28","cisaRequiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","cisaVulnerabilityName":"Microsoft SharePoint Server Improper Input Validation Vulnerability","weaknesses":[{"source":"secure@microsoft.com","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*","versionEndExcluding":"16.0.19725.20210","matchCriteriaId":"5CA92EAC-72F0-43F4-A8E0-FA40C57AEF01"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*","matchCriteriaId":"F815EF1D-7B60-47BE-9AC2-2548F99F10E4"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*","matchCriteriaId":"6122D014-5BF1-4AF4-8B4D-80205ED7785E"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201","source":"secure@microsoft.com","tags":["Vendor Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-32201","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-6019","sourceIdentifier":"cna@python.org","published":"2026-04-22T20:16:42.617","lastModified":"2026-05-28T19:15:28.540","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"http.cookies.Morsel.js_output() returns an inline <script> snippet and only escapes \" for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence </script> inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie value."}],"metrics":{"cvssMetricV40":[{"source":"cna@python.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"cna@python.org","type":"Secondary","description":[{"lang":"en","value":"CWE-150"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-116"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*","versionEndExcluding":"3.15.0","matchCriteriaId":"43B0671A-35BB-4EE4-8A68-E79B62A75547"}]}]}],"references":[{"url":"https://github.com/python/cpython/commit/3c59b8b53fc75c7f9578d16fb8201ceb43e8f76c","source":"cna@python.org","tags":["Patch"]},{"url":"https://github.com/python/cpython/commit/76b3923d688c0efc580658476c5f525ec8735104","source":"cna@python.org","tags":["Patch"]},{"url":"https://github.com/python/cpython/commit/f795e042043dfe26c42e1971d4502c1cdc4c65b8","source":"cna@python.org","tags":["Patch"]},{"url":"https://github.com/python/cpython/issues/90309","source":"cna@python.org","tags":["Exploit","Issue Tracking"]},{"url":"https://github.com/python/cpython/pull/148848","source":"cna@python.org","tags":["Issue Tracking","Patch"]},{"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/IVNWGV2BBNC3RHQAFS22UP4DY56SAXX3/","source":"cna@python.org","tags":["Mailing List","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-33999","sourceIdentifier":"secalert@redhat.com","published":"2026-04-23T16:16:24.623","lastModified":"2026-05-28T16:16:20.687","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of service (DoS) or other severe impacts."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-191"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:10739","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:11352","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:11369","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:11388","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:11656","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:11692","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:13414","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19125","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19342","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19343","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19344","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20547","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20555","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20557","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20558","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20560","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20561","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20562","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20563","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20575","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20576","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20590","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:21699","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:21712","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:21715","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:21716","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:21718","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:21741","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:21742","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-33999","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451106","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-34001","sourceIdentifier":"secalert@redhat.com","published":"2026-04-23T16:16:24.777","lastModified":"2026-05-28T16:16:20.963","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence() function. An attacker with access to the X11 server can exploit this without user interaction, leading to a server crash and potentially enabling memory corruption. This could result in a denial of service or further compromise of the system."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-825"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:10739","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:11352","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:11369","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:11388","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:11656","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:11692","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:13414","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19125","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19342","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19343","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19344","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20547","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20555","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20557","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20558","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20560","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20561","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20562","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20563","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20575","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20576","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20590","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:21699","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:21712","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:21715","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:21716","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:21718","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:21741","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:21742","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-34001","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451109","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-34003","sourceIdentifier":"secalert@redhat.com","published":"2026-04-23T16:16:24.920","lastModified":"2026-05-28T16:16:21.250","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in the X.Org X server's XKB key types request validation. A local attacker could send a specially crafted request to the X server, leading to an out-of-bounds memory access vulnerability. This could result in the disclosure of sensitive information or cause the server to crash, leading to a Denial of Service (DoS). In certain configurations, higher impact outcomes may be possible."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:10739","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:11352","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:11369","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:11388","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:11656","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:11692","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:13414","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19125","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19342","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19343","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19344","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20547","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20555","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20557","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20558","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20560","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20561","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20562","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20563","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20575","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20576","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20590","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:21699","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:21712","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:21715","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:21716","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:21718","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:21741","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:21742","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-34003","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451113","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-7101","sourceIdentifier":"cna@vuldb.com","published":"2026-04-27T09:16:02.747","lastModified":"2026-05-28T13:57:48.290","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability has been found in Tenda F456 1.0.0.5. This affects the function fromWrlclientSet of the file /goform/WrlclientSet of the component httpd. The manipulation leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:C/I:C/A:C","baseScore":9.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-119"},{"lang":"en","value":"CWE-120"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:tenda:f456_firmware:1.0.0.5:*:*:*:*:*:*:*","matchCriteriaId":"1447AF3C-1A81-4784-A3AB-7F6075607BC7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:tenda:f456:-:*:*:*:*:*:*:*","matchCriteriaId":"ED31EF75-B92E-4362-9B56-AF1DFE4B9D1C"}]}]}],"references":[{"url":"https://github.com/Litengzheng/vuldb_new/blob/main/F456/vul_139/README.md","source":"cna@vuldb.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://vuldb.com/submit/798474","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/vuln/359676","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/vuln/359676/cti","source":"cna@vuldb.com","tags":["Permissions Required","VDB Entry"]},{"url":"https://www.tenda.com.cn/","source":"cna@vuldb.com","tags":["Product"]}]}},{"cve":{"id":"CVE-2026-5781","sourceIdentifier":"cve-coordination@incibe.es","published":"2026-04-28T13:19:22.717","lastModified":"2026-05-28T13:57:24.813","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An authorization vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/moUser/update' endpoint, could allow an authenticated user with user modification privileges to escalate their privileges by sending an HTTP request with a manipulated 'identifier' field. Successful exploitation of this vulnerability could allow an authenticated user to obtain administrator privileges. It is not possible to escalate privileges through the graphical user interface."}],"metrics":{"cvssMetricV40":[{"source":"cve-coordination@incibe.es","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"cve-coordination@incibe.es","type":"Primary","description":[{"lang":"en","value":"CWE-285"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:agilonhealth:minerva:3.6.0:*:*:*:*:*:*:*","matchCriteriaId":"14070C6A-CA8D-4B09-B988-D05A648B76F1"}]}]}],"references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-mphrxs-minerva","source":"cve-coordination@incibe.es","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-43001","sourceIdentifier":"cve@mitre.org","published":"2026-05-01T09:16:17.273","lastModified":"2026-05-28T19:16:37.917","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in OpenStack Keystone before 29.0.2. POST /v3/credentials did not validate that the caller-supplied project_id for an EC2-type credential matched the project of the authenticating application credential. This allowed an attacker holding an unrestricted application credential for project A to create an EC2 credential targeting project B; a subsequent /v3/ec2tokens exchange would then issue a Keystone token scoped to project B while still carrying the original app_cred_id, enabling cross-project lateral movement within the credential owner's role footprint."}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L","baseScore":7.9,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":1.3,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":6.0}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*","versionStartIncluding":"13.0.0","versionEndIncluding":"19.0.0","matchCriteriaId":"15A2E255-7303-4B2E-8970-0A3E4B40F9BA"}]}]}],"references":[{"url":"https://bugs.launchpad.net/keystone/+bug/2149775","source":"cve@mitre.org","tags":["Exploit","Issue Tracking"]},{"url":"https://review.opendev.org/c/openstack/keystone/+/985804","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://security.openstack.org/ossa/OSSA-2026-015.html","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-34000","sourceIdentifier":"secalert@redhat.com","published":"2026-05-05T16:16:11.647","lastModified":"2026-05-28T18:16:30.750","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry processing, specifically within the `CheckSetGeom()` and `XkbAddGeomKeyAlias` functions, allows an attacker to read uninitialized or out-of-bounds memory. An attacker with a connection to the X11 server, either locally or remotely, can exploit this without user interaction. This could lead to the disclosure of memory contents or cause a denial of service by crashing the server."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":4.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:x.org:x_server:-:*:*:*:*:*:*:*","matchCriteriaId":"858025BB-24A3-42C3-B157-486862B37124"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","matchCriteriaId":"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:19342","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20547","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20555","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20557","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20558","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20560","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20561","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20562","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20563","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20575","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20576","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20590","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:21699","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:21712","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:21715","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:21716","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:21718","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:21741","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:21742","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-34000","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451107","source":"secalert@redhat.com","tags":["Issue Tracking","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-34002","sourceIdentifier":"secalert@redhat.com","published":"2026-05-05T16:16:11.787","lastModified":"2026-05-28T18:16:31.017","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in the X.Org X server. This vulnerability, an out-of-bounds read, affects the XKB (X Keyboard Extension) modifier map handling. An attacker with access to the X11 server can exploit this by sending a malformed request, which causes the server to read beyond its intended memory boundaries. This can lead to the exposure of sensitive information or cause the server to crash, resulting in a denial of service."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":4.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-805"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:x.org:x_server:-:*:*:*:*:*:*:*","matchCriteriaId":"858025BB-24A3-42C3-B157-486862B37124"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","matchCriteriaId":"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:20547","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20555","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20557","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20558","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20560","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20561","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20562","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20563","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20575","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20576","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20590","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:21699","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:21712","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:21715","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:21716","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:21718","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:21741","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:21742","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-34002","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451112","source":"secalert@redhat.com","tags":["Issue Tracking","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2021-47924","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-10T13:16:28.307","lastModified":"2026-05-28T16:16:19.950","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Ultimate Product Catalogue 5.8.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the price parameter. Attackers can submit POST requests to post.php with HTML/JavaScript payloads in the price field to execute arbitrary code when the product is viewed."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://wordpress.org/plugins/ultimate-product-catalogue/","source":"disclosure@vulncheck.com"},{"url":"https://www.etoilewebdesign.com","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/50534","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/wordpress-plugin-ultimate-product-catalog-stored-xss-via-price","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-4802","sourceIdentifier":"secalert@redhat.com","published":"2026-05-11T14:16:31.550","lastModified":"2026-05-28T16:16:30.317","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface (UI). An attacker can inject shell metacharacters and command substitutions into these parameters, leading to the execution of arbitrary shell commands on the affected system. This could result in a complete system compromise."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":8.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.1,"impactScore":5.9}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:21390","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:21392","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:21394","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:21395","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:21468","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:21515","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:21516","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:21647","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:21676","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:21700","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-4802","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451155","source":"secalert@redhat.com"},{"url":"https://github.com/cockpit-project/cockpit/blob/e204cd130/pkg/systemd/logsJournal.jsx#L206-L210","source":"secalert@redhat.com"},{"url":"http://www.openwall.com/lists/oss-security/2026/05/20/19","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-35438","sourceIdentifier":"secure@microsoft.com","published":"2026-05-12T18:17:14.030","lastModified":"2026-05-28T20:39:39.480","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges over a network."}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.5}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:windows_admin_center:*:*:*:*:*:*:*:*","versionEndExcluding":"2511","matchCriteriaId":"6E6B16F7-D308-4FCC-B230-6AFFB020AFE4"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35438","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-45185","sourceIdentifier":"cve@mitre.org","published":"2026-05-12T20:16:46.137","lastModified":"2026-05-28T18:46:27.410","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS close_notify mid-body during a CHUNKING transfer, followed by a final cleartext byte on the same TCP connection. This can lead to heap corruption. An unauthenticated network attacker exploiting this vulnerability could execute arbitrary code."}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:*","versionStartIncluding":"4.97","versionEndExcluding":"4.99.3","matchCriteriaId":"B6F6BADD-C865-40D6-BE0A-BC7389F40FFA"}]}]}],"references":[{"url":"https://code.exim.org/exim/wiki/wiki/EximSecurity","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://exim.org","source":"cve@mitre.org","tags":["Product"]},{"url":"https://exim.org/static/doc/security/CVE-2026-45185.txt","source":"cve@mitre.org","tags":["Broken Link"]},{"url":"https://exim.org/static/doc/security/EXIM-Security-2026-05-01.1/","source":"cve@mitre.org","tags":["Release Notes"]},{"url":"https://news.ycombinator.com/item?id=48111748","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"https://www.openwall.com/lists/oss-security/2026/05/12/4","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://xbow.com/blog/dead-letter-cve-2026-45185-xbow-found-rce-exim","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/12/25","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-33378","sourceIdentifier":"security@grafana.com","published":"2026-05-13T20:16:20.583","lastModified":"2026-05-28T19:00:01.283","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Using the $__timeGroup macro, one can achieve an OOM by overloading the server. This requires a SQL datasource. If the server is set up to auto-restart, the impact is minimal or non-existent, as the attack can take upwards of half an hour to crash the server."}],"metrics":{"cvssMetricV31":[{"source":"security@grafana.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0","versionEndExcluding":"11.6.14","matchCriteriaId":"8E135E10-C076-4250-A33D-ACFE7A77DB9D"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"12.0.0","versionEndExcluding":"12.2.8","matchCriteriaId":"80B49F3F-8139-4DEB-971F-1B4F05BDE98E"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"12.3.0","versionEndExcluding":"12.3.6","matchCriteriaId":"870FE01F-86F1-4734-9CC3-6FC9AF3012C5"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"12.4.0","versionEndExcluding":"12.4.3","matchCriteriaId":"4451FBC6-6277-4DD8-B143-0DAE82175D9A"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:11.6.14:-:*:*:*:*:*:*","matchCriteriaId":"548C63DC-4E7F-4D9E-B2F0-AB24A66E0F7F"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:11.6.14:security01:*:*:*:*:*:*","matchCriteriaId":"5F103470-1371-498E-9442-11EA7C2E3A6B"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:12.2.8:-:*:*:*:*:*:*","matchCriteriaId":"4ACC0DB6-8BC4-4975-AD26-D41F69571EF6"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:12.2.8:security01:*:*:*:*:*:*","matchCriteriaId":"9EBE773D-17BB-4402-B0B8-74D3DD79B32C"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:12.3.6:-:*:*:*:*:*:*","matchCriteriaId":"6A58801D-1713-4A52-8713-9DD31F75698D"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:12.3.6:security01:*:*:*:*:*:*","matchCriteriaId":"5C930B25-FD06-477C-B226-DEB486A46DAA"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:12.4.3:-:*:*:*:*:*:*","matchCriteriaId":"172F03B1-E693-4EF3-90A0-D40773E4ACB4"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:13.0.0:*:*:*:*:*:*:*","matchCriteriaId":"0F0B8E4F-ADE7-4594-9241-966B1F0BC440"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:13.0.1:-:*:*:*:*:*:*","matchCriteriaId":"2AD87DC5-DF20-4993-A11B-91EBB313A40A"}]}]}],"references":[{"url":"https://grafana.com/security/security-advisories/cve-2026-33378","source":"security@grafana.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44372","sourceIdentifier":"security-advisories@github.com","published":"2026-05-13T21:16:47.890","lastModified":"2026-05-28T18:25:11.010","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could turn a redirect route rule using wildcards rewrite into a cross-host redirect by sliding an extra slash in after the rule prefix. This vulnerability is fixed in 3.0.260429-beta."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-601"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nitro:nitro:*:*:*:*:*:*:*:*","versionEndExcluding":"2.13.4","matchCriteriaId":"4184D77E-DD83-4720-ADE4-08D6DE54CFC2"},{"vulnerable":true,"criteria":"cpe:2.3:a:nitro:nitro:*:*:*:*:*:*:*:*","versionStartExcluding":"2.13.4","versionEndExcluding":"3.0.260429","matchCriteriaId":"B7044A13-4A34-453D-AEDD-537368D23865"}]}]}],"references":[{"url":"https://github.com/nitrojs/nitro/pull/4236","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/nitrojs/nitro/releases/tag/v2.13.4","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/nitrojs/nitro/releases/tag/v3.0.260429-beta","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/nitrojs/nitro/security/advisories/GHSA-9phm-9p8f-hw5m","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44373","sourceIdentifier":"security-advisories@github.com","published":"2026-05-13T21:16:48.033","lastModified":"2026-05-28T18:22:00.793","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could bypass a proxy route rule by sending percent-encoded path traversal (..%2f) in the URL, causing Nitro to forward a request that the upstream resolved outside the configured scope. This vulnerability is fixed in 3.0.260429-beta."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nitro:nitro:*:*:*:*:*:node.js:*:*","versionEndExcluding":"2.13.4","matchCriteriaId":"E81D7EC1-9EE7-4CC1-8DF1-22517FF21CBE"},{"vulnerable":true,"criteria":"cpe:2.3:a:nitro:nitro:*:*:*:*:*:node.js:*:*","versionStartExcluding":"2.13.4","versionEndExcluding":"3.0.260429","matchCriteriaId":"A93AAA84-4EDA-4708-8BEC-01E4D566A7B1"}]}]}],"references":[{"url":"https://github.com/nitrojs/nitro/pull/4222","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/nitrojs/nitro/pull/4223","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/nitrojs/nitro/releases/tag/v2.13.4","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/nitrojs/nitro/releases/tag/v3.0.260429-beta","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/nitrojs/nitro/security/advisories/GHSA-5w89-w975-hf9q","source":"security-advisories@github.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-44437","sourceIdentifier":"security-advisories@github.com","published":"2026-05-13T22:16:44.710","lastModified":"2026-05-28T17:45:36.717","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The Angular SSR is a server-rise rendering tool for Angular applications. From 19.0.0-next.0 to before 19.2.25, 20.3.25, 21.2.9, and 22.0.0-next.7, a vulnerability exists in the X-Forwarded-Prefix header processing logic within Angular SSR. The internal validation mechanism fails to properly account for URL-encoded characters, specifically dots (%2e%2e). This allows an attacker to bypass security filters by injecting encoded path traversal sequences that are later decoded and utilized by the application logic.\nWhen an Angular SSR application is configured to trust proxy headers and is deployed behind a proxy that forwards the X-Forwarded-Prefix header without prior sanitization, an attacker can provide a payload such as /%2e%2e/evil. This vulnerability is fixed in19.2.25, 20.3.25, 21.2.9, and 22.0.0-next.7."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-601"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:angular:angular_cli:*:*:*:*:*:node.js:*:*","versionStartIncluding":"19.0.0","versionEndExcluding":"19.2.25","matchCriteriaId":"84649283-0E00-40B7-A82E-01B31E0B8B85"},{"vulnerable":true,"criteria":"cpe:2.3:a:angular:angular_cli:*:*:*:*:*:node.js:*:*","versionStartIncluding":"20.0.0","versionEndExcluding":"20.3.25","matchCriteriaId":"5E3A3818-EEE9-41E9-BE31-2408F86FBDDA"},{"vulnerable":true,"criteria":"cpe:2.3:a:angular:angular_cli:*:*:*:*:*:node.js:*:*","versionStartIncluding":"21.0.0","versionEndExcluding":"21.2.9","matchCriteriaId":"33722CD1-F326-4CC5-8D65-5830A42E700A"},{"vulnerable":true,"criteria":"cpe:2.3:a:angular:angular_cli:22.0.0:next0:*:*:*:node.js:*:*","matchCriteriaId":"1BD57930-760B-43CB-8BD1-25D79A7E60FC"},{"vulnerable":true,"criteria":"cpe:2.3:a:angular:angular_cli:22.0.0:next1:*:*:*:node.js:*:*","matchCriteriaId":"81D13997-DAC1-472B-93D2-8BF19ACC6BFC"},{"vulnerable":true,"criteria":"cpe:2.3:a:angular:angular_cli:22.0.0:next2:*:*:*:node.js:*:*","matchCriteriaId":"03842109-D464-4CC5-99B5-2E26F2FF8EE6"},{"vulnerable":true,"criteria":"cpe:2.3:a:angular:angular_cli:22.0.0:next3:*:*:*:node.js:*:*","matchCriteriaId":"2F915E06-EA6F-4D87-80B4-DF75DB1F04CE"},{"vulnerable":true,"criteria":"cpe:2.3:a:angular:angular_cli:22.0.0:next4:*:*:*:node.js:*:*","matchCriteriaId":"A8AC64FD-595D-4A0E-A90E-FCED10166F8C"},{"vulnerable":true,"criteria":"cpe:2.3:a:angular:angular_cli:22.0.0:next5:*:*:*:node.js:*:*","matchCriteriaId":"F16DC68A-649E-4DEA-B671-5076C66E32A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:angular:angular_cli:22.0.0:next6:*:*:*:node.js:*:*","matchCriteriaId":"DC60F6AD-121E-49C5-9FDF-9F46E2DABF2B"}]}]}],"references":[{"url":"https://github.com/angular/angular-cli/pull/33031","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/angular/angular-cli/security/advisories/GHSA-69xr-m8h6-h664","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44439","sourceIdentifier":"security-advisories@github.com","published":"2026-05-13T22:16:44.850","lastModified":"2026-05-28T17:37:08.367","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"PlaywrightCapture is a simple replacement for splash using playwright. Prior to 1.39.6, PlaywrightCapture did not sufficiently restrict navigations and resource requests initiated by rendered pages. An attacker-controlled page could abuse browser-side redirection mechanisms, such as window.location.href, to make the capture process open file:// URLs or request resources hosted on private, loopback, link-local, or otherwise non-public IP addresses. In deployments where PlaywrightCapture processes untrusted URLs, this could allow a remote attacker to perform server-side request forgery against internal services or attempt to access local files from the capture environment. Depending on what capture artifacts are generated and exposed, responses from those resources could potentially be leaked through screenshots, saved page content, logs, or other capture outputs. This vulnerability is fixed in 1.39.6."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:lookyloo:playwright_capture:*:*:*:*:*:*:*:*","versionEndExcluding":"1.39.6","matchCriteriaId":"8B1B33BA-7EBF-4AA5-9B22-2925EE784168"}]}]}],"references":[{"url":"https://github.com/Lookyloo/PlaywrightCapture/commit/49e289eba756e4fbac1322c33cfd111411562405","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/Lookyloo/PlaywrightCapture/security/advisories/GHSA-687h-xw6f-q2qw","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44471","sourceIdentifier":"security-advisories@github.com","published":"2026-05-13T22:16:46.057","lastModified":"2026-05-28T17:35:01.017","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"gitoxide is an implementation of git written in Rust. Prior to 0.21.1, a malicious tree can be constructed that will, when checked out with gitoxide, permit writing an attacker-controlled symlink into any existing directory the user has write access to. During checkout, all symlink index entries are deferred and created after regular files using a single shared gix_worktree::Stack. Internally, this uses a gix_fs::Stack. gix_fs::Stack::make_relative_path_current() caches validated path prefixes: when the previously-processed leaf component exactly matches the leading component(s) of the next path, the leaf-to-directory transition at gix-fs/src/stack.rs invokes only delegate.push_directory(), never delegate.push(). In gix_worktree::stack::delegate::StackDelegate, when the state member is State::CreateDirectoryAndAttributesStack, Attributes::push_directory() only loads attributes (from the ODB, in the clone case), and does not perform any other checks. The on-disk symlink_metadata() check and unlink-on-collision live in StackDelegate::push()'s invocation of create_leading_directory(), which is therefore bypassed for the cached prefix. The final symlink is created with plain std::os::unix::fs::symlink, which follows symlinks in parent directories. Therefore, it's possible to provide a tree with duplicate symlink and directory entries that exploits this. This vulnerability is fixed in 0.21.1."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-59"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gitoxidelabs:gix-fs:*:*:*:*:*:rust:*:*","versionEndExcluding":"0.21.1","matchCriteriaId":"912E1255-11AA-48C2-B271-54138B01A00C"}]}]}],"references":[{"url":"https://github.com/GitoxideLabs/gitoxide/security/advisories/GHSA-f89h-2fjh-2r9q","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/GitoxideLabs/gitoxide/security/advisories/GHSA-f89h-2fjh-2r9q","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-8398","sourceIdentifier":"vulnerability@kaspersky.com","published":"2026-05-15T09:16:17.653","lastModified":"2026-05-28T12:57:00.563","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A supply chain attack compromised the official installation packages of DAEMON Tools Lite (Windows versions 12.5.0.2421 through 12.5.0.2434), distributed from the legitimate website daemon-tools.cc between approximately April 8, 2026, and May 5, 2026. Attackers gained unauthorized access to the vendor's (AVB Disc Soft) build or distribution infrastructure and trojanized three binaries: DTHelper.exe, DiscSoftBusServiceLite.exe, and DTShellHlp.exe. These files were digitally signed with the legitimate AVB Disc Soft code-signing certificate, allowing the malicious installers to appear trustworthy and bypass signature-based detection."}],"metrics":{"cvssMetricV40":[{"source":"vulnerability@kaspersky.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"vulnerability@kaspersky.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"cisaExploitAdd":"2026-05-27","cisaActionDue":"2026-05-30","cisaRequiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","cisaVulnerabilityName":"Daemon Tools Lite Embedded Malicious Code Vulnerability","weaknesses":[{"source":"vulnerability@kaspersky.com","type":"Secondary","description":[{"lang":"en","value":"CWE-506"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:disc-soft:daemon_tools:12.5.1:*:*:*:lite:*:*:*","matchCriteriaId":"F291E275-397E-40E4-8ABD-292B16A8C90E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://blog.daemon-tools.cc/post/security-incident","source":"vulnerability@kaspersky.com","tags":["Vendor Advisory"]},{"url":"https://securelist.com/tr/daemon-tools-backdoor/119654/","source":"vulnerability@kaspersky.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-8398","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}]}},{"cve":{"id":"CVE-2026-45007","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-15T19:17:01.063","lastModified":"2026-05-28T16:16:25.410","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"phpMyFAQ before 4.1.2 contains missing permission checks in ConfigurationTabController.php where 12 endpoints use userIsAuthenticated() instead of userHasPermission(CONFIGURATION_EDIT). Any authenticated user can enumerate system configuration metadata including permission model, cache backend, mail provider, and translation provider by querying /admin/api/configuration endpoints, violating least privilege access control."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-rm98-82fr-mcfx","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/phpmyfaq-missing-permission-check-on-12-configuration-api-endpoints-allows-information-disclosure","source":"disclosure@vulncheck.com"},{"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-rm98-82fr-mcfx","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-45008","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-15T19:17:01.210","lastModified":"2026-05-28T16:16:25.533","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"phpMyFAQ before 4.1.2 contains a path traversal vulnerability in Client::deleteClientFolder that allows admins with INSTANCE_DELETE permission to delete arbitrary directories. Attackers can submit traversal sequences like https://../../../<path> in the client URL parameter to recursively delete directories outside the intended clientFolder scope."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.2}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-73"}]}],"references":[{"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-gh9p-q46p-57g2","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/phpmyfaq-path-traversal-in-client-deleteclientfolder-via-url-parameter","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-45009","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-15T19:17:01.327","lastModified":"2026-05-28T16:16:25.650","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"phpMyFAQ before 4.1.2 contains an insufficient authorization vulnerability in admin-api routes that allows authenticated ordinary users to access administrative endpoints by only checking login status instead of verifying backend privileges. Attackers with valid frontend user accounts can access sensitive backend operational information including dashboard versions, LDAP configuration, Elasticsearch statistics, and health-check data."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-jrc5-w569-h7h5","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/phpmyfaq-insufficient-authorization-check-in-admin-api-endpoints","source":"disclosure@vulncheck.com"},{"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-jrc5-w569-h7h5","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-45010","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-15T19:17:01.450","lastModified":"2026-05-28T16:16:25.767","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"phpMyFAQ before 4.1.2 contains an improper restriction of excessive authentication attempts vulnerability in the /admin/check endpoint, which accepts arbitrary user-id parameters without session binding or rate limiting. Unauthenticated attackers can brute-force any user's six-digit TOTP code by submitting POST requests with sequential token values, bypassing two-factor authentication to gain full administrative access."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-307"}]}],"references":[{"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9pq7-mfwh-xx2j","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/phpmyfaq-unauthenticated-two-factor-authentication-brute-force-via-admin-check-endpoint","source":"disclosure@vulncheck.com"},{"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9pq7-mfwh-xx2j","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-46359","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-15T19:17:03.120","lastModified":"2026-05-28T16:16:26.503","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"phpMyFAQ before 4.1.2 contains a sql injection vulnerability in CurrentUser::setTokenData that allows authenticated attackers to execute arbitrary SQL by injecting malicious OAuth token claims. Attackers with Azure AD accounts containing SQL metacharacters in display names or JWT claims can break out of string literals and execute arbitrary database queries."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-pm8c-3qq3-72w7","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/phpmyfaq-sql-injection-in-currentuser-settokendata-via-unescaped-oauth-token-fields","source":"disclosure@vulncheck.com"},{"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-pm8c-3qq3-72w7","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-46360","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-15T19:17:03.263","lastModified":"2026-05-28T16:16:26.623","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in SvgSanitizer::decodeAllEntities() that limits recursive entity decoding to 5 iterations, allowing attackers to bypass sanitization. Authenticated users with FAQ_EDIT permission can upload malicious SVG files with deeply nested ampersand encoding around numeric HTML entities to reconstruct javascript: URLs, which execute arbitrary JavaScript when clicked by other users viewing the uploaded SVG."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-whqh-9pq5-c7r3","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/phpmyfaq-stored-xss-via-entity-decoding-depth-limit-bypass-in-svg-sanitizer","source":"disclosure@vulncheck.com"},{"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-whqh-9pq5-c7r3","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-46361","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-15T19:17:03.400","lastModified":"2026-05-28T16:16:26.737","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in search.twig where result.question and result.answerPreview are rendered with the raw filter, disabling autoescape protection. Attackers with FAQ editor privileges can inject HTML-entity-encoded payloads that bypass html_entity_decode(strip_tags()) processing in SearchController.php, executing arbitrary JavaScript in every visitor's browser context including administrators."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":4.7}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-pqh6-8fxf-jx22","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/phpmyfaq-stored-cross-site-scripting-via-raw-filter-in-search-twig","source":"disclosure@vulncheck.com"},{"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-pqh6-8fxf-jx22","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-46362","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-15T19:17:03.520","lastModified":"2026-05-28T16:16:26.860","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"phpMyFAQ before 4.1.2 contains an authorization bypass vulnerability in AbstractAdministrationController::userHasPermission() that fails to terminate execution after sending a forbidden response. Attackers can access all permission-protected admin pages by requesting their URLs as authenticated users, exposing admin logs, user data, system information, and application configuration."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-hpgw-ww76-c68r","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/phpmyfaq-authorization-bypass-in-admin-pages-via-non-terminating-permission-check","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-46363","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-15T19:17:03.633","lastModified":"2026-05-28T16:16:26.970","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in FAQ creation and update endpoints that bypass sanitization through encode-decode cycles. The vulnerability allows authenticated attackers with FAQ_ADD permission to inject malicious script tags via question or answer parameters, which execute in every visitor's browser when FAQ content is rendered with the raw Twig filter."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-f5p7-2c9q-8896","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/phpmyfaq-stored-xss-in-faq-question-answer-via-encode-decode-bypass","source":"disclosure@vulncheck.com"},{"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-f5p7-2c9q-8896","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-46364","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-15T19:17:03.750","lastModified":"2026-05-28T16:16:27.087","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector() and BuiltinCaptcha::saveCaptcha() methods that interpolate unsanitized User-Agent headers into DELETE and INSERT queries. Unauthenticated attackers can exploit the public GET /api/captcha endpoint by crafting malicious User-Agent headers to perform time-based blind SQL injection, extracting sensitive data including user credentials, admin tokens, and SMTP credentials from the database."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://github.com/thorsten/phpMyFAQ/commit/b9f25109fddb38eee19987183798638d07943f92","source":"disclosure@vulncheck.com"},{"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-289f-fq7w-6q2w","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/phpmyfaq-sql-injection-via-user-agent-header-in-builtincaptcha","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-46365","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-15T19:17:03.860","lastModified":"2026-05-28T16:16:27.210","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"phpMyFAQ before 4.1.2 contains a missing authorization vulnerability in the DELETE /admin/api/content/tags/{tagId} endpoint that allows any authenticated user to delete tags. Any logged-in user, including regular frontend users, can delete arbitrary tags by sending a DELETE request with a valid session cookie, resulting in permanent data loss and disruption of FAQ organization."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":2.5}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7cx3-2qx2-3g6w","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/phpmyfaq-missing-authorization-in-tag-deletion-endpoint","source":"disclosure@vulncheck.com"},{"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7cx3-2qx2-3g6w","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-46366","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-15T19:17:03.973","lastModified":"2026-05-28T16:16:27.343","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"phpMyFAQ before 4.1.2 contains an information disclosure vulnerability in the getIdFromSolutionId() method that lacks permission filtering, allowing unauthenticated attackers to enumerate restricted FAQ entries and read their titles via the /solution_id_{id}.html endpoint. Attackers can sequentially iterate solution IDs to discover all FAQs including those restricted to specific users or groups, leaking sensitive metadata through redirect Location headers and page canonical links."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-99qv-g4x9-mgc3","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/phpmyfaq-unauthenticated-information-disclosure-via-getidfromsolutionid-permission-bypass","source":"disclosure@vulncheck.com"},{"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-99qv-g4x9-mgc3","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-46367","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-15T19:17:04.087","lastModified":"2026-05-28T16:16:27.473","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in Utils::parseUrl() that allows authenticated users to inject JavaScript via malformed URLs in comments. Attackers can craft URLs with unescaped quotes to inject event handlers, stealing admin session cookies and achieving full application takeover when visitors view affected FAQ pages."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":4.7}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9525-27vj-c8r8","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/phpmyfaq-stored-xss-via-utils-parseurl-in-comment-rendering","source":"disclosure@vulncheck.com"},{"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9525-27vj-c8r8","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-39832","sourceIdentifier":"security@golang.org","published":"2026-05-22T04:16:22.663","lastModified":"2026-05-28T15:11:29.110","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"When adding a key to a remote agent constraint extensions such as restrict-destination-v00@openssh.com were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all constraint extensions. Additionally, the in-memory keyring returned by NewKeyring() now rejects keys with unsupported constraint extensions instead of silently ignoring them."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:golang:crypto:*:*:*:*:*:go:*:*","versionEndExcluding":"0.52.0","matchCriteriaId":"D540395B-31B8-4B07-8F79-F5C631BBD5C8"}]}]}],"references":[{"url":"https://go.dev/cl/778642","source":"security@golang.org","tags":["Issue Tracking"]},{"url":"https://go.dev/issue/79435","source":"security@golang.org","tags":["Issue Tracking"]},{"url":"https://groups.google.com/g/golang-announce/c/a082jnz-LvI","source":"security@golang.org","tags":["Mailing List"]},{"url":"https://pkg.go.dev/vuln/GO-2026-5006","source":"security@golang.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-39833","sourceIdentifier":"security@golang.org","published":"2026-05-22T04:16:22.773","lastModified":"2026-05-28T15:04:39.110","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The in-memory keyring returned by NewKeyring() silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring() now returns an error when unsupported constraints are requested."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:golang:crypto:*:*:*:*:*:go:*:*","versionEndExcluding":"0.52.0","matchCriteriaId":"D540395B-31B8-4B07-8F79-F5C631BBD5C8"}]}]}],"references":[{"url":"https://go.dev/cl/778640","source":"security@golang.org","tags":["Issue Tracking"]},{"url":"https://go.dev/cl/778641","source":"security@golang.org","tags":["Issue Tracking"]},{"url":"https://go.dev/issue/79436","source":"security@golang.org","tags":["Issue Tracking"]},{"url":"https://groups.google.com/g/golang-announce/c/a082jnz-LvI","source":"security@golang.org","tags":["Mailing List"]},{"url":"https://pkg.go.dev/vuln/GO-2026-5005","source":"security@golang.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-39834","sourceIdentifier":"security@golang.org","published":"2026-05-22T04:16:24.237","lastModified":"2026-05-28T15:03:47.970","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty packets without making progress. The size comparison now uses int64 to prevent truncation."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:golang:crypto:*:*:*:*:*:go:*:*","versionEndExcluding":"0.52.0","matchCriteriaId":"D540395B-31B8-4B07-8F79-F5C631BBD5C8"}]}]}],"references":[{"url":"https://go.dev/cl/781663","source":"security@golang.org","tags":["Issue Tracking"]},{"url":"https://go.dev/issue/79567","source":"security@golang.org","tags":["Issue Tracking"]},{"url":"https://groups.google.com/g/golang-announce/c/a082jnz-LvI","source":"security@golang.org","tags":["Mailing List"]},{"url":"https://pkg.go.dev/vuln/GO-2026-5020","source":"security@golang.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-39835","sourceIdentifier":"security@golang.org","published":"2026-05-22T04:16:24.530","lastModified":"2026-05-28T14:56:13.500","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-295"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:golang:crypto:*:*:*:*:*:go:*:*","versionEndExcluding":"0.52.0","matchCriteriaId":"D540395B-31B8-4B07-8F79-F5C631BBD5C8"}]}]}],"references":[{"url":"https://go.dev/cl/781660","source":"security@golang.org","tags":["Issue Tracking"]},{"url":"https://go.dev/issue/79563","source":"security@golang.org","tags":["Issue Tracking"]},{"url":"https://groups.google.com/g/golang-announce/c/a082jnz-LvI","source":"security@golang.org","tags":["Mailing List"]},{"url":"https://pkg.go.dev/vuln/GO-2026-5015","source":"security@golang.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-42508","sourceIdentifier":"security@golang.org","published":"2026-05-22T04:16:25.440","lastModified":"2026-05-28T14:47:37.590","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation. Now, both the 'key' and 'key.SignatureKey' are checked for @revoked."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-295"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:golang:crypto:*:*:*:*:*:go:*:*","versionEndExcluding":"0.52.0","matchCriteriaId":"D540395B-31B8-4B07-8F79-F5C631BBD5C8"}]}]}],"references":[{"url":"https://go.dev/cl/781220","source":"security@golang.org","tags":["Issue Tracking"]},{"url":"https://go.dev/issue/79568","source":"security@golang.org","tags":["Issue Tracking"]},{"url":"https://groups.google.com/g/golang-announce/c/a082jnz-LvI","source":"security@golang.org","tags":["Mailing List"]},{"url":"https://pkg.go.dev/vuln/GO-2026-5021","source":"security@golang.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46595","sourceIdentifier":"security@golang.org","published":"2026-05-22T04:16:25.550","lastModified":"2026-05-28T14:44:43.563","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":6.0}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:golang:crypto:*:*:*:*:*:go:*:*","versionEndExcluding":"0.52.0","matchCriteriaId":"D540395B-31B8-4B07-8F79-F5C631BBD5C8"}]}]}],"references":[{"url":"https://go.dev/cl/781642","source":"security@golang.org","tags":["Issue Tracking"]},{"url":"https://go.dev/issue/79570","source":"security@golang.org","tags":["Issue Tracking"]},{"url":"https://groups.google.com/g/golang-announce/c/a082jnz-LvI","source":"security@golang.org","tags":["Mailing List"]},{"url":"https://pkg.go.dev/vuln/GO-2026-5023","source":"security@golang.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46597","sourceIdentifier":"security@golang.org","published":"2026-05-22T04:16:26.003","lastModified":"2026-05-28T14:44:17.637","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-704"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:golang:crypto:*:*:*:*:*:go:*:*","versionEndExcluding":"0.52.0","matchCriteriaId":"D540395B-31B8-4B07-8F79-F5C631BBD5C8"}]}]}],"references":[{"url":"https://go.dev/cl/781620","source":"security@golang.org","tags":["Issue Tracking"]},{"url":"https://go.dev/issue/79561","source":"security@golang.org","tags":["Issue Tracking"]},{"url":"https://groups.google.com/g/golang-announce/c/a082jnz-LvI","source":"security@golang.org","tags":["Mailing List"]},{"url":"https://pkg.go.dev/vuln/GO-2026-5013","source":"security@golang.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46598","sourceIdentifier":"security@golang.org","published":"2026-05-22T04:16:26.537","lastModified":"2026-05-28T14:34:45.517","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"For certain crafted inputs, a 'ed25519.PrivateKey' was created by casting malformed wire bytes, leading to a panic when used."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-129"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:golang:crypto:*:*:*:*:*:go:*:*","versionEndExcluding":"0.52.0","matchCriteriaId":"D540395B-31B8-4B07-8F79-F5C631BBD5C8"}]}]}],"references":[{"url":"https://go.dev/cl/781360","source":"security@golang.org","tags":["Issue Tracking"]},{"url":"https://go.dev/issue/79596","source":"security@golang.org","tags":["Issue Tracking"]},{"url":"https://groups.google.com/g/golang-announce/c/a082jnz-LvI","source":"security@golang.org","tags":["Mailing List"]},{"url":"https://pkg.go.dev/vuln/GO-2026-5033","source":"security@golang.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-45249","sourceIdentifier":"security@apache.org","published":"2026-05-25T08:16:24.047","lastModified":"2026-05-28T13:48:07.777","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A cross-site scripting (XSS) vulnerability exists in Apache ECharts in the Lines series tooltip rendering logic.\n\n\n\n\nThis issue affects Apache ECharts: from before 6.1.0.\n\nIn versions prior to 6.1.0, if both Lines series and tooltip are used, and no user-specified tooltip.formatter is provided, and series.data[i].name is specified, raw HTML string series.data[i].name can be rendered through innerHTML sink into tooltip content. Although tooltip is allowed to accept user-provided raw HTML via a custom tooltip.formatter, the built-in tooltip formatters conventionally perform HTML escaping automatically. This case breaks that convention and may unexpectedly lead to script execution when tooltips are displayed.\n\n\nUsers are recommended to upgrade to version 6.1.0 if using the Lines series in this way, which fixes the issue."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:echarts:*:*:*:*:*:*:*:*","versionEndExcluding":"6.1.0","matchCriteriaId":"C5BE8944-7186-4565-A5C3-58796C9C9BC7"}]}]}],"references":[{"url":"https://echarts.apache.org/en/option.html#series-lines","source":"security@apache.org","tags":["Product"]},{"url":"https://echarts.apache.org/handbook/en/best-practices/security/#passing_raw_html_safely","source":"security@apache.org","tags":["Product"]},{"url":"https://github.com/apache/echarts/pull/21608","source":"security@apache.org","tags":["Issue Tracking","Patch"]},{"url":"https://lists.apache.org/thread/1g6xk7gd9vg1c6zyqqt2lnko10zomc3o","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/23/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-9446","sourceIdentifier":"cna@vuldb.com","published":"2026-05-25T10:16:16.593","lastModified":"2026-05-28T18:16:36.460","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability has been found in SourceCodester Simple POS and Inventory System 1.0. The affected element is an unknown function of the file /admin/edit_customer.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.0,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.2,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:M/C:P/I:P/A:P","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"MULTIPLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":6.4,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-74"},{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://gist.github.com/c4ttr4ck/599151a2b90c1cd620933c992873c67a","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/813613","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/365427","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/365427/cti","source":"cna@vuldb.com"},{"url":"https://www.sourcecodester.com/","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/813613","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-47072","sourceIdentifier":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","published":"2026-05-25T15:16:22.280","lastModified":"2026-05-28T20:27:13.240","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in benoitc hackney allows HTTP Request/Response Splitting. The WebSocket upgrade code in src/hackney_ws.erl copies the host, path, headers (ExtraHeaders), and protocols options from the caller-supplied opts map into the internal #ws_data{} record in init/1 and then splices them verbatim into the raw HTTP/1.1 upgrade request by binary concatenation in do_handshake/1. No CRLF or NUL stripping is performed at any of these four injection sites. An attacker who controls any of these options — for example by forwarding URL components or header values from untrusted input into hackney_ws:start_link/1 — can inject arbitrary HTTP headers into the outbound WebSocket upgrade request, leading to header injection, credential spoofing toward the upstream server, log and cache poisoning, or request smuggling via intermediary proxies.\n\nThis issue affects hackney: from 2.0.0 before 4.0.1."}],"metrics":{"cvssMetricV40":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","description":[{"lang":"en","value":"CWE-93"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:benoitc:hackney:*:*:*:*:*:*:*:*","versionStartIncluding":"2.0.0","versionEndExcluding":"4.0.1","matchCriteriaId":"B119C170-E9CA-4AEE-BE04-F074E70CBF82"}]}]}],"references":[{"url":"https://cna.erlef.org/cves/CVE-2026-47072.html","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/benoitc/hackney/commit/52310ca807e7b48441ba0e9129171f535313fdd1","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Patch"]},{"url":"https://github.com/benoitc/hackney/security/advisories/GHSA-f9vr-g2g2-x9fg","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Exploit","Patch","Vendor Advisory"]},{"url":"https://osv.dev/vulnerability/EEF-CVE-2026-47072","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/benoitc/hackney/security/advisories/GHSA-f9vr-g2g2-x9fg","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-47075","sourceIdentifier":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","published":"2026-05-25T15:16:22.550","lastModified":"2026-05-28T20:26:32.360","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of CRLF Sequences vulnerability in benoitc hackney allows HTTP Request Splitting. hackney does not percent-encode carriage return (\\r) or line feed (\\n) characters in the URL query component before constructing the HTTP/1.1 request target. Characters outside the grammar defined in RFC 3986 Section 3.4 must be percent-encoded, but hackney_url:make_url/3 passes the query binary directly without validation or escaping. An attacker who can control all or part of a URL passed to hackney can inject raw CRLF sequences into the query string, which are then sent as HTTP line breaks in the request target. This enables injection of arbitrary HTTP headers or splitting of the HTTP request.\n\nThis issue affects hackney: from 0 before 4.0.1."}],"metrics":{"cvssMetricV40":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","description":[{"lang":"en","value":"CWE-93"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:benoitc:hackney:*:*:*:*:*:*:*:*","versionEndExcluding":"4.0.1","matchCriteriaId":"E6CCD08F-3B1B-443C-8A17-BB4224DDCB12"}]}]}],"references":[{"url":"https://cna.erlef.org/cves/CVE-2026-47075.html","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/benoitc/hackney/commit/ca73dd0aba0ed557449c18288bf07241671a43c9","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Patch"]},{"url":"https://github.com/benoitc/hackney/security/advisories/GHSA-j9wq-vxxc-94wf","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Exploit","Patch","Vendor Advisory"]},{"url":"https://osv.dev/vulnerability/EEF-CVE-2026-47075","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/benoitc/hackney/security/advisories/GHSA-j9wq-vxxc-94wf","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-9078","sourceIdentifier":"security@mozilla.org","published":"2026-05-25T15:16:22.970","lastModified":"2026-05-28T20:20:06.783","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Firefox for iOS displayed specially crafted right-to-left (RTL) and internationalized domain names (IDNs) incorrectly in link preview UI surfaces. A crafted RTL hostname could visually reorder portions of the displayed domain, causing attacker-controlled sites to appear as trusted origins. This vulnerability was fixed in Firefox for iOS 151.1."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":2.5}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-451"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:iphone_os:*:*","versionEndExcluding":"151.1","matchCriteriaId":"E326C4E6-FC71-4889-954D-274A02D852F5"}]}]}],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2029371","source":"security@mozilla.org","tags":["Permissions Required"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-52/","source":"security@mozilla.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-42797","sourceIdentifier":"security@apache.org","published":"2026-05-25T16:16:20.390","lastModified":"2026-05-28T20:19:06.687","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Exposure of Sensitive Information Through Data Queries vulnerability in Apache Syncope.\n\nAn administrator with adequate entitlements for Derived Schemas can create a malicious JEXL expression which allows any administrator with sufficient entitlements for User read to access User-related security-sensitive information.\n\nThis issue affects Apache Syncope: 3.0 through 3.0.16, 4.0 through 4.0.5, 4.1.0.\n\nUsers are recommended to upgrade to version 4.0.6 / 4.1.1, which fix this issue by further restricting the JEXL expression definition."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-202"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:syncope:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndIncluding":"3.0.16","matchCriteriaId":"81A43F1F-85A5-405B-B28A-CA2AE38D5454"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:syncope:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.0.6","matchCriteriaId":"4766DF17-5264-4EE6-8819-55E799DE1752"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:syncope:4.1.0:*:*:*:*:*:*:*","matchCriteriaId":"EA64D586-A72F-4350-812A-B3284F47823C"}]}]}],"references":[{"url":"https://lists.apache.org/thread/5y7d277sntyytrmxnx2tfjr9ftcpq1s6","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/25/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-9482","sourceIdentifier":"cna@vuldb.com","published":"2026-05-25T19:16:37.180","lastModified":"2026-05-28T17:16:35.360","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability has been found in Edimax EW-7438RPn 1.31. This impacts the function formSDHCP of the file /goform/formSDHCP. Such manipulation of the argument submit-url leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:C/I:C/A:C","baseScore":9.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-119"},{"lang":"en","value":"CWE-121"}]}],"references":[{"url":"https://github.com/wudipjq/my_vuln/blob/main/Edimax/vuln_20/20.md","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/813904","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/365463","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/365463/cti","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/813904","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-43827","sourceIdentifier":"security@apache.org","published":"2026-05-25T21:16:34.700","lastModified":"2026-05-28T13:47:12.817","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Default configurations of Apache Shiro have a session fixation vulnerability.\n\nThis issue affects Apache Shiro from 1.0 to 2.1.0, and 3.0.0-alpha-1.\n\nUsers are recommended to upgrade to version 2.1.1, or 3.0.0-alpha-2 or later, which fixes the issue.\n\nIn the affected versions, when a session already exists, it is not invalidated upon successful login, nor is a new session being generated with a new ID."}],"metrics":{"cvssMetricV40":[{"source":"security@apache.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:L/U:Amber","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"USER","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"LOW","providerUrgency":"AMBER"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-384"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:shiro:*:*:*:*:*:*:*:*","versionEndExcluding":"2.1.1","matchCriteriaId":"732C70AE-03A5-43A3-AC55-D81BEF469C20"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:shiro:3.0.0:alpha1:*:*:*:*:*:*","matchCriteriaId":"C79C762D-108B-4C23-BEAF-0115D43D83BD"}]}]}],"references":[{"url":"https://shiro.apache.org/security-reports.html#cve_2026_43827","source":"security@apache.org","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/25/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-43828","sourceIdentifier":"security@apache.org","published":"2026-05-25T21:16:34.840","lastModified":"2026-05-28T13:45:52.840","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Default configurations of Apache Shiro send sensitive cookies in HTTPS session without 'Secure' attribute.\n\n\n\nThis issue affects Apache Shiro from 1.0 to 2.1.0, and 3.0.0-alpha-1.\n\nUsers are recommended to upgrade to version 2.1.1, or 3.0.0-alpha-2 or later, which fixes the issue.\n\nIn the affected versions, Shiro-native session manager, as well as Remember-Me manager sends JSESSIONID and rememberMe cookies without 'secure' attribute by default."}],"metrics":{"cvssMetricV40":[{"source":"security@apache.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:L/U:Amber","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"USER","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"LOW","providerUrgency":"AMBER"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-614"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:shiro:*:*:*:*:*:*:*:*","versionEndExcluding":"2.1.1","matchCriteriaId":"732C70AE-03A5-43A3-AC55-D81BEF469C20"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:shiro:3.0.0:alpha1:*:*:*:*:*:*","matchCriteriaId":"C79C762D-108B-4C23-BEAF-0115D43D83BD"}]}]}],"references":[{"url":"https://shiro.apache.org/security-reports.html#cve_2026_43828","source":"security@apache.org","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/25/7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-44598","sourceIdentifier":"security@apache.org","published":"2026-05-25T21:16:34.970","lastModified":"2026-05-28T13:44:45.473","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"With valid login credentials, URL Redirection to Untrusted Site ('Open Redirect'), Server-Side Request Forgery (SSRF) vulnerability in Apache Shiro.\n\n\n\n\nThis issue affects Apache Shiro from 2.0-alpha to 2.1.0, and 3.0.0-alpha-1, only when using shiro-jakarta-ee integration module.\n\nUsers are recommended to upgrade to version 2.1.1, or 3.0.0-alpha-2 or later, which fixes the issue by encrypting the cookie.\n\nAfter successful login, Jakarta EE integration module uses shiroSavedRequest cookie to redirect to a particular web page after login.\nThis cookie was not validated, and can be forged to send a HTTP GET request from the server itself to an arbitrary URL from the cookie."}],"metrics":{"cvssMetricV40":[{"source":"security@apache.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:A/V:D/RE:L/U:Green","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NEGLIGIBLE","Automatable":"YES","Recovery":"AUTOMATIC","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"LOW","providerUrgency":"GREEN"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-601"},{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:shiro:*:*:*:*:*:*:*:*","versionStartIncluding":"2.0.0","versionEndExcluding":"2.1.1","matchCriteriaId":"532EF640-8FA3-437C-9F02-6A17A5843675"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:shiro:3.0.0:alpha1:*:*:*:*:*:*","matchCriteriaId":"C79C762D-108B-4C23-BEAF-0115D43D83BD"}]}]}],"references":[{"url":"https://shiro.apache.org/security-reports.html#cve_2026_44598","source":"security@apache.org","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/25/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-48589","sourceIdentifier":"security@apache.org","published":"2026-05-25T21:16:35.117","lastModified":"2026-05-28T13:38:44.880","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Apache Shiro’s Jakarta EE module used the HTTP Referer header in certain cases to issue redirect after a user login.\nIn affected versions, insufficient validation of this client-controlled value could allow an attacker to influence the redirect target in applications using the Jakarta EE module.\nThis issue affects Apache Shiro from 2.0-alpha to 2.2.0, and 3.0.0-alpha-1, only when using shiro-jakarta-ee integration module."}],"metrics":{"cvssMetricV40":[{"source":"security@apache.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:A/V:D/RE:X/U:Green","baseScore":0.0,"baseSeverity":"NONE","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NEGLIGIBLE","Automatable":"YES","Recovery":"AUTOMATIC","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"GREEN"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-601"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:shiro:*:*:*:*:*:*:*:*","versionStartIncluding":"2.0.0","versionEndExcluding":"2.2.1","matchCriteriaId":"4EFE9570-0EAC-4F87-8451-0F2C48984A06"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:shiro:3.0.0:alpha1:*:*:*:*:*:*","matchCriteriaId":"C79C762D-108B-4C23-BEAF-0115D43D83BD"}]}]}],"references":[{"url":"https://shiro.apache.org/security-reports.html#cve_2026_48589","source":"security@apache.org","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/25/9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-9511","sourceIdentifier":"cna@vuldb.com","published":"2026-05-25T22:16:34.357","lastModified":"2026-05-28T16:16:31.067","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was identified in Totolink CA750-PoE 6.2c.510. This affects the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Such manipulation of the argument webWlanIdx leads to os command injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-77"},{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://github.com/wudipjq/my_vuln/blob/main/totolink4/vuln_49/49.md","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/813922","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/365511","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/365511/cti","source":"cna@vuldb.com"},{"url":"https://www.totolink.net/","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/813922","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-42496","sourceIdentifier":"9b29abf9-4ab0-4765-b253-1875cd9b441e","published":"2026-05-26T02:16:40.130","lastModified":"2026-05-28T14:16:20.023","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory.\n\n_make_special_file() passes the tar header's linkname to symlink() without validating it against absolute paths or .. segments. The secure-extract mode check that guards regular file extraction does not cover the symlink target.\n\nA subsequent open through the extracted name reads or writes the attacker chosen path."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}]},"weaknesses":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","type":"Secondary","description":[{"lang":"en","value":"CWE-59"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:archive\\:\\:tar_project:archive\\:\\:tar:*:*:*:*:*:perl:*:*","versionEndExcluding":"3.08","matchCriteriaId":"CE0EEC28-8DB1-42B8-9D87-5E9AA5D1C168"}]}]}],"references":[{"url":"https://github.com/jib/archive-tar-new/commit/17c873492a05eddc0de18c1485e0b2cccd5a9158.patch","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","tags":["Patch"]},{"url":"https://metacpan.org/release/BINGOS/Archive-Tar-3.08/changes","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","tags":["Release Notes"]},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-42497","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-42497","sourceIdentifier":"9b29abf9-4ab0-4765-b253-1875cd9b441e","published":"2026-05-26T02:16:40.250","lastModified":"2026-05-28T14:16:20.180","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory.\n\n_make_special_file() passes the tar header's linkname to link() without validating it against absolute paths or .. segments, creating a hardlink that shares the victim file's inode.\n\nA subsequent write through the extracted name modifies the victim file, and the post-extraction chmod, chown, and utime block in _extract_file() (guarded only against symlinks via -l) applies the tar header's mode, owner, and timestamps to the shared inode during extraction alone."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","type":"Secondary","description":[{"lang":"en","value":"CWE-59"},{"lang":"en","value":"CWE-732"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:archive\\:\\:tar_project:archive\\:\\:tar:*:*:*:*:*:perl:*:*","versionEndExcluding":"3.08","matchCriteriaId":"CE0EEC28-8DB1-42B8-9D87-5E9AA5D1C168"}]}]}],"references":[{"url":"https://github.com/jib/archive-tar-new/commit/17c873492a05eddc0de18c1485e0b2cccd5a9158.patch","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","tags":["Patch"]},{"url":"https://metacpan.org/release/BINGOS/Archive-Tar-3.08/changes","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","tags":["Release Notes"]},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-42496","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-9538","sourceIdentifier":"9b29abf9-4ab0-4765-b253-1875cd9b441e","published":"2026-05-26T02:16:41.150","lastModified":"2026-05-28T14:16:26.020","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header.\n\n_read_tar() reads each entry's payload with $handle->read($$data, $block), where $block is derived from the entry's 12-byte size field in the tar header with no upper bound on that value.\n\nA crafted header declaring a multi-gigabyte size causes Perl to allocate a scalar of that size."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","type":"Secondary","description":[{"lang":"en","value":"CWE-789"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:archive\\:\\:tar_project:archive\\:\\:tar:*:*:*:*:*:perl:*:*","versionEndExcluding":"3.10","matchCriteriaId":"0D0D2922-4664-4650-8D9E-C8D5641A7106"}]}]}],"references":[{"url":"https://github.com/jib/archive-tar-new/commit/f9af01426038e29d9578825a0cd3626946ab08c7.patch","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","tags":["Patch"]},{"url":"https://metacpan.org/release/BINGOS/Archive-Tar-3.10/changes","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","tags":["Release Notes"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/26/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-9531","sourceIdentifier":"cna@vuldb.com","published":"2026-05-26T05:16:19.367","lastModified":"2026-05-28T17:16:35.643","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A weakness has been identified in Totolink CA750-PoE 6.2c.510. Impacted is the function setUpgradeUboot of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. This manipulation of the argument FileName causes os command injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-77"},{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://github.com/wudipjq/my_vuln/blob/main/totolink4/vuln_54/54.md","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/813929","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/365558","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/365558/cti","source":"cna@vuldb.com"},{"url":"https://www.totolink.net/","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/813929","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-44468","sourceIdentifier":"info@cert.vde.com","published":"2026-05-26T08:16:21.990","lastModified":"2026-05-28T20:11:52.993","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The affected product creates a directory with insecure default permissions during administrative installation. This allows a low-privileged local attacker to modify a temporary file defining the components to be installed, enabling local privilege escalation by forcing the deployment of arbitrary components."}],"metrics":{"cvssMetricV40":[{"source":"info@cert.vde.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"info@cert.vde.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"info@cert.vde.com","type":"Primary","description":[{"lang":"en","value":"CWE-276"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:*","versionEndExcluding":"3.5.22.20","matchCriteriaId":"118C3726-FDDF-4E93-ABF6-E15B826D4CCD"}]}]}],"references":[{"url":"https://www.certvde.com/en/advisories/VDE-2026-055/","source":"info@cert.vde.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-44469","sourceIdentifier":"info@cert.vde.com","published":"2026-05-26T08:16:22.137","lastModified":"2026-05-28T20:09:28.057","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The affected product extracts installation files to a temporary directory with incorrect default permissions during administrative installation. A low-privileged local attacker can exploit a TOCTOU race condition with a practical time window to replace verified files with malicious ones before installation, resulting in local privilege escalation."}],"metrics":{"cvssMetricV40":[{"source":"info@cert.vde.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"info@cert.vde.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}]},"weaknesses":[{"source":"info@cert.vde.com","type":"Primary","description":[{"lang":"en","value":"CWE-276"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:*","versionEndExcluding":"3.5.22.20","matchCriteriaId":"118C3726-FDDF-4E93-ABF6-E15B826D4CCD"}]}]}],"references":[{"url":"https://www.certvde.com/en/advisories/VDE-2026-055/","source":"info@cert.vde.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-25104","sourceIdentifier":"talos-cna@cisco.com","published":"2026-05-26T09:16:19.397","lastModified":"2026-05-28T20:06:43.050","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"MediaArea MediaInfoLib LXF parsing heap-based buffer overflow vulnerability"}],"metrics":{"cvssMetricV31":[{"source":"talos-cna@cisco.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"talos-cna@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-191"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mediaarea:mediainfolib:26.01:*:*:*:*:*:*:*","matchCriteriaId":"73B19F59-866C-489E-A46D-B84E8D64D75E"}]}]}],"references":[{"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2026-2367","source":"talos-cna@cisco.com","tags":["Third Party Advisory","Exploit"]},{"url":"https://www.talosintelligence.com/vulnerability_reports/TALOS-2026-2367","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","Exploit"]}]}},{"cve":{"id":"CVE-2026-25713","sourceIdentifier":"talos-cna@cisco.com","published":"2026-05-26T09:16:19.533","lastModified":"2026-05-28T20:03:56.430","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"MediaArea MediaInfoLib ID3v2 parsing heap buffer overflow vulnerability"}],"metrics":{"cvssMetricV31":[{"source":"talos-cna@cisco.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"talos-cna@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mediaarea:mediainfolib:26.01:*:*:*:*:*:*:*","matchCriteriaId":"73B19F59-866C-489E-A46D-B84E8D64D75E"}]}]}],"references":[{"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2026-2368","source":"talos-cna@cisco.com","tags":["Third Party Advisory","Exploit"]},{"url":"https://www.talosintelligence.com/vulnerability_reports/TALOS-2026-2368","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","Exploit"]}]}},{"cve":{"id":"CVE-2026-40034","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-26T15:16:35.087","lastModified":"2026-05-28T18:16:32.177","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"gix-submodule before 0.29.0 (gitoxide before 0.5.21, gix before 0.84.0) incorrectly validates the update field in .gitmodules, allowing attackers to bypass the CommandForbiddenInModulesConfiguration guard when a submodule has been initialized with only partial configuration in .git/config. An attacker can inject arbitrary shell commands via the update field in .gitmodules that will be executed when Submodule::update() is called on a previously-initialized submodule, enabling remote code execution."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-77"}]}],"references":[{"url":"https://github.com/GitoxideLabs/gitoxide/commit/6a2e6a436f76c8bbf2487f9967413a51356667a0","source":"disclosure@vulncheck.com"},{"url":"https://github.com/GitoxideLabs/gitoxide/commit/dd5c18d9e526e8de462fa40aa047acd097cfa7dc","source":"disclosure@vulncheck.com"},{"url":"https://github.com/GitoxideLabs/gitoxide/security/advisories/GHSA-f26g-jm89-4g65","source":"disclosure@vulncheck.com"},{"url":"https://red.anthropic.com/2026/cvd/findings/ANT-2026-6SNS6KMP","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/gitoxide-command-injection-via-partial-gitmodules-override-in-gix-submodule","source":"disclosure@vulncheck.com"},{"url":"https://github.com/GitoxideLabs/gitoxide/security/advisories/GHSA-f26g-jm89-4g65","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-35223","sourceIdentifier":"security@joomla.org","published":"2026-05-26T17:16:36.080","lastModified":"2026-05-28T19:07:39.223","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An improper access check allows unauthorized access to com_config webservice endpoints."}],"metrics":{"cvssMetricV40":[{"source":"security@joomla.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security@joomla.org","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"5.4.6","matchCriteriaId":"1F29F0C8-03D1-4381-B42C-9D46ED87C6E8"},{"vulnerable":true,"criteria":"cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0.0","versionEndExcluding":"6.1.1","matchCriteriaId":"F3C5DA4D-FEC6-4EF3-A886-FBF7DDE2EC33"}]}]}],"references":[{"url":"https://developer.joomla.org/security-centre/1040-20260508-core-improper-access-check-in-com-config-webservice-endpoints.html","source":"security@joomla.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-40384","sourceIdentifier":"security@joomla.org","published":"2026-05-26T17:16:39.503","lastModified":"2026-05-28T19:07:58.320","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An improper validation of the search parameter of the com_media files API endpoint leads to a path traversal vulnerability."}],"metrics":{"cvssMetricV40":[{"source":"security@joomla.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security@joomla.org","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"5.4.6","matchCriteriaId":"1F29F0C8-03D1-4381-B42C-9D46ED87C6E8"},{"vulnerable":true,"criteria":"cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0.0","versionEndExcluding":"6.1.1","matchCriteriaId":"F3C5DA4D-FEC6-4EF3-A886-FBF7DDE2EC33"}]}]}],"references":[{"url":"https://developer.joomla.org/security-centre/1042-20260510-core-path-traversal-in-com-media-webservice-endpoint.html","source":"security@joomla.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44723","sourceIdentifier":"security-advisories@github.com","published":"2026-05-26T17:16:46.680","lastModified":"2026-05-28T19:14:42.703","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vowpal Wabbit is a machine learning system. The workflow .github/workflows/python_checks.yml embeds ${{ github.event.pull_request.title }} directly inside double-quoted bash strings in four separate steps across four jobs, each passing it as a CLI argument to the Python test script run_tests_model_gen_and_load.py. The shell interprets the expanded string before invoking Python, allowing an attacker to break out of the quotes and execute arbitrary commands on the runner. The pull_request trigger fires on PRs targeting any branch (branches: ['*']), with no additional access gate. This vulnerability is fixed by the 998e390e80a7e8192d7849b7784bc113dbd190ad commit."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N","baseScore":5.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"},{"lang":"en","value":"CWE-1336"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vowpalwabbit:vowpal_wabbit:*:*:*:*:*:*:*:*","versionEndExcluding":"2026-05-04","matchCriteriaId":"A8E249E4-144A-4E67-B32F-FCA4221EE7BA"}]}]}],"references":[{"url":"https://github.com/VowpalWabbit/vowpal_wabbit/commit/998e390e80a7e8192d7849b7784bc113dbd190ad","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/VowpalWabbit/vowpal_wabbit/security/advisories/GHSA-cg2g-xgg7-3xxq","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://github.com/VowpalWabbit/vowpal_wabbit/security/advisories/GHSA-cg2g-xgg7-3xxq","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-48864","sourceIdentifier":"secalert@redhat.com","published":"2026-05-26T17:16:54.050","lastModified":"2026-05-28T19:22:42.087","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within `.solv` files due to insufficient input validation. An attacker can provide a specially crafted `.solv` file, which, when processed by a vulnerable application, can lead to out-of-bounds memory access. This could result in information disclosure, alteration of program execution, or a denial of service."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:opensuse:libsolv:0.7.36:*:*:*:*:*:*:*","matchCriteriaId":"2E5F661C-8F2D-41F8-9A8B-99611AFADC0C"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:hardened_images:-:*:*:*:*:*:*:*","matchCriteriaId":"87DEB507-5B64-47D7-9A50-3B87FD1E571F"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*","matchCriteriaId":"932D137F-528B-4526-9A89-CD59FA1AB0FE"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*","matchCriteriaId":"848C92A9-0677-442B-8D52-A448F2019903"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:update_infrastructure:4:*:*:*:*:*:*:*","matchCriteriaId":"E8D92E10-0E79-479F-A963-5657D1BC4E03"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:21333","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/security/cve/CVE-2026-48864","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460425","source":"secalert@redhat.com","tags":["Exploit","Issue Tracking","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-48896","sourceIdentifier":"security@joomla.org","published":"2026-05-26T17:16:54.213","lastModified":"2026-05-28T19:46:20.930","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Insufficient state checks lead to a vector that allows to bypass 2FA checks."}],"metrics":{"cvssMetricV40":[{"source":"security@joomla.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security@joomla.org","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"5.4.6","matchCriteriaId":"1F29F0C8-03D1-4381-B42C-9D46ED87C6E8"},{"vulnerable":true,"criteria":"cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0.0","versionEndExcluding":"6.1.1","matchCriteriaId":"F3C5DA4D-FEC6-4EF3-A886-FBF7DDE2EC33"}]}]}],"references":[{"url":"https://developer.joomla.org/security-centre/1043-20260511-core-mfa-authentication-bypass.html","source":"security@joomla.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-48897","sourceIdentifier":"security@joomla.org","published":"2026-05-26T17:16:54.333","lastModified":"2026-05-28T19:40:01.440","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Insufficient state checks lead to a vector that allows to bypass 2FA checks."}],"metrics":{"cvssMetricV40":[{"source":"security@joomla.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security@joomla.org","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"5.4.6","matchCriteriaId":"1F29F0C8-03D1-4381-B42C-9D46ED87C6E8"},{"vulnerable":true,"criteria":"cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0.0","versionEndExcluding":"6.1.1","matchCriteriaId":"F3C5DA4D-FEC6-4EF3-A886-FBF7DDE2EC33"}]}]}],"references":[{"url":"https://developer.joomla.org/security-centre/1044-20260512-core-mfa-authentication-bypass.html","source":"security@joomla.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-48901","sourceIdentifier":"security@joomla.org","published":"2026-05-26T17:16:54.880","lastModified":"2026-05-28T19:31:32.370","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The InputFilter::getInstance() method omitted a security sensitive parameter from the instance cache key."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-524"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"5.4.6","matchCriteriaId":"1F29F0C8-03D1-4381-B42C-9D46ED87C6E8"},{"vulnerable":true,"criteria":"cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0.0","versionEndExcluding":"6.1.1","matchCriteriaId":"F3C5DA4D-FEC6-4EF3-A886-FBF7DDE2EC33"}]}]}],"references":[{"url":"https://developer.joomla.org/security-centre/1049-20260517-core-incorrect-cache-key-construction-for-inputfilter-objects.html","source":"security@joomla.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-48902","sourceIdentifier":"security@joomla.org","published":"2026-05-26T17:16:54.970","lastModified":"2026-05-28T19:28:49.850","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The password and username reset features created plain http links for https connections if the \"Force SSL\" flag wasn't explicitly set."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"5.4.6","matchCriteriaId":"E56B6527-7D92-44BC-B7DD-69453A9B8617"},{"vulnerable":true,"criteria":"cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0.0","versionEndExcluding":"6.1.1","matchCriteriaId":"F3C5DA4D-FEC6-4EF3-A886-FBF7DDE2EC33"}]}]}],"references":[{"url":"https://developer.joomla.org/security-centre/1050-20260518-core-transport-encryption-downgrade-for-password-and-username-reset-links.html","source":"security@joomla.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-9562","sourceIdentifier":"cna@vuldb.com","published":"2026-05-26T17:16:57.413","lastModified":"2026-05-28T16:16:31.380","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM up to 56ba287f2e9031523ccb4244cb6e3fe530e4e5d5. The affected element is an unknown function of the component Dashboard. Such manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. Multiple endpoints are affected. The project was informed of the problem early through an issue report but has not responded yet."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-266"},{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://github.com/sambitraj/STUDENT-MANAGEMENT-SYSTEM/","source":"cna@vuldb.com"},{"url":"https://github.com/sambitraj/STUDENT-MANAGEMENT-SYSTEM/issues/1","source":"cna@vuldb.com"},{"url":"https://github.com/sambitraj/STUDENT-MANAGEMENT-SYSTEM/issues/1#issue-4348905508","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/815536","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/365625","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/365625/cti","source":"cna@vuldb.com"},{"url":"https://github.com/sambitraj/STUDENT-MANAGEMENT-SYSTEM/issues/1","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-9572","sourceIdentifier":"cna@vuldb.com","published":"2026-05-26T19:16:34.890","lastModified":"2026-05-28T14:32:47.800","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A security vulnerability has been detected in GPAC up to 2.4.0. Affected by this issue is the function Media_GetSample of the file src/isomedia/media.c of the component MP4Box. Such manipulation of the argument cat leads to memory leak. The attack can only be performed from a local environment. The exploit has been disclosed publicly and may be used. The name of the patch is e79c5cbe8b3fed27f4854ec229457d30c96206f1. It is best practice to apply a patch to resolve this issue."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.9,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:S/C:N/I:N/A:P","baseScore":1.7,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"LOW","exploitabilityScore":3.1,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-401"},{"lang":"en","value":"CWE-404"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gpac:gpac:*:*:*:*:*:*:*:*","versionEndIncluding":"2.4.0","matchCriteriaId":"3569968C-C15E-4091-B538-8B212A2F16CC"}]}]}],"references":[{"url":"https://github.com/gpac/gpac/","source":"cna@vuldb.com","tags":["Product"]},{"url":"https://github.com/gpac/gpac/commit/e79c5cbe8b3fed27f4854ec229457d30c96206f1","source":"cna@vuldb.com","tags":["Patch"]},{"url":"https://github.com/gpac/gpac/issues/3557","source":"cna@vuldb.com","tags":["Exploit","Issue Tracking"]},{"url":"https://github.com/user-attachments/files/27270415/poc.zip","source":"cna@vuldb.com","tags":["Exploit"]},{"url":"https://vuldb.com/submit/817137","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/vuln/365631","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/vuln/365631/cti","source":"cna@vuldb.com","tags":["Permissions Required","VDB Entry"]},{"url":"https://github.com/gpac/gpac/issues/3557","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Issue Tracking"]},{"url":"https://vuldb.com/submit/817137","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2026-44214","sourceIdentifier":"security-advisories@github.com","published":"2026-05-26T20:16:19.803","lastModified":"2026-05-28T14:30:02.060","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"eventsource-encoder encodes events as well-formed EventSource/Server Sent Event (SSE) messages. Prior to 1.0.2, eventsource-encoder does not sanitize the event or id fields of an EventSourceMessage before serializing them. An attacker who controls either field can inject arbitrary Server-Sent Events line terminators (\\n, \\r, or \\r\\n) and thereby forge additional SSE fields or entire messages on the stream. This vulnerability is fixed in 1.0.2."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N","baseScore":5.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-93"},{"lang":"en","value":"CWE-113"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rexxars:eventsource-encoder:*:*:*:*:*:node.js:*:*","versionEndExcluding":"1.0.2","matchCriteriaId":"8177C5C4-DAA1-43A8-A156-EEE62C9080A1"}]}]}],"references":[{"url":"https://github.com/rexxars/eventsource-encoder/security/advisories/GHSA-m9g3-3g99-mhpx","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://github.com/rexxars/eventsource-encoder/security/advisories/GHSA-m9g3-3g99-mhpx","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44443","sourceIdentifier":"security-advisories@github.com","published":"2026-05-26T21:16:37.760","lastModified":"2026-05-28T16:16:24.340","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Lumiverse is a full-featured AI chat application. Prior to 0.9.7, consumeNonce() only checks that the module-level variable is set and unexpired. It does not validate any value from the incoming HTTP request or bind the nonce to the admin's session. If the admin's auth.api.signUpEmail() call fails before the before hook fires (e.g. BetterAuth rejects a duplicate email at the validation layer), the nonce is set but never consumed. Any POST /api/auth/sign-up/email request that arrives during the remaining window registers successfully regardless of who sent it. An attacker who can observe or predict when the admin is creating users (must be a dupplicate user) can race the 10-second window to register an unauthorized account. This vulnerability is fixed in 0.9.7."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":2.5}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-362"}]}],"references":[{"url":"https://github.com/prolix-oc/Lumiverse/security/advisories/GHSA-6fcp-x253-wwv7","source":"security-advisories@github.com"},{"url":"https://github.com/prolix-oc/Lumiverse/security/advisories/GHSA-6fcp-x253-wwv7","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-44708","sourceIdentifier":"security-advisories@github.com","published":"2026-05-26T21:16:38.527","lastModified":"2026-05-28T13:44:30.730","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the mistune math plugin renders inline math ($...$) and block math ($$...$$) by concatenating the raw user-supplied content directly into the HTML output without any HTML escaping. This occurs even when the parser is explicitly created with escape=True, which is supposed to guarantee that all user-controlled text is sanitised before reaching the DOM. This vulnerability is fixed in 3.2.1."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mistune_project:mistune:*:*:*:*:*:*:*:*","versionEndExcluding":"3.2.1","matchCriteriaId":"A91629D7-7A30-4A3F-B1AD-17FE21D59820"}]}]}],"references":[{"url":"https://github.com/lepture/mistune/releases/tag/v3.2.1","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/lepture/mistune/security/advisories/GHSA-8g87-j6q8-g93x","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/lepture/mistune/security/advisories/GHSA-8g87-j6q8-g93x","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44837","sourceIdentifier":"security-advisories@github.com","published":"2026-05-26T21:16:38.853","lastModified":"2026-05-28T16:16:24.977","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"view_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whether the resolved path starts with the temp directory path. This is not a safe containment check because sibling directories can share the same string prefix. This vulnerability is fixed in 4.9.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-187"}]}],"references":[{"url":"https://github.com/ViewComponent/view_component/security/advisories/GHSA-hg3h-g7xc-f7vp","source":"security-advisories@github.com"},{"url":"https://github.com/ViewComponent/view_component/security/advisories/GHSA-hg3h-g7xc-f7vp","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-44896","sourceIdentifier":"security-advisories@github.com","published":"2026-05-26T21:16:39.477","lastModified":"2026-05-28T13:43:22.150","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Mistune is a Python Markdown parser with renderers and plugins. In 3.2.0 and realier, in src/mistune/directives/image.py, the render_figure() function concatenates figclass and figwidth options directly into HTML attributes without escaping. This allows attribute injection and XSS even when HTMLRenderer(escape=True) is used, because these values bypass the inline renderer."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mistune_project:mistune:*:*:*:*:*:*:*:*","versionEndIncluding":"3.2.0","matchCriteriaId":"D647BA3B-A532-4964-8200-19F77A0676D0"}]}]}],"references":[{"url":"https://github.com/lepture/mistune/security/advisories/GHSA-58cw-g322-p94v","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44897","sourceIdentifier":"security-advisories@github.com","published":"2026-05-26T21:16:39.657","lastModified":"2026-05-28T13:42:42.863","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, HTMLRenderer.heading() builds the opening <hN> tag by string-concatenating the id attribute value directly into the HTML — with no call to escape(), safe_entity(), or any other sanitisation function. A double-quote character \" in the id value terminates the attribute, allowing an attacker to inject arbitrary additional attributes (event handlers, src=, href=, etc.) into the heading element. This vulnerability is fixed in 3.2.1."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mistune_project:mistune:*:*:*:*:*:*:*:*","versionEndExcluding":"3.2.1","matchCriteriaId":"A91629D7-7A30-4A3F-B1AD-17FE21D59820"}]}]}],"references":[{"url":"https://github.com/lepture/mistune/releases/tag/v3.2.1","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/lepture/mistune/security/advisories/GHSA-v87v-83h2-53w7","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44898","sourceIdentifier":"security-advisories@github.com","published":"2026-05-26T21:16:39.810","lastModified":"2026-05-28T13:42:13.527","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, render_toc_ul() builds a <ul> table-of-contents tree from a list of (level, id, text) tuples. Both the id value (used as href=\"#<id>\") and the text value (used as the visible link label) are inserted into <a> tags via a plain Python format string — with no HTML escaping applied to either value. When heading IDs are derived from user-supplied heading text (the standard use-case for readable slug anchors), an attacker can craft a heading whose text breaks out of the href=\"#...\" attribute context, injecting arbitrary HTML tags including <script> blocks directly into the rendered TOC. This vulnerability is fixed in 3.2.1."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mistune_project:mistune:*:*:*:*:*:*:*:*","versionEndExcluding":"3.2.1","matchCriteriaId":"A91629D7-7A30-4A3F-B1AD-17FE21D59820"}]}]}],"references":[{"url":"https://github.com/lepture/mistune/releases/tag/v3.2.1","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/lepture/mistune/security/advisories/GHSA-6269-cqxg-mhhv","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/lepture/mistune/security/advisories/GHSA-6269-cqxg-mhhv","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44899","sourceIdentifier":"security-advisories@github.com","published":"2026-05-26T21:16:39.953","lastModified":"2026-05-28T13:38:38.980","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the Image directive plugin validates the :width: and :height: options with a regex compiled as _num_re = re.compile(r\"^\\d+(?:\\.\\d*)?\"). When the validated value is not a plain integer, render_block_image() inserts it directly into a style=\"width:...;\" or style=\"height:...;\" attribute. Because the value was accepted by the prefix-only regex, any CSS after the leading digits reaches the style= attribute verbatim and without escaping. This vulnerability is fixed in 3.2.1."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mistune_project:mistune:*:*:*:*:*:*:*:*","versionEndExcluding":"3.2.1","matchCriteriaId":"A91629D7-7A30-4A3F-B1AD-17FE21D59820"}]}]}],"references":[{"url":"https://github.com/lepture/mistune/releases/tag/v3.2.1","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/lepture/mistune/security/advisories/GHSA-ccfx-mfmx-2fx9","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/lepture/mistune/security/advisories/GHSA-ccfx-mfmx-2fx9","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-9581","sourceIdentifier":"cna@vuldb.com","published":"2026-05-26T21:16:45.327","lastModified":"2026-05-28T14:16:26.503","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was identified in JeecgBoot up to 3.9.1. The impacted element is an unknown function of the file /sys/comment/add. Such manipulation leads to improper access controls. The attack can be executed remotely. The exploit is publicly available and might be used. Upgrading to version 3.9.2 is sufficient to resolve this issue. Upgrading the affected component is recommended."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-266"},{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://github.com/jeecgboot/JeecgBoot/","source":"cna@vuldb.com"},{"url":"https://github.com/jeecgboot/JeecgBoot/issues/9598","source":"cna@vuldb.com"},{"url":"https://github.com/jeecgboot/JeecgBoot/issues/9598#issuecomment-4385719753","source":"cna@vuldb.com"},{"url":"https://github.com/jeecgboot/JeecgBoot/releases/tag/v3.9.2","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/817918","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/365637","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/365637/cti","source":"cna@vuldb.com"},{"url":"https://github.com/jeecgboot/JeecgBoot/issues/9598#issuecomment-4385719753","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-9583","sourceIdentifier":"cna@vuldb.com","published":"2026-05-26T21:16:45.667","lastModified":"2026-05-28T16:16:31.500","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A weakness has been identified in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This impacts an unknown function of the file /index.php of the component SQL Handler. Executing a manipulation can lead to information exposure through error message. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"},{"lang":"en","value":"CWE-209"}]}],"references":[{"url":"https://github.com/NARKHEDE-VAIBHAV/poc/blob/main/CVE-2026-9583-Information-Disclosure/Advisory.md","source":"cna@vuldb.com"},{"url":"https://github.com/NARKHEDE-VAIBHAV/poc/blob/main/CVE-2026-9583-Information-Disclosure/poc.sh","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/817932","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/365639","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/365639/cti","source":"cna@vuldb.com"},{"url":"https://www.sourcecodester.com/","source":"cna@vuldb.com"},{"url":"https://github.com/NARKHEDE-VAIBHAV/poc/blob/main/CVE-2026-9583-Information-Disclosure/poc.sh","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-46740","sourceIdentifier":"9b29abf9-4ab0-4765-b253-1875cd9b441e","published":"2026-05-26T23:16:20.923","lastModified":"2026-05-28T16:16:27.847","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections.\n\nThe metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics.\n\nVersion 0.06 changes the module from being a statsd client to using a separate statsd client. It defaults to using a version of Net::Statsd::Tiny that fixes a similar issue (CVE-2026-46720)."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","type":"Secondary","description":[{"lang":"en","value":"CWE-93"}]}],"references":[{"url":"https://github.com/robrwo/perl-Mojolicious-Plugin-Statsd/commit/f049156982a2c0b8050f173e24a04a29ddd64853.patch","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"https://metacpan.org/release/RRWO/Mojolicious-Plugin-Statsd-0.06/changes","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-46720","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"}]}},{"cve":{"id":"CVE-2026-8647","sourceIdentifier":"9b29abf9-4ab0-4765-b253-1875cd9b441e","published":"2026-05-26T23:16:21.247","lastModified":"2026-05-28T16:16:30.660","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Crypt::ScryptKDF versions through 0.010 for Perl uses insecure random number source when no CSPRNG module is available.\n\nThe random_bytes function fell back to using the built-in rand() function when none of the Perl modules Crypt::PRNG, Crypt::OpenSSL::Random, Net::SSLeay, Crypt::Random, or Bytes::Random::Secure were available."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":2.5}]},"weaknesses":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","type":"Secondary","description":[{"lang":"en","value":"CWE-338"}]}],"references":[{"url":"https://metacpan.org/release/MIK/Crypt-ScryptKDF-0.011/changes","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"https://metacpan.org/release/MIK/Crypt-ScryptKDF-0.011/diff/MIK/Crypt-ScryptKDF-0.010#lib/Crypt/ScryptKDF.pm","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"http://www.openwall.com/lists/oss-security/2026/05/26/8","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-9605","sourceIdentifier":"cna@vuldb.com","published":"2026-05-27T00:16:39.157","lastModified":"2026-05-28T14:16:26.630","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw has been found in GNU libredwg up to 0.13.4.8160. This issue affects the function bit_read_RC of the file bits.c of the component Dwgbmp Utility. This manipulation causes heap-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used. Patch name: 8f03865f37f5d4ffd616fef802acc980be54d300. Applying a patch is the recommended action to fix this issue."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-119"},{"lang":"en","value":"CWE-122"}]}],"references":[{"url":"https://github.com/HackC0der/CVE-Repos/blob/main/libredwg/libredwg_6d6a339_heap_oob_write_read_2004_compressed_section.dwg","source":"cna@vuldb.com"},{"url":"https://github.com/LibreDWG/libredwg/commit/8f03865f37f5d4ffd616fef802acc980be54d300","source":"cna@vuldb.com"},{"url":"https://github.com/LibreDWG/libredwg/issues/1248","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/818197","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/365678","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/365678/cti","source":"cna@vuldb.com"},{"url":"https://www.gnu.org/","source":"cna@vuldb.com"},{"url":"https://github.com/LibreDWG/libredwg/issues/1248","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"},{"url":"https://vuldb.com/submit/818197","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-9607","sourceIdentifier":"cna@vuldb.com","published":"2026-05-27T00:16:39.567","lastModified":"2026-05-28T16:16:31.750","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was found in itsourcecode Courier Management System 1.0. The affected element is an unknown function of the file /parcel_list.php. Performing a manipulation of the argument s results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-74"},{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://github.com/ltranquility/cve_submit/issues/19","source":"cna@vuldb.com"},{"url":"https://itsourcecode.com/","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/818333","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/365680","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/365680/cti","source":"cna@vuldb.com"},{"url":"https://github.com/ltranquility/cve_submit/issues/19","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-9207","sourceIdentifier":"3938794e-25f5-4123-a1ba-5cbd7f104512","published":"2026-05-27T02:16:35.130","lastModified":"2026-05-28T13:31:51.413","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Tanium addressed an unauthorized code execution vulnerability in Connect."}],"metrics":{"cvssMetricV31":[{"source":"3938794e-25f5-4123-a1ba-5cbd7f104512","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"3938794e-25f5-4123-a1ba-5cbd7f104512","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tanium:connect:*:*:*:*:*:*:*:*","versionStartIncluding":"5.26.0","versionEndExcluding":"5.26.191","matchCriteriaId":"1A1A615A-ACF4-456D-BBE8-B0F70FB7DA4B"},{"vulnerable":true,"criteria":"cpe:2.3:a:tanium:connect:*:*:*:*:*:*:*:*","versionStartIncluding":"5.29.0","versionEndExcluding":"5.29.237","matchCriteriaId":"59870041-B951-4A62-A0BD-A603F02395AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:tanium:connect:*:*:*:*:*:*:*:*","versionStartIncluding":"5.37.0","versionEndExcluding":"5.37.140","matchCriteriaId":"6AE994A8-3B04-48FC-8E91-D1B56A68248F"}]}]}],"references":[{"url":"https://security.tanium.com/TAN-2026-014","source":"3938794e-25f5-4123-a1ba-5cbd7f104512","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-9628","sourceIdentifier":"cna@vuldb.com","published":"2026-05-27T02:16:35.747","lastModified":"2026-05-28T16:16:31.907","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A weakness has been identified in UTT HiPER 1200GW up to 2.5.3-170306. Affected is an unknown function of the file /goform/formPptpClientConfig of the component Web Management Interface. This manipulation of the argument PPTP server address/username/password/tunnel name causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:C/I:C/A:C","baseScore":9.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-119"},{"lang":"en","value":"CWE-121"}]}],"references":[{"url":"https://github.com/luozhibo-sec/cve/blob/main/10.md","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/818380","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/365684","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/365684/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2024-47267","sourceIdentifier":"security@synology.com","published":"2026-05-27T09:16:25.483","lastModified":"2026-05-28T18:39:06.600","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Archiving Pull functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors."}],"metrics":{"cvssMetricV31":[{"source":"security@synology.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N","baseScore":2.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":1.4}]},"weaknesses":[{"source":"security@synology.com","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:synology:surveillance_station:*:*:*:*:*:*:*:*","versionEndExcluding":"9.2.2-11575","matchCriteriaId":"B02CB55A-6F45-4248-A34D-2FFFCC003A51"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:synology:diskstation_manager:7.2:*:*:*:*:*:*:*","matchCriteriaId":"5C262042-304B-49DC-BB4B-655C5C36D88C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:synology:surveillance_station:*:*:*:*:*:*:*:*","versionEndExcluding":"9.2.2-11575","matchCriteriaId":"B02CB55A-6F45-4248-A34D-2FFFCC003A51"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:synology:diskstation_manager:7.1:*:*:*:*:*:*:*","matchCriteriaId":"10C4B055-D99B-4D58-811C-DD323A68A890"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:synology:surveillance_station:*:*:*:*:*:*:*:*","versionEndExcluding":"9.2.2-9575","matchCriteriaId":"E588B043-105F-41E8-8692-8261DF4B5081"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:synology:diskstation_manager:6.2:*:*:*:*:*:*:*","matchCriteriaId":"D9685B12-824F-42AD-B87C-6E7A78BB7FA5"}]}]}],"references":[{"url":"https://www.synology.com/en-global/security/advisory/Synology_SA_24_25","source":"security@synology.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2024-47268","sourceIdentifier":"security@synology.com","published":"2026-05-27T09:16:25.620","lastModified":"2026-05-28T18:38:41.937","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Missing authorization vulnerability in AddOns functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors."}],"metrics":{"cvssMetricV31":[{"source":"security@synology.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6}]},"weaknesses":[{"source":"security@synology.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:synology:surveillance_station:*:*:*:*:*:*:*:*","versionEndExcluding":"9.2.2-11575","matchCriteriaId":"B02CB55A-6F45-4248-A34D-2FFFCC003A51"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:synology:diskstation_manager:7.2:*:*:*:*:*:*:*","matchCriteriaId":"5C262042-304B-49DC-BB4B-655C5C36D88C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:synology:surveillance_station:*:*:*:*:*:*:*:*","versionEndExcluding":"9.2.2-11575","matchCriteriaId":"B02CB55A-6F45-4248-A34D-2FFFCC003A51"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:synology:diskstation_manager:7.1:*:*:*:*:*:*:*","matchCriteriaId":"10C4B055-D99B-4D58-811C-DD323A68A890"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:synology:surveillance_station:*:*:*:*:*:*:*:*","versionEndExcluding":"9.2.2-9575","matchCriteriaId":"E588B043-105F-41E8-8692-8261DF4B5081"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:synology:diskstation_manager:6.2:*:*:*:*:*:*:*","matchCriteriaId":"D9685B12-824F-42AD-B87C-6E7A78BB7FA5"}]}]}],"references":[{"url":"https://www.synology.com/en-global/security/advisory/Synology_SA_24_25","source":"security@synology.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2024-47269","sourceIdentifier":"security@synology.com","published":"2026-05-27T09:16:25.740","lastModified":"2026-05-28T18:38:22.603","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Cleartext transmission of sensitive information vulnerability in Export Key functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors."}],"metrics":{"cvssMetricV31":[{"source":"security@synology.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6}]},"weaknesses":[{"source":"security@synology.com","type":"Primary","description":[{"lang":"en","value":"CWE-319"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:synology:surveillance_station:*:*:*:*:*:*:*:*","versionEndExcluding":"9.2.2-11575","matchCriteriaId":"B02CB55A-6F45-4248-A34D-2FFFCC003A51"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:synology:diskstation_manager:7.2:*:*:*:*:*:*:*","matchCriteriaId":"5C262042-304B-49DC-BB4B-655C5C36D88C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:synology:surveillance_station:*:*:*:*:*:*:*:*","versionEndExcluding":"9.2.2-11575","matchCriteriaId":"B02CB55A-6F45-4248-A34D-2FFFCC003A51"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:synology:diskstation_manager:7.1:*:*:*:*:*:*:*","matchCriteriaId":"10C4B055-D99B-4D58-811C-DD323A68A890"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:synology:surveillance_station:*:*:*:*:*:*:*:*","versionEndExcluding":"9.2.2-9575","matchCriteriaId":"E588B043-105F-41E8-8692-8261DF4B5081"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:synology:diskstation_manager:6.2:*:*:*:*:*:*:*","matchCriteriaId":"D9685B12-824F-42AD-B87C-6E7A78BB7FA5"}]}]}],"references":[{"url":"https://www.synology.com/en-global/security/advisory/Synology_SA_24_25","source":"security@synology.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2024-47270","sourceIdentifier":"security@synology.com","published":"2026-05-27T09:16:25.867","lastModified":"2026-05-28T18:38:05.003","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper preservation of permissions vulnerability in Archiving Push functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors."}],"metrics":{"cvssMetricV31":[{"source":"security@synology.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N","baseScore":2.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":1.4}]},"weaknesses":[{"source":"security@synology.com","type":"Primary","description":[{"lang":"en","value":"CWE-281"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:synology:surveillance_station:*:*:*:*:*:*:*:*","versionEndExcluding":"9.2.2-11575","matchCriteriaId":"B02CB55A-6F45-4248-A34D-2FFFCC003A51"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:synology:diskstation_manager:7.2:*:*:*:*:*:*:*","matchCriteriaId":"5C262042-304B-49DC-BB4B-655C5C36D88C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:synology:surveillance_station:*:*:*:*:*:*:*:*","versionEndExcluding":"9.2.2-11575","matchCriteriaId":"B02CB55A-6F45-4248-A34D-2FFFCC003A51"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:synology:diskstation_manager:7.1:*:*:*:*:*:*:*","matchCriteriaId":"10C4B055-D99B-4D58-811C-DD323A68A890"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:synology:surveillance_station:*:*:*:*:*:*:*:*","versionEndExcluding":"9.2.2-9575","matchCriteriaId":"E588B043-105F-41E8-8692-8261DF4B5081"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:synology:diskstation_manager:6.2:*:*:*:*:*:*:*","matchCriteriaId":"D9685B12-824F-42AD-B87C-6E7A78BB7FA5"}]}]}],"references":[{"url":"https://www.synology.com/en-global/security/advisory/Synology_SA_24_25","source":"security@synology.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2024-47271","sourceIdentifier":"security@synology.com","published":"2026-05-27T09:16:25.987","lastModified":"2026-05-28T18:37:41.423","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Insufficiently protected credentials vulnerability in IPSpeaker component in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors."}],"metrics":{"cvssMetricV31":[{"source":"security@synology.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6}]},"weaknesses":[{"source":"security@synology.com","type":"Primary","description":[{"lang":"en","value":"CWE-522"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:synology:surveillance_station:*:*:*:*:*:*:*:*","versionEndExcluding":"9.2.2-11575","matchCriteriaId":"B02CB55A-6F45-4248-A34D-2FFFCC003A51"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:synology:diskstation_manager:7.2:*:*:*:*:*:*:*","matchCriteriaId":"5C262042-304B-49DC-BB4B-655C5C36D88C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:synology:surveillance_station:*:*:*:*:*:*:*:*","versionEndExcluding":"9.2.2-11575","matchCriteriaId":"B02CB55A-6F45-4248-A34D-2FFFCC003A51"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:synology:diskstation_manager:7.1:*:*:*:*:*:*:*","matchCriteriaId":"10C4B055-D99B-4D58-811C-DD323A68A890"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:synology:surveillance_station:*:*:*:*:*:*:*:*","versionEndExcluding":"9.2.2-9575","matchCriteriaId":"E588B043-105F-41E8-8692-8261DF4B5081"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:synology:diskstation_manager:6.2:*:*:*:*:*:*:*","matchCriteriaId":"D9685B12-824F-42AD-B87C-6E7A78BB7FA5"}]}]}],"references":[{"url":"https://www.synology.com/en-global/security/advisory/Synology_SA_24_25","source":"security@synology.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2024-47272","sourceIdentifier":"security@synology.com","published":"2026-05-27T09:16:26.100","lastModified":"2026-05-28T18:37:15.180","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Incorrect authorization vulnerability in IO Module functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors."}],"metrics":{"cvssMetricV31":[{"source":"security@synology.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N","baseScore":2.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":1.4}]},"weaknesses":[{"source":"security@synology.com","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:synology:surveillance_station:*:*:*:*:*:*:*:*","versionEndExcluding":"9.2.2-11575","matchCriteriaId":"B02CB55A-6F45-4248-A34D-2FFFCC003A51"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:synology:diskstation_manager:7.2:*:*:*:*:*:*:*","matchCriteriaId":"5C262042-304B-49DC-BB4B-655C5C36D88C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:synology:surveillance_station:*:*:*:*:*:*:*:*","versionEndExcluding":"9.2.2-11575","matchCriteriaId":"B02CB55A-6F45-4248-A34D-2FFFCC003A51"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:synology:diskstation_manager:7.1:*:*:*:*:*:*:*","matchCriteriaId":"10C4B055-D99B-4D58-811C-DD323A68A890"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:synology:surveillance_station:*:*:*:*:*:*:*:*","versionEndExcluding":"9.2.2-9575","matchCriteriaId":"E588B043-105F-41E8-8692-8261DF4B5081"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:synology:diskstation_manager:6.2:*:*:*:*:*:*:*","matchCriteriaId":"D9685B12-824F-42AD-B87C-6E7A78BB7FA5"}]}]}],"references":[{"url":"https://www.synology.com/en-global/security/advisory/Synology_SA_24_25","source":"security@synology.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-13167","sourceIdentifier":"security@synology.com","published":"2026-05-27T09:16:26.483","lastModified":"2026-05-28T16:37:51.813","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in contact functionality in Synology Contacts before 1.0.10-20659 allows remote authenticated users to read or write specific files containing non-sensitive information via unspecified vectors."}],"metrics":{"cvssMetricV31":[{"source":"security@synology.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"security@synology.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:synology:contacts:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.10-20659","matchCriteriaId":"72BE2803-868B-412E-8A58-46F0D26C8B26"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:synology:diskstation_manager:7.2.1:*:*:*:*:*:*:*","matchCriteriaId":"591E364C-B846-4FFF-815C-5E1BC2FB8A6C"},{"vulnerable":false,"criteria":"cpe:2.3:o:synology:diskstation_manager:7.2.2:*:*:*:*:*:*:*","matchCriteriaId":"4E22F435-F709-495B-84B4-A478C63331B9"},{"vulnerable":false,"criteria":"cpe:2.3:o:synology:diskstation_manager:7.3:*:*:*:*:*:*:*","matchCriteriaId":"B4B9ADBD-1F6B-4BA9-9B78-042C5EF41EC4"}]}]}],"references":[{"url":"https://www.synology.com/en-global/security/advisory/Synology_SA_25_13","source":"security@synology.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-23679","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-27T14:16:44.170","lastModified":"2026-05-28T17:16:19.977","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"libusb before version 1.0.30 contains a NULL pointer dereference vulnerability that allows attackers to crash applications by supplying a malformed USB configuration descriptor where an interface claims bNumEndpoints greater than zero but is followed by a class-specific descriptor whose bLength exceeds the remaining buffer size, causing parse_interface() to return early without allocating the endpoint array. Attackers can exploit this flaw through libusb_get_active_config_descriptor or libusb_get_config_descriptor by providing crafted descriptors via virtualized USB passthrough, file-based descriptor parsing, or network sources, causing any application iterating over endpoints to dereference a NULL endpoint pointer and crash."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":6.2,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libusb:libusb:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.30","matchCriteriaId":"ED05FDD2-4306-4649-AC78-E43E99ED647A"}]}]}],"references":[{"url":"https://github.com/libusb/libusb/commit/578ab76b4c434f8b204137ab6d7310689c7a9704","source":"disclosure@vulncheck.com","tags":["Patch"]},{"url":"https://github.com/libusb/libusb/issues/1813","source":"disclosure@vulncheck.com","tags":["Issue Tracking","Mitigation"]},{"url":"https://github.com/libusb/libusb/pull/1814","source":"disclosure@vulncheck.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/libusb/libusb/releases/tag/v1.0.30","source":"disclosure@vulncheck.com","tags":["Product","Release Notes"]},{"url":"https://www.vulncheck.com/advisories/libusb-null-pointer-dereference-in-parse-interface","source":"disclosure@vulncheck.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/libusb/libusb/issues/1813","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Issue Tracking","Mitigation"]}]}},{"cve":{"id":"CVE-2026-2340","sourceIdentifier":"secalert@redhat.com","published":"2026-05-27T14:16:44.387","lastModified":"2026-05-28T15:33:05.360","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in Samba’s vfs_worm module. The module is intended to provide write-once, read-many (WORM) protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share could overwrite a protected file by renaming a newly created file over the existing WORM-protected file."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Primary","description":[{"lang":"en","value":"CWE-280"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*","matchCriteriaId":"932D137F-528B-4526-9A89-CD59FA1AB0FE"},{"vulnerable":true,"criteria":"cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*","versionStartIncluding":"4.1.0","matchCriteriaId":"ED3DD507-0A0D-4BB9-8789-FB6BBCDEB506"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}]}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-2340","source":"secalert@redhat.com","tags":["Mitigation","Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2447318","source":"secalert@redhat.com","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://bugzilla.samba.org/show_bug.cgi?id=15997","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-36045","sourceIdentifier":"cve@mitre.org","published":"2026-05-27T14:16:45.287","lastModified":"2026-05-28T14:16:18.683","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"picoclaw <=v0.1.2 and earlier is vulnerable to OS command injection via the ExecTool component (pkg/tools/shell.go). The guardCommand() function attempts to restrict shell command execution using a denylist of 8 regular expressions, but the denylist is incomplete."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://gist.github.com/NucleiAv/41899be6266a9813840301577792ed68","source":"cve@mitre.org"},{"url":"https://github.com/sipeed/picoclaw/releases/tag/v0.1.2","source":"cve@mitre.org"},{"url":"https://gist.github.com/NucleiAv/41899be6266a9813840301577792ed68","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-36538","sourceIdentifier":"cve@mitre.org","published":"2026-05-27T14:16:45.403","lastModified":"2026-05-28T14:16:18.853","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Netis AC1200 Router NC21 V4.0.1.4296 contains a hard-coded root credential stored in /etc/shadow.sample. The password for the root account is set to the trivially weak value root, allowing an attacker with access to the device to authenticate as root and gain full control of the underlying operating system."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-798"}]}],"references":[{"url":"http://netis-system.com","source":"cve@mitre.org"},{"url":"https://github.com/sir3ns/cve-disclosure/blob/main/CVE-2026-36538/readme.md","source":"cve@mitre.org"},{"url":"https://github.com/sir3ns/cve-disclosure/blob/main/CVE-2026-36538/readme.md","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-36539","sourceIdentifier":"cve@mitre.org","published":"2026-05-27T14:16:45.527","lastModified":"2026-05-28T14:16:19.007","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Netis AC1200 Router NC21 V4.0.1.4296 exposes a CGI endpoint /cgi-bin/skk_get.cgi that returns the entire router configuration as a JSON response with no authentication required. Any attacker on the LAN can send a single HTTP GET request and instantly retrieve administrator credentials, WiFi passwords, PPPoE credentials, DDNS credentials, and a full map of all connected devices."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://github.com/sir3ns/cve-disclosure/blob/main/CVE-2026-36539/readme.md","source":"cve@mitre.org"},{"url":"https://github.com/sir3ns/cve-disclosure/blob/main/CVE-2026-36539/readme.md","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-36540","sourceIdentifier":"cve@mitre.org","published":"2026-05-27T14:16:45.637","lastModified":"2026-05-28T14:16:19.160","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Netis AC1200 Router NC21 V4.0.1.4296 is vulnerable to unauthenticated command injection via the /cgi-bin/skk_set.cgi endpoint. The password and new_pwd_confirm POST parameters are passed directly to the underlying OS shell without sanitization. An attacker can inject arbitrary shell commands by wrapping them in backticks (`) and encoding them in base64. Because the endpoint requires no authentication, any device on the LAN can achieve full Remote Code Execution on the router's operating system with a single HTTP POST request."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-77"}]}],"references":[{"url":"http://netis-system.com","source":"cve@mitre.org"},{"url":"https://github.com/sir3ns/cve-disclosure/blob/main/CVE-2026-36540/readme.md","source":"cve@mitre.org"},{"url":"https://github.com/sir3ns/cve-disclosure/blob/main/CVE-2026-36540/readme.md","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-38422","sourceIdentifier":"cve@mitre.org","published":"2026-05-27T14:16:45.753","lastModified":"2026-05-28T14:16:19.563","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Buffer Overflow vulnerability in arendst Tasmota v.15.3.0.3 and before allows a remote attacker to execute arbitrary code via the tasmota/tasmota_xdrv_driver/xdrv_10_scripter.ino, fetch_jpg() function."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]}],"references":[{"url":"https://github.com/arendst/Tasmota","source":"cve@mitre.org"},{"url":"https://github.com/arendst/Tasmota/blob/development/tasmota/tasmota_xdrv_driver/xdrv_10_scripter.ino","source":"cve@mitre.org"},{"url":"https://github.com/sermikr0/CVE-2026-38422","source":"cve@mitre.org"},{"url":"https://github.com/sermikr0/CVE-2026-38422","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-47104","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-27T14:17:32.590","lastModified":"2026-05-28T15:40:44.660","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"libusb before version 1.0.30 contains a one-byte out-of-bounds read vulnerability in parse_iad_array() in descriptor.c that allows attackers to trigger a denial of service by supplying a malformed USB descriptor whose bLength equals size minus one, causing the bounds check to use the original buffer size instead of the remaining size. Attackers in virtualized environments with USB passthrough can supply crafted descriptors through libusb_get_active_interface_association_descriptors or libusb_get_interface_association_descriptors to read one byte past the end of the malloc allocation, resulting in a denial of service."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":4.0,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.5,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libusb:libusb:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.30","matchCriteriaId":"ED05FDD2-4306-4649-AC78-E43E99ED647A"}]}]}],"references":[{"url":"https://github.com/libusb/libusb/commit/578ab76b4c434f8b204137ab6d7310689c7a9704","source":"disclosure@vulncheck.com","tags":["Patch"]},{"url":"https://github.com/libusb/libusb/issues/1813","source":"disclosure@vulncheck.com","tags":["Issue Tracking","Mitigation"]},{"url":"https://github.com/libusb/libusb/pull/1814","source":"disclosure@vulncheck.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/libusb/libusb/releases/tag/v1.0.30","source":"disclosure@vulncheck.com","tags":["Product","Release Notes"]},{"url":"https://www.vulncheck.com/advisories/libusb-out-of-bounds-read-in-parse-iad-array","source":"disclosure@vulncheck.com","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-5515","sourceIdentifier":"psirt@us.ibm.com","published":"2026-05-27T14:17:34.137","lastModified":"2026-05-28T15:55:24.140","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"IBM App Connect Enterprise 13.0.1.0 through 13.0.7.0 stores potentially sensitive information in log files that could be read by a local user."}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-922"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:app_connect_enterprise:*:*:*:*:*:*:*:*","versionStartIncluding":"13.0.1.0","versionEndExcluding":"13.0.7.1","matchCriteriaId":"8EF783AA-BC2C-4E19-AB50-5974FD5FC9CB"}]}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7272270","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-6051","sourceIdentifier":"psirt@us.ibm.com","published":"2026-05-27T14:17:34.370","lastModified":"2026-05-28T15:55:06.300","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when executing a specially crafted query with a small statement heap."}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"psirt@us.ibm.com","type":"Primary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:db2:*:*:*:*:-:*:*:*","versionStartIncluding":"11.5.0","versionEndIncluding":"11.5.9","matchCriteriaId":"210F96C9-B756-434F-8F82-CC7834829F43"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:db2:*:*:*:*:-:*:*:*","versionStartIncluding":"12.1.0","versionEndIncluding":"12.1.4","matchCriteriaId":"3E4312C4-5E1B-44C5-915B-A9E3483506BF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*","matchCriteriaId":"E492C463-D76E-49B7-A4D4-3B499E422D89"},{"vulnerable":false,"criteria":"cpe:2.3:o:ibm:linux_on_ibm_z:-:*:*:*:*:*:*:*","matchCriteriaId":"B955E472-47E3-4C32-847B-F6BB05594BA3"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7273558","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-6052","sourceIdentifier":"psirt@us.ibm.com","published":"2026-05-27T14:17:34.513","lastModified":"2026-05-28T15:51:31.187","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to running out of memory when executing certain queries with MDC tables."}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:db2:*:*:*:*:-:*:*:*","versionStartIncluding":"11.5.0","versionEndIncluding":"11.5.9","matchCriteriaId":"210F96C9-B756-434F-8F82-CC7834829F43"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:db2:*:*:*:*:-:*:*:*","versionStartIncluding":"12.1.0","versionEndIncluding":"12.1.4","matchCriteriaId":"3E4312C4-5E1B-44C5-915B-A9E3483506BF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*","matchCriteriaId":"E492C463-D76E-49B7-A4D4-3B499E422D89"},{"vulnerable":false,"criteria":"cpe:2.3:o:ibm:linux_on_ibm_z:-:*:*:*:*:*:*:*","matchCriteriaId":"B955E472-47E3-4C32-847B-F6BB05594BA3"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7273557","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-6053","sourceIdentifier":"psirt@us.ibm.com","published":"2026-05-27T14:17:34.633","lastModified":"2026-05-28T15:46:36.133","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when a specially crafted query is run with range partitioned tables."}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"psirt@us.ibm.com","type":"Primary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:db2:*:*:*:*:-:*:*:*","versionStartIncluding":"11.5.0","versionEndIncluding":"11.5.9","matchCriteriaId":"210F96C9-B756-434F-8F82-CC7834829F43"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:db2:*:*:*:*:-:*:*:*","versionStartIncluding":"12.1.0","versionEndIncluding":"12.1.4","matchCriteriaId":"3E4312C4-5E1B-44C5-915B-A9E3483506BF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*","matchCriteriaId":"E492C463-D76E-49B7-A4D4-3B499E422D89"},{"vulnerable":false,"criteria":"cpe:2.3:o:ibm:linux_on_ibm_z:-:*:*:*:*:*:*:*","matchCriteriaId":"B955E472-47E3-4C32-847B-F6BB05594BA3"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7273556","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-6936","sourceIdentifier":"psirt@us.ibm.com","published":"2026-05-27T14:17:34.923","lastModified":"2026-05-28T15:46:09.700","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"IBM i 7.6, 7.5, 7.4, and 7.3 s vulnerable to a denial-of-service attack due to uncontrolled recursion in the Integrated Language Environment (ILE) compiler. An authenticated attacker could exploit this vulnerability by compiling specially crafted source code containing a specific combination of statements."}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"psirt@us.ibm.com","type":"Primary","description":[{"lang":"en","value":"CWE-674"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:i:*:*:*:*:*:*:*:*","versionStartIncluding":"7.3","versionEndIncluding":"7.6","matchCriteriaId":"46DEA5F3-B160-471F-8C4C-0E8338EDEDA5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*","matchCriteriaId":"C684FC45-C9BA-4EF0-BD06-BB289450DD21"}]}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7272908","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-6938","sourceIdentifier":"psirt@us.ibm.com","published":"2026-05-27T14:17:35.050","lastModified":"2026-05-28T15:41:42.017","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Db2 12.1.0 through 12.1.4 is vulnerable to authorization bypass when uploading to a remote object storage path with a special query."}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"psirt@us.ibm.com","type":"Primary","description":[{"lang":"en","value":"CWE-285"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:db2:*:*:*:*:-:*:*:*","versionStartIncluding":"12.1.0","versionEndIncluding":"12.1.4","matchCriteriaId":"3E4312C4-5E1B-44C5-915B-A9E3483506BF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*","matchCriteriaId":"E492C463-D76E-49B7-A4D4-3B499E422D89"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}]}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7273559","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-1248","sourceIdentifier":"psirt@us.ibm.com","published":"2026-05-27T15:16:24.920","lastModified":"2026-05-28T17:19:25.883","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Business Automation Workflow containers and traditional may leak information about its database structure in error messages."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-209"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:business_automation_workflow:24.0.0:-:*:*:containers:*:*:*","matchCriteriaId":"EF29B7C7-5024-4A85-ADE5-D94E9002181D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:business_automation_workflow:24.0.0:-:*:*:traditional:*:*:*","matchCriteriaId":"475B8FBB-09BA-4509-B007-2AA407DCA3B5"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:business_automation_workflow:24.0.0:if001:*:*:containers:*:*:*","matchCriteriaId":"8464D4F4-1F9A-479B-B689-C6E90BC3AF45"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:business_automation_workflow:24.0.0:if001:*:*:traditional:*:*:*","matchCriteriaId":"6EDAD1E1-BDB8-4B23-AA83-7678355AB5CF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:business_automation_workflow:24.0.0:if002:*:*:containers:*:*:*","matchCriteriaId":"0FE0DB1D-5728-4075-BE84-48F06E22FDF5"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:business_automation_workflow:24.0.0:if002:*:*:traditional:*:*:*","matchCriteriaId":"5EF56DFD-48DB-4DA1-9056-A980DC7CA697"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:business_automation_workflow:24.0.0:if003:*:*:containers:*:*:*","matchCriteriaId":"A4AB37B4-DF91-4DC7-AFB9-107E5B1B2BF6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:business_automation_workflow:24.0.0:if003:*:*:traditional:*:*:*","matchCriteriaId":"C1711BF6-5F1A-4238-A4D0-C80602B11C49"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:business_automation_workflow:24.0.0:if004:*:*:containers:*:*:*","matchCriteriaId":"79318EB6-001D-4D75-952C-87297C90A0C8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:business_automation_workflow:24.0.0:if004:*:*:traditional:*:*:*","matchCriteriaId":"11C6C4D0-E200-43E3-A779-ED7BBB057032"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:business_automation_workflow:24.0.0:if005:*:*:containers:*:*:*","matchCriteriaId":"38F4B5AC-AC9D-48E7-9EC8-48C086CC62A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:business_automation_workflow:24.0.0:if005:*:*:traditional:*:*:*","matchCriteriaId":"33079C3C-3415-4305-A015-37C46BBB46E4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:business_automation_workflow:24.0.0:if006:*:*:containers:*:*:*","matchCriteriaId":"73BAD8DC-3081-4D07-8E65-7501351DE025"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:business_automation_workflow:24.0.0:if006:*:*:traditional:*:*:*","matchCriteriaId":"784B6E6A-2F7F-488F-A190-FC6CAE7920F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:business_automation_workflow:24.0.0:if007:*:*:containers:*:*:*","matchCriteriaId":"87CBC521-DDDD-4D6B-B82F-3D7260CB7C67"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:business_automation_workflow:24.0.0:if007:*:*:traditional:*:*:*","matchCriteriaId":"DC646C5B-D3F9-4B8E-94F2-44F42A17B0B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:business_automation_workflow:24.0.0:if008:*:*:containers:*:*:*","matchCriteriaId":"7675FC59-E23F-4816-B1EF-DB8E1CEA30DD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:business_automation_workflow:24.0.0:if008:*:*:traditional:*:*:*","matchCriteriaId":"68F2FFA3-761D-4E58-B1E9-CAC651BF620B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:business_automation_workflow:24.0.1:-:*:*:containers:*:*:*","matchCriteriaId":"D5D9EC44-05CE-44FA-AFDE-A4FA326A54F7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:business_automation_workflow:24.0.1:-:*:*:traditional:*:*:*","matchCriteriaId":"DCBC0FB0-E803-4CC3-9CDD-9DA0D91EE08F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:business_automation_workflow:24.0.1:if001:*:*:containers:*:*:*","matchCriteriaId":"AD2EC4AD-EF47-450F-AA73-8BEE3DADEA1A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:business_automation_workflow:24.0.1:if001:*:*:traditional:*:*:*","matchCriteriaId":"E3E71BEB-B904-48F3-8665-466ACC9AC1B2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:business_automation_workflow:24.0.1:if002:*:*:containers:*:*:*","matchCriteriaId":"0CFCCD13-9342-4D3D-BE9C-ABCA4EA27229"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:business_automation_workflow:24.0.1:if002:*:*:traditional:*:*:*","matchCriteriaId":"C345B5B1-B7B2-401D-A554-B7E3F6FF29B8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:business_automation_workflow:24.0.1:if003:*:*:containers:*:*:*","matchCriteriaId":"8F82A13E-F355-4B56-A9ED-9B8D728D95D3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:business_automation_workflow:24.0.1:if003:*:*:traditional:*:*:*","matchCriteriaId":"0BAEF1EF-59E7-4502-B890-5F89EEE81DCB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:business_automation_workflow:24.0.1:if004:*:*:containers:*:*:*","matchCriteriaId":"5797C332-AE9A-40BF-BAA4-7ECDDEAA907C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:business_automation_workflow:24.0.1:if004:*:*:traditional:*:*:*","matchCriteriaId":"AAEC8FDE-1BAE-477C-BF27-F136B877DAAE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:business_automation_workflow:24.0.1:if005:*:*:containers:*:*:*","matchCriteriaId":"D0F5EB0D-CAF6-45BC-967B-472F1C2833D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:business_automation_workflow:24.0.1:if005:*:*:traditional:*:*:*","matchCriteriaId":"E2D1C66F-BAA2-414C-A1F0-651526353081"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:business_automation_workflow:24.0.1:if006:*:*:containers:*:*:*","matchCriteriaId":"63C11C87-A5EF-406D-86A5-13B7CB4BBB82"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:business_automation_workflow:24.0.1:if006:*:*:traditional:*:*:*","matchCriteriaId":"5BEFDA15-7D42-48CF-B89C-E72811A796B7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:business_automation_workflow:25.0.0:-:*:*:containers:*:*:*","matchCriteriaId":"3058E645-44E1-4FF0-9A97-E04324BB8968"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:business_automation_workflow:25.0.0:-:*:*:traditional:*:*:*","matchCriteriaId":"EA15073D-EA2F-479E-B7DC-F6280806410E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:business_automation_workflow:25.0.0:if001:*:*:containers:*:*:*","matchCriteriaId":"0E06ACEC-AC03-41AA-91C7-BA84457847A7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:business_automation_workflow:25.0.0:if001:*:*:traditional:*:*:*","matchCriteriaId":"D3A28BF1-C38A-4600-BFB5-C4EFD40BEA0B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:business_automation_workflow:25.0.0:if002:*:*:containers:*:*:*","matchCriteriaId":"6AD427CB-B553-4ACB-B2A3-1648848D6D09"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:business_automation_workflow:25.0.0:if002:*:*:traditional:*:*:*","matchCriteriaId":"03533F96-66A4-430D-B7A2-C77CE6A65B32"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:business_automation_workflow:25.0.0:if003:*:*:containers:*:*:*","matchCriteriaId":"4528EEFE-9EA6-4103-AC2B-581816A4776C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:business_automation_workflow:25.0.0:if003:*:*:traditional:*:*:*","matchCriteriaId":"DFE51BD6-9AF7-43BE-9EE3-1A16420CBC97"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:business_automation_workflow:25.0.1:-:*:*:containers:*:*:*","matchCriteriaId":"A979D2C3-E177-45A5-A17E-56A595A26A9E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:business_automation_workflow:25.0.1:-:*:*:traditional:*:*:*","matchCriteriaId":"E9C4DCE5-CE75-44EC-8FC7-AB4B18EDDF6A"}]}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7271445","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-37712","sourceIdentifier":"cve@mitre.org","published":"2026-05-27T15:16:26.887","lastModified":"2026-05-28T17:16:20.823","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote attacker to execute arbitrary code via the htdocs/cron/class/cronjob.class.php, call_user_func_array() in function job type"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://bryamzxz.github.io/2026/05/25/dol_eval-five-years/","source":"cve@mitre.org"},{"url":"https://github.com/Dolibarr/dolibarr/security/advisories/GHSA-c2jp-w9cj-6cx4","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-37713","sourceIdentifier":"cve@mitre.org","published":"2026-05-27T15:16:27.007","lastModified":"2026-05-28T17:16:20.993","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote attacker to execute arbitrary code via the htdocs/core/class/commonobject.class.php."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://bryamzxz.github.io/2026/05/25/dol_eval-five-years/","source":"cve@mitre.org"},{"url":"https://github.com/Dolibarr/dolibarr/security/advisories/GHSA-cq92-jp5j-rwvj","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-48544","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-27T15:16:30.880","lastModified":"2026-05-28T17:16:33.287","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Taipy 4.1.1, fixed in commit 129fd40, contains a path traversal vulnerability in the ElementLibrary.get_resource() method in taipy/gui/extension/library.py that allows unauthenticated attackers to escape the intended module directory by exploiting an incomplete path containment check using str.startswith() without a trailing path separator. Attackers can send crafted GET requests with path traversal segments targeting a prefix-matching sibling directory on disk, bypassing the directory containment check because Flask's path converter and Werkzeug's WSGI layer preserve the traversal segments while the resolved path still satisfies the flawed startswith comparison, enabling unauthorized file access outside the intended library directory."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/Avaiga/taipy/commit/129fd407ffca49ee4ab853772c88d0c873e038dd","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Avaiga/taipy/issues/2868","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Avaiga/taipy/pull/2871","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/taipy-path-traversal-via-elementlibrary-get-resource","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Avaiga/taipy/issues/2868","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-48918","sourceIdentifier":"jenkinsci-cert@googlegroups.com","published":"2026-05-27T15:16:31.450","lastModified":"2026-05-28T17:17:38.367","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Jenkins Active Directory Plugin 2.41 and earlier follows LDAP referrals by default."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.7,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:active_directory:*:*:*:*:*:jenkins:*:*","versionEndIncluding":"2.41","matchCriteriaId":"0E4FE001-4279-427E-8483-BAB36DF8B749"}]}]}],"references":[{"url":"https://www.jenkins.io/security/advisory/2026-05-27/#SECURITY-3659","source":"jenkinsci-cert@googlegroups.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-48919","sourceIdentifier":"jenkinsci-cert@googlegroups.com","published":"2026-05-27T15:16:31.547","lastModified":"2026-05-28T17:14:34.727","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Jenkins Active Directory Plugin 2.41 and earlier deserializes data from LDAP referrals without validation."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.7,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:active_directory:*:*:*:*:*:jenkins:*:*","versionEndIncluding":"2.41","matchCriteriaId":"0E4FE001-4279-427E-8483-BAB36DF8B749"}]}]}],"references":[{"url":"https://www.jenkins.io/security/advisory/2026-05-27/#SECURITY-3659","source":"jenkinsci-cert@googlegroups.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-48920","sourceIdentifier":"jenkinsci-cert@googlegroups.com","published":"2026-05-27T15:16:31.647","lastModified":"2026-05-28T17:14:10.830","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Jenkins Email Extension Plugin 1933.v45cec755423f and earlier allows inlining images as `base64` in email content by setting the `data-inline` attribute, without restrictions on the image URLs that can be inlined, allowing attackers able to control the email content to specify `file:` URLs for images to read arbitrary files from the Jenkins controller filesystem."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-73"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:email_extension:*:*:*:*:*:jenkins:*:*","versionEndIncluding":"1925.v1598902b_58dd","matchCriteriaId":"2FFC7C68-7A2D-4A99-A64D-B80A47A94C2C"},{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:email_extension:1933.v45cec755423f:*:*:*:*:jenkins:*:*","matchCriteriaId":"9DC7E152-07EF-4B0B-8615-C57A72300604"}]}]}],"references":[{"url":"https://www.jenkins.io/security/advisory/2026-05-27/#SECURITY-3705","source":"jenkinsci-cert@googlegroups.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-48921","sourceIdentifier":"jenkinsci-cert@googlegroups.com","published":"2026-05-27T15:16:31.747","lastModified":"2026-05-28T17:06:05.897","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Jenkins Pipeline: Groovy Libraries Plugin 797.v90ea_a_9b_e45a_0 and earlier does not prohibit symbolic links in shared libraries, allowing attackers able to control the content of a library used by a Pipeline job to read arbitrary files on the Jenkins controller filesystem."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-59"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:pipeline\\:_groovy_libraries:*:*:*:*:*:*:*:*","versionEndExcluding":"798.v5cc688825312","matchCriteriaId":"CC131ECE-1E37-413D-A25A-5757C22BC2DB"}]}]}],"references":[{"url":"https://www.jenkins.io/security/advisory/2026-05-27/#SECURITY-3727","source":"jenkinsci-cert@googlegroups.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-48922","sourceIdentifier":"jenkinsci-cert@googlegroups.com","published":"2026-05-27T15:16:31.847","lastModified":"2026-05-28T17:01:49.473","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Jenkins Credentials Binding Plugin 720.v3f6decef43ea_ and earlier does not properly sanitize file names for file and zip file credentials, allowing attackers able to provide credentials to a job to write files to arbitrary locations on the node filesystem, which can lead to remote code execution if Jenkins is configured to allow a low-privileged user to configure file or zip file credentials used for a job running on the built-in node."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:credentials_binding:*:*:*:*:*:jenkins:*:*","versionEndExcluding":"725.ve52b_2328a_fde","matchCriteriaId":"38AC44D8-E5B5-45C1-9028-936CF7EAB91E"}]}]}],"references":[{"url":"https://www.jenkins.io/security/advisory/2026-05-27/#SECURITY-3790","source":"jenkinsci-cert@googlegroups.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-48923","sourceIdentifier":"jenkinsci-cert@googlegroups.com","published":"2026-05-27T15:16:31.950","lastModified":"2026-05-28T17:01:11.383","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Jenkins AppSpider Plugin 1.0.17 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to connect to an attacker-specified URL."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:appspider:*:*:*:*:*:jenkins:*:*","versionEndExcluding":"1.0.18","matchCriteriaId":"01A1AF01-FCE8-4095-AA28-68D517A23FCE"}]}]}],"references":[{"url":"https://www.jenkins.io/security/advisory/2026-05-27/#SECURITY-3671","source":"jenkinsci-cert@googlegroups.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-48924","sourceIdentifier":"jenkinsci-cert@googlegroups.com","published":"2026-05-27T15:16:32.067","lastModified":"2026-05-28T16:59:48.520","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Jenkins Bitbucket OAuth Plugin 0.17 and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-601"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:bitbucket_oauth:*:*:*:*:*:jenkins:*:*","versionEndIncluding":"0.17","matchCriteriaId":"21F85FB9-7950-4A58-9144-B0B12DCF8BAA"}]}]}],"references":[{"url":"https://www.jenkins.io/security/advisory/2026-05-27/#SECURITY-3761","source":"jenkinsci-cert@googlegroups.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-48925","sourceIdentifier":"jenkinsci-cert@googlegroups.com","published":"2026-05-27T15:16:32.190","lastModified":"2026-05-28T16:57:40.600","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A cross-site request forgery (CSRF) vulnerability in Jenkins GitHub Integration Plugin 0.7.3 and earlier allows attackers to attackers to trigger a build for a pull request."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:kostyasha:github_integration:*:*:*:*:*:jenkins:*:*","versionEndExcluding":"0.7.4","matchCriteriaId":"B1C29933-BC04-4FCF-B772-1A0FBAE7D5EC"}]}]}],"references":[{"url":"https://www.jenkins.io/security/advisory/2026-05-27/#SECURITY-3776","source":"jenkinsci-cert@googlegroups.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-48927","sourceIdentifier":"jenkinsci-cert@googlegroups.com","published":"2026-05-27T15:16:32.410","lastModified":"2026-05-28T16:52:13.477","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Jenkins buildgraph-view Plugin 1.8 and earlier does not escape the build URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs or views."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.1,"impactScore":3.4}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:buildgraph-view:*:*:*:*:*:jenkins:*:*","versionEndIncluding":"1.8","matchCriteriaId":"21789F52-410B-4B4F-B24E-EDD206495F75"}]}]}],"references":[{"url":"https://www.jenkins.io/security/advisory/2026-05-27/#SECURITY-3486","source":"jenkinsci-cert@googlegroups.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-9674","sourceIdentifier":"jenkinsci-cert@googlegroups.com","published":"2026-05-27T15:16:36.080","lastModified":"2026-05-28T16:51:11.540","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A cross-site request forgery (CSRF) vulnerability in Jenkins Multijob Plugin 662.vd2e0001f6b_b_d and earlier allows attackers to resume failed Multijob builds."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:multijob:*:*:*:*:*:jenkins:*:*","versionEndExcluding":"669.v9d96a_d9c71b_0","matchCriteriaId":"6961F6C3-CC96-4DD0-A102-D443352340DD"}]}]}],"references":[{"url":"https://www.jenkins.io/security/advisory/2026-05-27/#SECURITY-3781","source":"jenkinsci-cert@googlegroups.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-68712","sourceIdentifier":"cve@mitre.org","published":"2026-05-27T17:16:29.063","lastModified":"2026-05-28T17:16:19.543","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"SpSoft AppLock (com.sp.protector.free) 7.9.40 for Android allows a local attacker with physical access to bypass fingerprint or PIN authentication. Although the app integrates Android's biometric mechanisms, the lock is implemented with a custom overlay that fails to consistently enforce authentication. By navigating cascading interface flows - insecure navigation through exposed routes facilitates app control evasion {I.N.T.E.R.F.A.C.E] via advertisement or browser intents - an attacker can exit the lock interface without re-authentication and access protected apps (e.g., Chrome). This results in information disclosure and privilege escalation."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-285"},{"lang":"en","value":"CWE-287"}]}],"references":[{"url":"https://github.com/actuator/com.sp.protector.free","source":"cve@mitre.org"},{"url":"https://github.com/actuator/com.sp.protector.free/blob/main/CVE-2025-68712","source":"cve@mitre.org"},{"url":"https://play.google.com/store/apps/details?id=com.sp.protector.free","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-38930","sourceIdentifier":"cve@mitre.org","published":"2026-05-27T17:16:33.370","lastModified":"2026-05-28T17:16:21.653","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"OpenRapid RapidCMS v1.3.1 was discovered to contain an authentication bypass in the /template/default/menu.php component. This vulnerability is exploited via injecting a crafted SQL payload into the name cookie parameter."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"http://openrapid.com","source":"cve@mitre.org"},{"url":"http://rapidcms.com","source":"cve@mitre.org"},{"url":"https://moworn.github.io/post/cve-2026-38930/","source":"cve@mitre.org"},{"url":"https://moworn.github.io/post/cve-2026-38930/","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-42082","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T17:16:35.180","lastModified":"2026-05-28T19:22:15.390","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the AMF in Free5GC does not enforce the concurrent security procedure rules defined in 3GPP TS 33.501 §6.9.5.1. The AMF does not check for ongoing N2 handover procedures before initiating a NAS Security Mode Command, and vice versa. This can lead to mismatches between NAS and AS security contexts in the network and the UE. This vulnerability is fixed in 4.2.2."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L","baseScore":3.7,"baseSeverity":"LOW","attackVector":"ADJACENT_NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.2,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":2.5}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-358"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:free5gc:free5gc:*:*:*:*:*:*:*:*","versionEndExcluding":"4.2.2","matchCriteriaId":"EF7EBB95-EB4E-44C5-BF0A-9C99B0A7775F"}]}]}],"references":[{"url":"https://github.com/free5gc/free5gc/security/advisories/GHSA-vrrx-58h3-prmh","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/free5gc/free5gc/security/advisories/GHSA-vrrx-58h3-prmh","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-42083","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T17:16:35.327","lastModified":"2026-05-28T18:40:59.220","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, PCF Npcf_SMPolicyControl missing authentication middleware allows unauthenticated access to SM policy handlers and disclosure of subscriber SUPI. In NewServer(), the smPolicyGroup route group is created and routes are applied without attaching the router authorization middleware. In contrast, other PCF service groups such as Npcf_PolicyAuthorization do attach RouterAuthorizationCheck before route registration. Because the middleware is missing, requests to the  /npcf-smpolicycontrol/v1/sm-policies, /npcf-smpolicycontrol/v1/sm-policies/{smPolicyId}, /npcf-smpolicycontrol/v1/sm-policies/{smPolicyId}/update, and /npcf-smpolicycontrol/v1/sm-policies/{smPolicyId}/delete endpoints can reach business logic even when no valid OAuth token is provided. This vulnerability is fixed in 4.2.2."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:free5gc:free5gc:*:*:*:*:*:*:*:*","versionEndExcluding":"4.2.2","matchCriteriaId":"EF7EBB95-EB4E-44C5-BF0A-9C99B0A7775F"}]}]}],"references":[{"url":"https://github.com/free5gc/free5gc/issues/844","source":"security-advisories@github.com","tags":["Exploit","Issue Tracking"]},{"url":"https://github.com/free5gc/free5gc/security/advisories/GHSA-6rgm-gr97-x3j5","source":"security-advisories@github.com","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://github.com/free5gc/pcf/commit/8c4d457cdf58bb239ee30e88c56b370b22073964","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/free5gc/pcf/pull/63","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/free5gc/free5gc/issues/844","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Issue Tracking"]},{"url":"https://github.com/free5gc/free5gc/security/advisories/GHSA-6rgm-gr97-x3j5","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Issue Tracking","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-42459","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T17:16:35.593","lastModified":"2026-05-28T18:35:51.610","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the free5GC UDM component fails to validate the supi path parameter in six GET handlers of the nudm-sdm (Subscriber Data Management) service. An unauthenticated attacker can inject control characters into the SUPI parameter, causing UDM to forward a malformed request to UDR and return a 500 Internal Server Error response that exposes internal infrastructure details. This vulnerability is fixed in 4.2.2."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-209"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:free5gc:free5gc:*:*:*:*:*:*:*:*","versionEndExcluding":"4.2.2","matchCriteriaId":"EF7EBB95-EB4E-44C5-BF0A-9C99B0A7775F"}]}]}],"references":[{"url":"https://github.com/free5gc/free5gc/security/advisories/GHSA-585v-hcgf-jhfr","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://github.com/free5gc/free5gc/security/advisories/GHSA-585v-hcgf-jhfr","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44315","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T17:16:36.430","lastModified":"2026-05-28T18:34:15.023","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the 3gpp-pfd-management API without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can create, read, and delete PFD-management transaction state with a forged or arbitrary bearer token (e.g. Authorization: Bearer not-a-real-token). The route group is also reachable even when the running config's ServiceList does not declare it, so operators who think they disabled the service via config are still exposed. This vulnerability is fixed in 4.2.2."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H","baseScore":9.4,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.5}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:free5gc:free5gc:*:*:*:*:*:*:*:*","versionEndExcluding":"4.2.2","matchCriteriaId":"EF7EBB95-EB4E-44C5-BF0A-9C99B0A7775F"}]}]}],"references":[{"url":"https://github.com/free5gc/free5gc/issues/858","source":"security-advisories@github.com","tags":["Exploit","Issue Tracking"]},{"url":"https://github.com/free5gc/free5gc/security/advisories/GHSA-5f62-53r8-qrqf","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/free5gc/nef/pull/23","source":"security-advisories@github.com","tags":["Issue Tracking"]},{"url":"https://github.com/free5gc/free5gc/security/advisories/GHSA-5f62-53r8-qrqf","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44316","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T17:16:36.570","lastModified":"2026-05-28T18:31:42.003","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's PCF POST /npcf-smpolicycontrol/v1/sm-policies handler (HandleCreateSmPolicyRequest) panics with a nil-pointer dereference when a downstream OpenAPI consumer call (UDR lookup) returns 404 Not Found and the consumer wrapper returns err != nil together with a nil response struct. The handler logs the OpenAPI error and continues executing instead of returning, then dereferences the nil response struct on a subsequent line and panics. Gin recovery converts the panic into HTTP 500, so a single attacker-shaped POST returns 500 instead of a clean 4xx whenever the downstream lookup fails. The PCF process keeps running. The trigger is a single POST containing input that causes the downstream UDR lookup to fail (e.g. an unknown DNN). In 4.2.1 this endpoint is also reachable WITHOUT an Authorization header because the PCF Npcf_SMPolicyControl route group is mounted without inbound auth middleware. This vulnerability is fixed in 4.2.2."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-476"},{"lang":"en","value":"CWE-754"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:free5gc:free5gc:*:*:*:*:*:*:*:*","versionEndExcluding":"4.2.2","matchCriteriaId":"EF7EBB95-EB4E-44C5-BF0A-9C99B0A7775F"}]}]}],"references":[{"url":"https://github.com/free5gc/free5gc/issues/803","source":"security-advisories@github.com","tags":["Exploit","Issue Tracking"]},{"url":"https://github.com/free5gc/free5gc/security/advisories/GHSA-wr8j-6chw-gm6p","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/free5gc/pcf/commit/df535f5524314620715e842baf9723efbeb481a7","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/free5gc/pcf/pull/62","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/free5gc/free5gc/issues/803","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Issue Tracking"]}]}},{"cve":{"id":"CVE-2026-44317","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T17:16:36.723","lastModified":"2026-05-28T18:30:58.097","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's PCF POST /npcf-policyauthorization/v1/app-sessions handler panics on a single authenticated request whose ascReqData.suppFeat == \"1\" (enabling traffic-routing feature negotiation) and whose medComponents entries supply an afAppId but NO AfRoutReq. The create path then calls provisioningOfTrafficRoutingInfo(smPolicy, appID, routeReq, ...) with routeReq == nil and dereferences routeReq.RouteToLocs (and other fields) without a nil check, causing runtime error: invalid memory address or nil pointer dereference. Gin recovery converts the panic into HTTP 500. This vulnerability is fixed in 4.2.2."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-476"},{"lang":"en","value":"CWE-754"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:free5gc:free5gc:*:*:*:*:*:*:*:*","versionEndExcluding":"4.2.2","matchCriteriaId":"EF7EBB95-EB4E-44C5-BF0A-9C99B0A7775F"}]}]}],"references":[{"url":"https://github.com/free5gc/free5gc/issues/879","source":"security-advisories@github.com","tags":["Exploit","Issue Tracking"]},{"url":"https://github.com/free5gc/free5gc/security/advisories/GHSA-wwqh-7jm5-gj7w","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/free5gc/pcf/commit/508d70b8527a6c8c923179dad450ea01e16b6aeb","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/free5gc/pcf/pull/65","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/free5gc/free5gc/security/advisories/GHSA-wwqh-7jm5-gj7w","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44318","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T17:16:36.887","lastModified":"2026-05-28T18:24:58.980","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's BSF PUT /nbsf-management/v1/subscriptions/{subId} handler has an unsynchronized write on the global Subscriptions map. The handler first reads the map under RLock() via BSFContext.GetSubscription(subId), but if the subscription does not exist, ReplaceIndividualSubcription() writes back to the same map directly without taking the mutex (bsfContext.BsfSelf.Subscriptions[subId] = subscription). Under concurrent authenticated PUT load, one goroutine can read while another writes the map, which causes the Go runtime to abort the process with fatal error: concurrent map read and map write (Go runtime panics that come from concurrent map access bypass recover() and terminate the process). The BSF container exits with code 2 -- the entire BSF SBI surface goes down until restart. This vulnerability is fixed in 4.2.2."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-362"},{"lang":"en","value":"CWE-820"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:free5gc:free5gc:*:*:*:*:*:*:*:*","versionEndExcluding":"4.2.2","matchCriteriaId":"EF7EBB95-EB4E-44C5-BF0A-9C99B0A7775F"}]}]}],"references":[{"url":"https://github.com/free5gc/bsf/commit/277908565fd628d974a13ef562b81a8b7b519ffa","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/free5gc/bsf/pull/7","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/free5gc/free5gc/issues/926","source":"security-advisories@github.com","tags":["Exploit","Issue Tracking"]},{"url":"https://github.com/free5gc/free5gc/security/advisories/GHSA-27ph-8q4f-h7m7","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/free5gc/free5gc/issues/926","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Issue Tracking"]},{"url":"https://github.com/free5gc/free5gc/security/advisories/GHSA-27ph-8q4f-h7m7","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44319","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T17:16:37.033","lastModified":"2026-05-28T17:50:05.633","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF terminates the entire process when a stored PFD-subscription notifyUri cannot be reached. In PfdChangeNotifier.FlushNotifications(), the notifier calls NnefPFDmanagementNotify(...) and on any delivery error invokes logger.PFDManageLog.Fatal(err), which is os.Exit(1)-equivalent in Go. An attacker who can create a PFD subscription with an attacker-chosen notifyUri and then trigger a PFD change can deterministically kill NEF on the asynchronous delivery attempt -- the process exits with status 1, dropping NEF's entire SBI surface until restart. This vulnerability is fixed in 4.2.2."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-617"},{"lang":"en","value":"CWE-755"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:free5gc:free5gc:*:*:*:*:*:*:*:*","versionEndExcluding":"4.2.2","matchCriteriaId":"EF7EBB95-EB4E-44C5-BF0A-9C99B0A7775F"}]}]}],"references":[{"url":"https://github.com/free5gc/free5gc/issues/924","source":"security-advisories@github.com","tags":["Exploit","Issue Tracking"]},{"url":"https://github.com/free5gc/free5gc/security/advisories/GHSA-rxrq-fv76-26pr","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/free5gc/nef/commit/f110517b1189801950b50668a593398687049074","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/free5gc/nef/pull/25","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/free5gc/free5gc/issues/924","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Issue Tracking"]},{"url":"https://github.com/free5gc/free5gc/security/advisories/GHSA-rxrq-fv76-26pr","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44320","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T17:16:37.177","lastModified":"2026-05-28T18:23:47.650","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-callback route group without inbound OAuth2/bearer-token authorization. A forged or arbitrary bearer token (e.g. Authorization: Bearer not-a-real-token) is enough to reach the SMF-callback handler -- the callback body is parsed and dispatched into NEF business logic instead of being rejected at the auth boundary. Same root cause as the other NEF SBI findings: the route group is mounted without any inbound auth middleware. NEF does not authenticate the producer NF identity before processing callback content; if an attacker can guess or obtain a valid NotifId, this missing auth boundary lets forged callbacks act on real subscription state. The route group is also reachable even when the runtime ServiceList does not declare it (it lists only nnef-pfdmanagement and nnef-oam). This vulnerability is fixed in 4.2.2."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-306"},{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:free5gc:free5gc:*:*:*:*:*:*:*:*","versionEndExcluding":"4.2.2","matchCriteriaId":"EF7EBB95-EB4E-44C5-BF0A-9C99B0A7775F"}]}]}],"references":[{"url":"https://github.com/free5gc/free5gc/issues/860","source":"security-advisories@github.com","tags":["Exploit","Issue Tracking"]},{"url":"https://github.com/free5gc/free5gc/security/advisories/GHSA-wqfh-gq79-j8mf","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/free5gc/nef/pull/24","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/free5gc/free5gc/security/advisories/GHSA-wqfh-gq79-j8mf","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44321","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T17:16:37.330","lastModified":"2026-05-28T18:01:21.610","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without inbound OAuth2 middleware. The POST /upi/v1/upNodesLinks create-or-update handler accepts attacker-controlled JSON and passes it directly into UpNodesFromConfiguration(), which calls logger.InitLog.Fatalf(...) on several validation failures. One confirmed path is the UE-IP-pool overlap check: a single unauthenticated POST that adds a new UPF whose pool overlaps an existing UPF terminates the entire SMF process (docker ps shows Exited (1)), not just the goroutine. This vulnerability is fixed in 4.2.2."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-306"},{"lang":"en","value":"CWE-617"},{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:free5gc:free5gc:*:*:*:*:*:*:*:*","versionEndExcluding":"4.2.2","matchCriteriaId":"EF7EBB95-EB4E-44C5-BF0A-9C99B0A7775F"}]}]}],"references":[{"url":"https://github.com/free5gc/free5gc/issues/906","source":"security-advisories@github.com","tags":["Exploit","Issue Tracking"]},{"url":"https://github.com/free5gc/free5gc/security/advisories/GHSA-44qj-cghf-9p97","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/free5gc/smf/commit/e0974e07ddab44a67d36a563cca383b2449e33e5","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/free5gc/smf/pull/203","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/free5gc/free5gc/security/advisories/GHSA-44qj-cghf-9p97","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44322","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T17:16:37.480","lastModified":"2026-05-28T17:37:55.680","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF PATCH /3gpp-pfd-management/v1/{afId}/transactions/{transId}/applications/{appId} handler panics with a nil-pointer dereference when the upstream UDR call fails AND the consumer wrapper returns err != nil together with a nil *ProblemDetails. The handler's errPfdData != nil branch builds its own problemDetailsErr correctly, but immediately after it reads problemDetails.Cause (the OTHER value, which is nil in this branch) and panics. Gin recovery converts the panic into HTTP 500, so a single PATCH against this endpoint returns 500 instead of the intended controlled error response whenever UDR access is failing. This vulnerability is fixed in 4.2.2."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-476"},{"lang":"en","value":"CWE-754"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:free5gc:free5gc:*:*:*:*:*:*:*:*","versionEndExcluding":"4.2.2","matchCriteriaId":"EF7EBB95-EB4E-44C5-BF0A-9C99B0A7775F"}]}]}],"references":[{"url":"https://github.com/free5gc/free5gc/issues/925","source":"security-advisories@github.com","tags":["Exploit","Issue Tracking"]},{"url":"https://github.com/free5gc/free5gc/security/advisories/GHSA-j59f-x285-69jx","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/free5gc/nef/commit/72a47f3fab4dffbd227f8d92c5f69dca93b610cb","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/free5gc/nef/pull/22","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/free5gc/free5gc/security/advisories/GHSA-j59f-x285-69jx","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44323","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T17:16:37.627","lastModified":"2026-05-28T17:02:32.040","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's UDR nudr-dr DELETE /subscription-data/{ueId}/{servingPlmnId}/ee-subscriptions/{subsId}/amf-subscriptions handler contains a nil-pointer dereference reachable from a single authenticated request, after one preparatory authenticated EE-subscription create. The handler checks _, ok = UESubsData.EeSubscriptionCollection[subsId] and sets a 404 problem-details on the miss path, but then continues to UESubsData.EeSubscriptionCollection[subsId].AmfSubscriptionInfos -- dereferencing the same missing entry instead of returning. Gin recovery converts the panic into HTTP 500, but the endpoint remains repeatedly panicable. This vulnerability is fixed in 4.2.2."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:free5gc:free5gc:*:*:*:*:*:*:*:*","versionEndExcluding":"4.2.2","matchCriteriaId":"EF7EBB95-EB4E-44C5-BF0A-9C99B0A7775F"}]}]}],"references":[{"url":"https://github.com/free5gc/free5gc/issues/919","source":"security-advisories@github.com","tags":["Exploit","Issue Tracking"]},{"url":"https://github.com/free5gc/free5gc/security/advisories/GHSA-4rqf-grm6-vf75","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/free5gc/udr/commit/8a1d3c63be99d378806d771f086ff32f1867da99","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/free5gc/udr/pull/60","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]}]}},{"cve":{"id":"CVE-2026-44324","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T17:16:37.767","lastModified":"2026-05-28T16:52:20.007","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's UDR nudr-dr DELETE /subscription-data/{ueId}/{servingPlmnId}/ee-subscriptions/{subsId}/amf-subscriptions handler panics on a single authenticated request against a fresh UDR instance when the supplied ueId does not exist in UESubsCollection. The processor checks value, ok := udrSelf.UESubsCollection.Load(ueId) and sets a 404 USER_NOT_FOUND problem-details on the miss path, but execution continues and immediately runs value.(*udr_context.UESubsData) -- a Go type assertion on a nil interface, which panics with interface conversion: interface {} is nil, not *context.UESubsData. Gin recovery converts the panic into HTTP 500, but the endpoint remains repeatedly panicable. This vulnerability is fixed in 4.2.2."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-704"},{"lang":"en","value":"CWE-754"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:free5gc:free5gc:*:*:*:*:*:*:*:*","versionEndExcluding":"4.2.2","matchCriteriaId":"EF7EBB95-EB4E-44C5-BF0A-9C99B0A7775F"}]}]}],"references":[{"url":"https://github.com/free5gc/free5gc/issues/920","source":"security-advisories@github.com","tags":["Exploit","Issue Tracking"]},{"url":"https://github.com/free5gc/free5gc/security/advisories/GHSA-jqfc-gwj5-3w63","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/free5gc/udr/commit/8a1d3c63be99d378806d771f086ff32f1867da99","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/free5gc/udr/pull/60","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/free5gc/free5gc/issues/920","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Issue Tracking"]},{"url":"https://github.com/free5gc/free5gc/security/advisories/GHSA-jqfc-gwj5-3w63","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44325","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T17:16:37.910","lastModified":"2026-05-28T16:51:24.287","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NRF root SBI endpoint POST /oauth2/token contains a parser-level type-confusion bug family. The handler in NFs/nrf/internal/sbi/api_accesstoken.go reflects over models.NrfAccessTokenAccessTokenReq, special-cases only plain string and NrfNfManagementNfType fields, and treats every other field as if it were a single models.PlmnId. The parsed *models.PlmnId is then assigned with reflect.Value.Set() to whichever field name the attacker put in the form body, which panics whenever the destination field's real type is incompatible (slice, different struct, primitive). Gin recovery converts each panic into HTTP 500, but the endpoint remains remotely panicable from a single unauthenticated form-encoded request and is repeatedly triggerable. This vulnerability is fixed in 4.2.2."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-755"},{"lang":"en","value":"CWE-843"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:free5gc:free5gc:*:*:*:*:*:*:*:*","versionEndExcluding":"4.2.2","matchCriteriaId":"EF7EBB95-EB4E-44C5-BF0A-9C99B0A7775F"}]}]}],"references":[{"url":"https://github.com/free5gc/free5gc/issues/918","source":"security-advisories@github.com","tags":["Exploit","Issue Tracking"]},{"url":"https://github.com/free5gc/free5gc/security/advisories/GHSA-f8qv-7x5w-qr48","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/free5gc/nrf/commit/f7bc77daa7425506af7569f2e61c2a210f5a0423","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/free5gc/nrf/pull/83","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/free5gc/free5gc/security/advisories/GHSA-f8qv-7x5w-qr48","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44326","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T17:16:38.053","lastModified":"2026-05-28T16:25:38.687","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the 3gpp-traffic-influence API without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can create, read, patch, and delete traffic-influence subscriptions either with no Authorization header at all, or with a forged bearer token (e.g. Authorization: Bearer not-a-real-token). This includes creating AnyUeInd=true subscriptions intended to affect group / any-UE traffic steering. The route group is also reachable even when the running config's ServiceList does not declare it, so operators who think they disabled the service via config are still exposed. This vulnerability is fixed in 4.2.2."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H","baseScore":9.4,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.5}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:free5gc:free5gc:*:*:*:*:*:*:*:*","versionEndExcluding":"4.2.2","matchCriteriaId":"EF7EBB95-EB4E-44C5-BF0A-9C99B0A7775F"}]}]}],"references":[{"url":"https://github.com/free5gc/free5gc/issues/859","source":"security-advisories@github.com","tags":["Exploit","Issue Tracking"]},{"url":"https://github.com/free5gc/free5gc/security/advisories/GHSA-3p28-73q7-45xp","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/free5gc/nef/pull/23","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/free5gc/free5gc/security/advisories/GHSA-3p28-73q7-45xp","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44327","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T17:16:38.203","lastModified":"2026-05-28T16:24:54.260","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-oam route group without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can hit the OAM route with no Authorization header at all and the handler returns 200 OK. The current OAM handler is a stub that returns null, but the structural defect is route-group-scoped: the entire OAM route group has no inbound auth middleware, so every future OAM operation added to this group inherits the missing auth boundary by default. This vulnerability is fixed in 4.2.2."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-306"},{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:free5gc:free5gc:*:*:*:*:*:*:*:*","versionEndExcluding":"4.2.2","matchCriteriaId":"EF7EBB95-EB4E-44C5-BF0A-9C99B0A7775F"}]}]}],"references":[{"url":"https://github.com/free5gc/free5gc/issues/861","source":"security-advisories@github.com","tags":["Exploit","Issue Tracking"]},{"url":"https://github.com/free5gc/free5gc/security/advisories/GHSA-cmpj-2x3g-m7g3","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/free5gc/nef/pull/23","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/free5gc/free5gc/security/advisories/GHSA-cmpj-2x3g-m7g3","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44328","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T17:16:38.347","lastModified":"2026-05-28T16:24:05.127","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without inbound OAuth2 middleware. On top of that, the DELETE /upi/v1/upNodesLinks/{upNodeRef} handler unconditionally dereferences upNode.UPF after the type-guarded async release, even though AN-typed nodes are constructed without a UPF object. As a result, a single unauthenticated DELETE /upi/v1/upNodesLinks/gNB1 request crashes the handler with a nil-pointer panic AND mutates the in-memory user-plane topology before panicking (the UpNodeDelete(upNodeRef) line runs first). This is an unauthenticated, state-mutating panic-DoS sink that an off-path network attacker can trigger by name against any AN entry. This vulnerability is fixed in 4.2.2."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":4.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-306"},{"lang":"en","value":"CWE-476"},{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:free5gc:free5gc:*:*:*:*:*:*:*:*","versionEndExcluding":"4.2.2","matchCriteriaId":"EF7EBB95-EB4E-44C5-BF0A-9C99B0A7775F"}]}]}],"references":[{"url":"https://github.com/free5gc/free5gc/issues/905","source":"security-advisories@github.com","tags":["Exploit","Issue Tracking"]},{"url":"https://github.com/free5gc/free5gc/security/advisories/GHSA-p9mg-74mg-cwwr","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/free5gc/smf/commit/b57bc48081c3d3a2f333d02eb78e4fd31a120deb","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/free5gc/smf/pull/199","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/free5gc/free5gc/issues/905","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Issue Tracking"]},{"url":"https://github.com/free5gc/free5gc/security/advisories/GHSA-p9mg-74mg-cwwr","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44329","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T17:16:38.490","lastModified":"2026-05-28T16:23:13.567","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without OAuth2/bearer-token authorization middleware. A network attacker who can reach SMF on the SBI can hit UPI endpoints with no Authorization header at all, and the requests reach the SMF business handlers. In the running Docker lab this was directly demonstrated for read (GET /upi/v1/upNodesLinks), write (POST /upi/v1/upNodesLinks with attacker-controlled UP-node and link payload), and delete (DELETE /upi/v1/upNodesLinks/{nodeID}) operations. This vulnerability is fixed in 4.2.2."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-306"},{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:free5gc:free5gc:*:*:*:*:*:*:*:*","versionEndExcluding":"4.2.2","matchCriteriaId":"EF7EBB95-EB4E-44C5-BF0A-9C99B0A7775F"}]}]}],"references":[{"url":"https://github.com/free5gc/free5gc/issues/887","source":"security-advisories@github.com","tags":["Exploit","Issue Tracking"]},{"url":"https://github.com/free5gc/free5gc/security/advisories/GHSA-3258-qmv8-frp3","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/free5gc/smf/commit/e23ce97565f285eb99eed153743c62bf4c767c6e","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/free5gc/smf/pull/197","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/free5gc/free5gc/issues/887","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Issue Tracking"]},{"url":"https://github.com/free5gc/free5gc/security/advisories/GHSA-3258-qmv8-frp3","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44330","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T17:16:38.713","lastModified":"2026-05-28T13:06:07.270","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-pfdmanagement route group without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can use a forged or arbitrary bearer token (e.g. Authorization: Bearer not-a-real-token) to read PFD application data via GET /applications and GET /applications/{appID}, and to create or delete PFD change-notification subscriptions via POST /subscriptions and DELETE /subscriptions/{subID}. Same root cause as the other NEF SBI findings: the route group is mounted without any inbound auth middleware. Unlike the OAM and traffic-influence groups, nnef-pfdmanagement IS declared in the runtime ServiceList, so this is the production-intended path that operators expect to be protected by OAuth2 setting receive from NRF: true -- and it is not. This vulnerability is fixed in 4.2.2."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:free5gc:free5gc:*:*:*:*:*:*:*:*","versionEndExcluding":"4.2.2","matchCriteriaId":"EF7EBB95-EB4E-44C5-BF0A-9C99B0A7775F"}]}]}],"references":[{"url":"https://github.com/free5gc/free5gc/security/advisories/GHSA-rwww-x45w-p52w","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/free5gc/free5gc/security/advisories/GHSA-rwww-x45w-p52w","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-45335","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T17:16:40.373","lastModified":"2026-05-28T16:16:26.203","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"WeGIA is a web manager for charitable institutions. Prior to 3.7.3, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarTodos and nomeClasse=InternoControle. The application fails to validate or restrict the nextPage parameter, allowing attackers to redirect users to arbitrary external websites. This can be abused for phishing attacks, credential theft, malware distribution, and social engineering using the trusted WeGIA domain. This vulnerability is fixed in 3.7.3."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-601"}]}],"references":[{"url":"https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-x85f-76c9-qw3x","source":"security-advisories@github.com"},{"url":"https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-x85f-76c9-qw3x","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2025-69600","sourceIdentifier":"cve@mitre.org","published":"2026-05-27T18:16:21.780","lastModified":"2026-05-28T16:16:20.520","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"Command injection in Raynet rvia 12.6.4392.49-amd64.deb allows adversaries to execute commands via getconfig, and upload through the URL argument, and oracle through the -o flag The Supplier's perspective is that this is caused by Argument Injection in the find command query in rvia 12.6.4392.49. This in an arbitrary code execution flaw caused by an incorrectly constructed find command. The application actively searches for a Java executable by using search criteria that is not properly terminated or sanitized. By constructing a crafted directory path that satisfies the malformed search criteria, an attacker can trick the application into executing arbitrary Java code. This differs from standard PATH manipulation because it stems from the application's internal search logic. Specifically, a local attacker can create a crafted directory structure and path that satisfies an improperly terminated find query used by the application to locate a Java runtime."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-77"}]}],"references":[{"url":"https://github.com/Wise-Security/CVE-2025-69600","source":"cve@mitre.org"},{"url":"https://support.raynet.de/hc/en-us/articles/19518792826132-RVY200865-RayVentory-12-6","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-38807","sourceIdentifier":"cve@mitre.org","published":"2026-05-27T18:16:22.227","lastModified":"2026-05-28T16:16:22.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Insecure Permissions vulnerability in kvf-admin v1.0.0 allows a remote attacker to escalate privileges via the UserController.java component"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://github.com/cagexunxi/CVE/issues/1","source":"cve@mitre.org"},{"url":"https://github.com/cagexunxi/CVE/issues/1","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-38808","sourceIdentifier":"cve@mitre.org","published":"2026-05-27T18:16:22.333","lastModified":"2026-05-28T16:16:22.197","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"SQL Injection vulnerability in uzy-ssm-mall v1.1.0 allows a remote attacker to obtain sensitive information via the ProductMapper.xml and /OrderUtil.java components"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://github.com/cagexunxi/CVE/issues/3","source":"cve@mitre.org"},{"url":"https://github.com/cagexunxi/CVE/issues/3","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-44460","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T18:16:23.707","lastModified":"2026-05-28T16:16:24.433","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. Prior to 3.12.0, /api/totp_setup.php is callable from a session that has only passed the password check (state pending_login_user). When the target account already has TOTP configured, the endpoint decrypts and returns the user's existing TOTP secret inside the QR PNG instead of refusing or generating a new secret. An attacker who already possesses the victim's password can therefore retrieve the live TOTP secret, derive a valid one-time code, submit it to /api/totp_verify.php, and obtain a fully authenticated session without ever possessing the victim's authenticator device. This vulnerability is fixed in 3.12.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":5.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"},{"lang":"en","value":"CWE-287"},{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://github.com/error311/FileRise/security/advisories/GHSA-84hw-8g73-v3f8","source":"security-advisories@github.com"},{"url":"https://github.com/error311/FileRise/security/advisories/GHSA-84hw-8g73-v3f8","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-45061","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T18:16:24.293","lastModified":"2026-05-28T16:16:26.010","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Budibase is an open-source low-code platform. Prior to 3.35.10, the Plugin URL upload endpoint (POST /api/plugin) validates the submitted URL with a single substring check: url.includes(\".tar.gz\"). Any URL containing .tar.gz anywhere in the string — in the path, query string, or fragment — passes this check. The URL then proceeds directly to fetchWithBlacklist() with no further validation of host, scheme, or path. Standalone, this vulnerability is blocked by Budibase's default SSRF blacklist, which covers private IP ranges. But the URL validation layer itself is broken regardless, and it directly enables SSRF in two realistic situations: (1) when chained with the BLACKLIST_IPS bypass ([001]), where the blacklist is empty; and (2) when the plugin server follows HTTP redirects from an external URL to an internal target (the default node-fetch behavior with redirect: 'follow'). This vulnerability is fixed in 3.35.10."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.0}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/Budibase/budibase/security/advisories/GHSA-xh5j-727m-w6gg","source":"security-advisories@github.com"},{"url":"https://github.com/Budibase/budibase/security/advisories/GHSA-xh5j-727m-w6gg","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-45087","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T18:16:24.567","lastModified":"2026-05-28T14:16:21.997","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is started in REST API server mode (dalfox server), the server binds to 0.0.0.0:6664 by default and requires no API key unless the operator explicitly passes --api-key. Because model.Options — including FoundAction and FoundActionShell — is deserialized directly from attacker-supplied JSON in POST /scan, and because dalfox.Initialize explicitly propagates those two fields into the final scan options without stripping them, any unauthenticated caller who can reach the server port can supply an arbitrary shell command that the dalfox process will execute on the host whenever a scan finding is triggered. This vulnerability is fixed in 2.13.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-15"},{"lang":"en","value":"CWE-78"},{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://github.com/hahwul/dalfox/releases/tag/v2.13.0","source":"security-advisories@github.com"},{"url":"https://github.com/hahwul/dalfox/security/advisories/GHSA-v25v-m36w-jp4h","source":"security-advisories@github.com"},{"url":"https://github.com/hahwul/dalfox/security/advisories/GHSA-v25v-m36w-jp4h","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-45090","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T18:16:25.003","lastModified":"2026-05-28T16:16:26.107","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, ParameterAnalysis in pkg/scanning/parameterAnalysis.go runs two sequential worker stages that both write to the same results channel. The channel is correctly closed after the first stage completes (close(results) at line 438), but the second stage — which processes POST-body parameters (dp) — is then launched with the same already-closed channel as its output. When a scanned parameter is reflected, processParams executes results <- paramResult on the closed channel, triggering a Go runtime panic that crashes the entire dalfox process. In server mode, the crash is remotely triggerable by any unauthenticated caller who can reach the REST API, because the default configuration has no API key and the second stage activates whenever options.Data != \"\" (i.e., the attacker supplies the data field) and the target reflects at least one parameter. This vulnerability is fixed in 2.13.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-362"},{"lang":"en","value":"CWE-404"}]}],"references":[{"url":"https://github.com/hahwul/dalfox/releases/tag/v2.13.0","source":"security-advisories@github.com"},{"url":"https://github.com/hahwul/dalfox/security/advisories/GHSA-2g4x-fq3j-cgq4","source":"security-advisories@github.com"},{"url":"https://github.com/hahwul/dalfox/security/advisories/GHSA-2g4x-fq3j-cgq4","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-45715","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T18:16:25.340","lastModified":"2026-05-28T14:16:22.477","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Budibase is an open-source low-code platform. Prior to 3.38.1, the REST datasource integration (packages/server/src/integrations/rest.ts) follows HTTP redirects without re-checking the IP blacklist, allowing an authenticated Builder to access internal services (cloud metadata, databases) by redirecting through an attacker-controlled server.  This vulnerability is fixed in 3.38.1."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.0}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/Budibase/budibase/releases/tag/3.38.1","source":"security-advisories@github.com"},{"url":"https://github.com/Budibase/budibase/security/advisories/GHSA-fgqv-jh4g-pvg2","source":"security-advisories@github.com"},{"url":"https://github.com/Budibase/budibase/security/advisories/GHSA-fgqv-jh4g-pvg2","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-45718","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T18:16:25.873","lastModified":"2026-05-28T16:16:26.407","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Budibase is an open-source low-code platform. Prior to 3.38.1, the row action trigger endpoint (POST /api/tables/:sourceId/actions/:actionId/trigger) fails to validate that the user-supplied rowId is within the scope of the view's row filters. A user with access to a filtered view can trigger row actions on any row in the underlying table, including rows explicitly excluded by the view's security filters. This vulnerability is fixed in 3.38.1."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/Budibase/budibase/releases/tag/3.38.1","source":"security-advisories@github.com"},{"url":"https://github.com/Budibase/budibase/security/advisories/GHSA-3263-v5v9-xq8q","source":"security-advisories@github.com"},{"url":"https://github.com/Budibase/budibase/security/advisories/GHSA-3263-v5v9-xq8q","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-46424","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T18:16:26.150","lastModified":"2026-05-28T16:16:27.593","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Budibase is an open-source low-code platform. Prior to 3.38.2, the public API role unassignment endpoint (POST /api/public/v1/roles/unassign) updates user documents in CouchDB but does not invalidate the corresponding Redis user cache entries. Because the authentication middleware resolves user identity and permissions from this cache (TTL: 3600 seconds), a user whose admin, builder, or app-level roles have been revoked via the public API retains those privileges for up to 1 hour. This vulnerability is fixed in 3.38.2."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":4.2,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":2.5}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"references":[{"url":"https://github.com/Budibase/budibase/releases/tag/3.38.2","source":"security-advisories@github.com"},{"url":"https://github.com/Budibase/budibase/security/advisories/GHSA-6vp2-6r7m-2jvx","source":"security-advisories@github.com"},{"url":"https://github.com/Budibase/budibase/security/advisories/GHSA-6vp2-6r7m-2jvx","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-46425","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T18:16:26.330","lastModified":"2026-05-28T20:16:25.030","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Budibase is an open-source low-code platform. Prior to 3.38.2, packages/worker/src/api/routes/global/scim.ts attaches only two middlewares to the SCIM router: requireSCIM (checks the Enterprise feature flag and SCIM config) and doInScimContext (sets the SCIM request context). There is no role check. Any authenticated user who reaches the worker (BASIC role, workspace-scoped builder, anyone) can call SCIM endpoints and CRUD every user and group in the tenant. This vulnerability is fixed in 3.38.2."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/Budibase/budibase/releases/tag/3.38.2","source":"security-advisories@github.com"},{"url":"https://github.com/Budibase/budibase/security/advisories/GHSA-q9rw-q89f-jx2f","source":"security-advisories@github.com"},{"url":"https://github.com/Budibase/budibase/security/advisories/GHSA-q9rw-q89f-jx2f","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-46427","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T18:16:26.600","lastModified":"2026-05-28T16:16:27.707","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Budibase is an open-source low-code platform. Prior to 3.38.3, removeSecrets at packages/server/src/sdk/workspace/datasources/datasources.ts masks only datasource config fields whose schema type is DatasourceFieldType.PASSWORD. The Snowflake integration types its privateKey field as SENSITIVE_LONGFORM, which the filter skips. GET /api/datasources/:datasourceId lives on authorizedRoutes guarded by PermissionType.TABLE + PermissionLevel.READ. An authenticated BASIC user with any app role and call the endpoint and receive the full Snowflake PEM in plaintext. This vulnerability is fixed in 3.38.3."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.0}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://github.com/Budibase/budibase/security/advisories/GHSA-qv26-4hvj-m7fv","source":"security-advisories@github.com"},{"url":"https://github.com/Budibase/budibase/security/advisories/GHSA-qv26-4hvj-m7fv","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-48146","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T18:16:26.933","lastModified":"2026-05-28T16:16:28.600","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Budibase is an open-source low-code platform. Prior to 3.39.0, the OAuth2 token fetch function in packages/server/src/sdk/workspace/oauth2/utils.ts uses raw fetch(config.url) with no SSRF protection. The safe wrapper fetchWithBlacklist() exists in the same codebase and is used in every other outbound HTTP call (automation steps, plugin downloads, object store), but was not applied to the OAuth2 token endpoint. A user with BUILDER role can point the OAuth2 token URL to internal services (CouchDB, cloud metadata) to exfiltrate sensitive data. This vulnerability is fixed in 3.39.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.0}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/Budibase/budibase/security/advisories/GHSA-g6qx-g4pr-92v7","source":"security-advisories@github.com"},{"url":"https://github.com/Budibase/budibase/security/advisories/GHSA-g6qx-g4pr-92v7","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-48149","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T18:16:27.333","lastModified":"2026-05-28T16:16:28.697","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Budibase is an open-source low-code platform. Prior to 3.39.0, the Budibase Text component renders markdown by assigning marked.parse(markdown) straight to innerHTML with no sanitizer (packages/bbui/src/Markdown/MarkdownViewer.svelte:22). Any column a builder binds to a Text component in Markdown mode is a stored-XSS sink writable by every BASIC app user with WRITE on the underlying table. This vulnerability is fixed in 3.39.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/Budibase/budibase/security/advisories/GHSA-57p7-9h9w-xqpw","source":"security-advisories@github.com"},{"url":"https://github.com/Budibase/budibase/security/advisories/GHSA-57p7-9h9w-xqpw","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-48151","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T18:16:27.593","lastModified":"2026-05-28T16:16:28.793","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Budibase is an open-source low-code platform. Prior to 3.39.0, the webhook schema-building endpoint is registered under builderRoutes, but the generic authorization middleware skips authorization for all paths matching /api/webhooks/schema. As a result, an unauthenticated caller can update the body schema for a known webhook and mutate the corresponding automation trigger output schema. This vulnerability is fixed in 3.39.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/Budibase/budibase/security/advisories/GHSA-qhv3-wjg8-6fx6","source":"security-advisories@github.com"},{"url":"https://github.com/Budibase/budibase/security/advisories/GHSA-qhv3-wjg8-6fx6","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-42878","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T19:16:17.763","lastModified":"2026-05-28T16:16:23.067","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"FacturaScripts is an open source accounting and invoicing software. Prior to v2026, an unauthenticated information disclosure vulnerability in the Installer controller allows any remote attacker to trigger phpinfo() on a fresh FacturaScripts deployment by requesting /?phpinfo=TRUE, exposing full PHP configuration, server environment variables (including any database credentials, API keys, or application secrets set as env vars), filesystem paths, and loaded extensions without being authenticated. This vulnerability is fixed in v2026."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://github.com/NeoRazorX/facturascripts/security/advisories/GHSA-vrxf-vrc4-22p7","source":"security-advisories@github.com"},{"url":"https://github.com/NeoRazorX/facturascripts/security/advisories/GHSA-vrxf-vrc4-22p7","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-44635","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T19:16:20.947","lastModified":"2026-05-28T14:16:20.450","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"Kysely is a type-safe TypeScript SQL query builder. From 0.26.0 to 0.28.16, DefaultQueryCompiler.visitJSONPathLeg does not escape JSON-path metacharacters (., [, ], *, **, ?). When attacker-controlled input flows into eb.ref(col, '->$').key(input) or .at(input) — including type-safe code where the JSON column is shaped like Record<string, T> so K extends string is the inferred type — every dot becomes a path-leg separator, letting an attacker traverse from the intended key into sibling and child fields the developer never meant to expose. The result is read access (and, in update statements, write access) to JSON sub-fields outside the intended scope across MySQL, PostgreSQL ->$/->>$, and SQLite. This vulnerability is fixed in 0.28.17."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-89"},{"lang":"en","value":"CWE-915"},{"lang":"en","value":"CWE-1284"}]}],"references":[{"url":"https://github.com/kysely-org/kysely/security/advisories/GHSA-pv5w-4p9q-p3v2","source":"security-advisories@github.com"},{"url":"https://github.com/kysely-org/kysely/security/advisories/GHSA-pv5w-4p9q-p3v2","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-33552","sourceIdentifier":"cve@mitre.org","published":"2026-05-27T20:16:35.947","lastModified":"2026-05-28T14:16:18.523","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"Northern.tech Mender Enterprise Server before 4.1.1 has Incorrect Access Control."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"references":[{"url":"https://Northern.tech","source":"cve@mitre.org"},{"url":"https://mender.io/blog/cve-2026-49009-cve-2026-33552-input-sanitization-and-access-control-issues-in-mender-server","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-47161","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T20:16:39.420","lastModified":"2026-05-28T14:16:22.800","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"RELATE is a web-based courseware package. Prior to commit d66ba5659b459bf1ba56b7109b5f9ecf197cbefb, RELATE LMS configures its Celery workers to accept and deserialize untrusted 'pickle' data. An attacker who can reach the message broker can execute arbitrary commands on the host server. Combined with missing network isolation in the code execution sandbox, this allows an authenticated student to achieve full Remote Code Execution (RCE) on the host system. Commit d66ba5659b459bf1ba56b7109b5f9ecf197cbefb fixes the issue."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://github.com/inducer/relate/commit/d66ba5659b459bf1ba56b7109b5f9ecf197cbefb","source":"security-advisories@github.com"},{"url":"https://github.com/inducer/relate/security/advisories/GHSA-4mwh-mwv4-m252","source":"security-advisories@github.com"},{"url":"https://github.com/inducer/relate/security/advisories/GHSA-4mwh-mwv4-m252","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-47271","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T20:16:39.580","lastModified":"2026-05-28T13:57:25.390","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, src/mem.c implemented out-of-memory guards for xmalloc(), xrealloc(), and xstrdup() using assert(data != NULL). The C standard specifies that all assert() expressions are compiled out when NDEBUG is defined at build time. NDEBUG is commonly defined in release and packaging builds (Debian, Fedora, Arch package flags all define it via -DNDEBUG in CFLAGS). With the guard removed, xmalloc/xrealloc/xstrdup silently return NULL on allocation failure. Every caller in the codebase dereferences the return value without a NULL check -- this is the intended design, as the guard was supposed to abort before the dereference. With the guard gone, any allocation failure causes a NULL pointer dereference, crashing the PAM module. A crash in a PAM module loaded by sudo or login causes authentication to fail for the duration of the crash, creating a local denial-of-service condition. An attacker who can induce memory pressure at authentication time can lock all users out of sudo and login. This vulnerability is fixed in 0.9.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.4,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"references":[{"url":"https://github.com/mcdope/pam_usb/commit/d003e551b794a9e3774ff4720830fb7aadaa48bd","source":"security-advisories@github.com"},{"url":"https://github.com/mcdope/pam_usb/security/advisories/GHSA-7rvx-jcc6-7hqq","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-47272","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T20:16:39.747","lastModified":"2026-05-28T13:57:25.390","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, the pusb_pad_compare() function in src/pad.c only verified that the user-side pad (~/.pamusb/device.pad) could be read, but did not enforce that the system-side pad (the pad file on the USB device) was also present and readable. If the user-side pad was deleted or unreadable, the function returned a failure that was treated as non-fatal in certain code paths, allowing authentication to succeed without the USB device being verified. A local user can delete their own ~/.pamusb/device.pad to remove the USB device requirement and authenticate without the physical device. This vulnerability is fixed in 0.9.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":5.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-287"},{"lang":"en","value":"CWE-908"}]}],"references":[{"url":"https://github.com/mcdope/pam_usb/security/advisories/GHSA-vx6f-rrqr-j87c","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-47273","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T20:16:39.880","lastModified":"2026-05-28T13:57:25.390","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, pam_usb builds XPath expressions from user-supplied identifiers (PAM username, service name) and device-supplied identifiers (USB device serial, model, vendor) to query /etc/pamusb.conf. These identifiers were not validated for XPath metacharacters, allowing injection of arbitrary XPath predicates. This vulnerability is fixed in 0.9.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":4.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-91"}]}],"references":[{"url":"https://github.com/mcdope/pam_usb/commit/721fed08a3596cb5b4671ad702f8fdc12dcc7420","source":"security-advisories@github.com"},{"url":"https://github.com/mcdope/pam_usb/pull/311","source":"security-advisories@github.com"},{"url":"https://github.com/mcdope/pam_usb/security/advisories/GHSA-vfj3-5h5v-6g93","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-47274","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T20:16:40.013","lastModified":"2026-05-28T13:57:25.390","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, multiple pam_usb helper tools resolved external binaries through the PATH environment variable rather than using absolute paths. An attacker who can influence the process environment during PAM authentication or tool execution could substitute malicious binaries. The affected tools are pamusb-check (src/tmux.c), pamusb-conf (tools/pamusb-conf), and pamusb-keyring-unlock-gnome (tools/pamusb-keyring-unlock-gnome). This vulnerability is fixed in 0.9.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.0,"impactScore":5.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-427"}]}],"references":[{"url":"https://github.com/mcdope/pam_usb/commit/1ee8745920388df48d001a8e61ba629071557937","source":"security-advisories@github.com"},{"url":"https://github.com/mcdope/pam_usb/commit/52a1fd6413b7ffcc1a5b58ce432be42e7bf0dbd0","source":"security-advisories@github.com"},{"url":"https://github.com/mcdope/pam_usb/commit/993e73d8bebb1d8e62677388de3402b6ec36b600","source":"security-advisories@github.com"},{"url":"https://github.com/mcdope/pam_usb/security/advisories/GHSA-pp29-w28g-r9h9","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-48064","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T20:16:40.230","lastModified":"2026-05-28T13:57:25.390","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, when a PAM service is configured with deny_remote=false in pam_usb (commonly done for display managers such as gdm-password or lightdm to bypass process/TTY heuristics for local sessions), the PAM_RHOST check in pusb_do_auth() is also skipped. PAM_RHOST is set by remote daemons (sshd, XDMCP servers) to identify the remote client address. Because the check is gated inside if (opts.deny_remote), a genuine remote XDMCP connection reaches the USB device authentication step instead of being rejected. This vulnerability is fixed in 0.9.1."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/mcdope/pam_usb/issues/348","source":"security-advisories@github.com"},{"url":"https://github.com/mcdope/pam_usb/security/advisories/GHSA-w38v-cw9r-x9p6","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-48065","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T20:16:40.380","lastModified":"2026-05-28T13:57:25.390","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/conf.c allocates heap memory proportional to n_devices, a count derived from libxml2 XPath evaluation of the config file, without first enforcing an upper bound. On 32-bit targets (armv7l, i686 -- both listed in the project Makefile), the multiplication n_devices * sizeof(t_pusb_device) wraps around size_t, causing xmalloc() to receive a very small size. Because xmalloc() only calls abort() on NULL return, a small-but-non-NULL allocation is accepted, and subsequent array writes overflow the heap. This vulnerability is fixed in 0.9.1."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.8,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-122"},{"lang":"en","value":"CWE-190"}]}],"references":[{"url":"https://github.com/mcdope/pam_usb/issues/352","source":"security-advisories@github.com"},{"url":"https://github.com/mcdope/pam_usb/issues/55","source":"security-advisories@github.com"},{"url":"https://github.com/mcdope/pam_usb/security/advisories/GHSA-24mw-m2vf-36vp","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-48066","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T20:16:40.543","lastModified":"2026-05-28T13:57:25.390","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/log.c contains a process-wide static pointer that is written on every PAM invocation with the address of a stack-local variable. This violates the PAM re-entrancy requirement and creates a data race when the PAM stack is invoked concurrently from multiple threads. This vulnerability is fixed in 0.9.1."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H","baseScore":5.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":1.4,"impactScore":4.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-362"},{"lang":"en","value":"CWE-476"}]}],"references":[{"url":"https://github.com/mcdope/pam_usb/issues/350","source":"security-advisories@github.com"},{"url":"https://github.com/mcdope/pam_usb/issues/55","source":"security-advisories@github.com"},{"url":"https://github.com/mcdope/pam_usb/security/advisories/GHSA-qg76-57wq-mpv6","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-48792","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T20:16:41.077","lastModified":"2026-05-28T13:57:25.390","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/evdev.c silently ignores EACCES errors when opening /dev/input/event* nodes, causing pusb_has_virtual_input_device() to return 0 (no virtual devices found) even when every open() call failed due to insufficient permissions. The caller in src/local.c cannot distinguish a clean absence of virtual devices from a permission-denied scan, and acts on the false negative by continuing authentication without denying. This vulnerability is fixed in 0.9.1."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":2.5}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-390"},{"lang":"en","value":"CWE-693"}]}],"references":[{"url":"https://github.com/mcdope/pam_usb/issues/351","source":"security-advisories@github.com"},{"url":"https://github.com/mcdope/pam_usb/issues/55","source":"security-advisories@github.com"},{"url":"https://github.com/mcdope/pam_usb/security/advisories/GHSA-pvrg-chgw-x42c","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-49009","sourceIdentifier":"cve@mitre.org","published":"2026-05-27T20:16:41.930","lastModified":"2026-05-28T14:16:24.107","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"Northern.tech Mender Server v4.1.0, v4.0.1 and below, and fixed in v4.1.1 and v4.0.2 allows Directory Traversal."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":3.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":1.4}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://mender.io/blog/cve-2026-49009-cve-2026-33552-input-sanitization-and-access-control-issues-in-mender-server","source":"cve@mitre.org"},{"url":"https://northern.tech","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-44709","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T21:16:17.807","lastModified":"2026-05-28T13:57:25.390","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, pamusb-pinentry reads the PINENTRY_FALLBACK_APP environment variable and executes it directly without any validation. Any process that can set environment variables before pamusb-pinentry is invoked can point PINENTRY_FALLBACK_APP at an arbitrary binary or script and have it executed with the privileges of the pam_usb tool chain. This vulnerability is fixed in 0.8.7."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://github.com/mcdope/pam_usb/security/advisories/GHSA-jxrj-q67x-wr4c","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-44710","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T21:16:17.947","lastModified":"2026-05-28T13:57:25.390","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, src/device.c passed the return values of udisks_drive_get_serial(), udisks_drive_get_vendor(), and udisks_drive_get_model() directly to strcmp() without NULL checks. The GIO/UDisks API documentation states these accessors can return NULL for devices that do not expose the corresponding field. Passing NULL to strcmp() is undefined behaviour (typically a SIGSEGV). This vulnerability is fixed in 0.8.7."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":0.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"references":[{"url":"https://github.com/mcdope/pam_usb/security/advisories/GHSA-j8cq-2gv6-gfwf","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-44711","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T21:16:18.073","lastModified":"2026-05-28T14:16:21.263","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, symlink attacks on pad directory and pad files enable authentication bypass and root file corruption. This vulnerability is fixed in 0.8.7."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H","baseScore":7.9,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.5,"impactScore":5.8}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-59"},{"lang":"en","value":"CWE-287"}]}],"references":[{"url":"https://github.com/mcdope/pam_usb/security/advisories/GHSA-fjpm-p9pj-mp34","source":"security-advisories@github.com"},{"url":"https://github.com/uniget-org/cli/security/advisories/GHSA-qqq4-5773-pmw5","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-44712","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T21:16:18.213","lastModified":"2026-05-28T13:57:25.390","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, a crafted UUID such as $(id>/tmp/rce) in the config causes root RCE when pamusb-conf --reset-pads is run. A USB device with a crafted filesystem UUID (some controllers allow this) can inject the payload at --add-device time. Also, userName from the XML config is passed to os.system() in pamusb-agent, which invokes a shell. This vulnerability is fixed in 0.8.7."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.5,"impactScore":6.0}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-78"},{"lang":"en","value":"CWE-88"}]}],"references":[{"url":"https://github.com/mcdope/pam_usb/security/advisories/GHSA-jgv5-w6rm-7wxg","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-44713","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T21:16:18.363","lastModified":"2026-05-28T13:57:25.390","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, src/tmux.c reads the user's $TMUX environment variable, splits it on commas, and interpolates the socket-path component directly into a shell command passed to popen(). Because the value is placed inside double-quotes without sanitisation, any value containing \" terminates the quoted string and injects arbitrary shell syntax. popen() runs as root inside the PAM stack. This vulnerability is fixed in 0.8.7."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.0,"impactScore":6.0}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-78"},{"lang":"en","value":"CWE-116"}]}],"references":[{"url":"https://github.com/mcdope/pam_usb/security/advisories/GHSA-822m-whrh-vrj8","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-47269","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T21:16:18.810","lastModified":"2026-05-28T13:57:25.390","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0,  pam_usb's deny_remote feature checks utmpx ut_addr_v6 to detect whether an authentication request originates from a remote session. The outer guard was if (utent->ut_addr_v6[0] != 0), which only tests the first 32-bit word of the 128-bit address field. IPv4-mapped IPv6 addresses (::ffff:x.x.x.x) store the IPv4 address in ut_addr_v6[3] with ut_addr_v6[0] == 0. On systems where the SSH daemon listens on :: (IPv6 wildcard) with AddressFamily any -- common on Ubuntu and Debian -- incoming IPv4 connections are recorded in utmpx as IPv4-mapped IPv6 addresses. The outer check evaluates to false, the remote-detection block is skipped entirely, and the session is treated as local. deny_remote=true does not block the authentication. An attacker with physical access to a registered USB device can authenticate over SSH on an affected system as if they were sitting at a local terminal, bypassing the deny_remote restriction. This vulnerability is fixed in 0.9.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":5.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://github.com/mcdope/pam_usb/commit/804fe24eae3d742d8be05fd015e36abc3c7d94e5","source":"security-advisories@github.com"},{"url":"https://github.com/mcdope/pam_usb/security/advisories/GHSA-jmmj-qhrq-w45g","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-47270","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T21:16:18.950","lastModified":"2026-05-28T13:57:25.390","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, pam_usb is a PAM module loaded into the host process (sudo, login, GDM, GNOME Shell). Display managers such as GDM run multiple concurrent authentication threads. Three functions used by the deny_remote feature called the non-reentrant strtok(), which stores state in a single global pointer. If two authentications race, one thread's strtok() call can overwrite the other's in-progress tokenisation pointer, causing incorrect parsing of the tmux session data or the /proc environ scan that backs the remote-session detection logic. Additionally, pusb_tmux_get_client_tty() passed the raw pointer returned by getenv(TMUX) directly to strtok(). getenv() returns a pointer into the live process environment block; strtok() inserts NUL bytes into that block, permanently corrupting the TMUX variable for subsequent code running in the same process. In long-lived display managers this affects all future authentications in that process. The combined effect can cause deny_remote=true to return an incorrect decision for a remote session, or an incorrect decision for a local session, depending on thread interleaving. This vulnerability is fixed in 0.9.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.0,"impactScore":5.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-362"}]}],"references":[{"url":"https://github.com/mcdope/pam_usb/commit/94f1640a61d49dfaf38e782680a52f01d5bf8b51","source":"security-advisories@github.com"},{"url":"https://github.com/mcdope/pam_usb/commit/d003e551b794a9e3774ff4720830fb7aadaa48bd","source":"security-advisories@github.com"},{"url":"https://github.com/mcdope/pam_usb/security/advisories/GHSA-j3xw-vc43-x7jg","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-45152","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T22:16:36.963","lastModified":"2026-05-28T14:16:22.270","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"uniget is a universal installer and updater for (container) tools. Prior to 0.27.1, a command injection vulnerability exists in uniget due to unsafe execution of the check field from metadata files using /bin/bash -c. Because the check field is loaded directly from untrusted JSON metadata without validation or sanitization, an attacker can craft malicious metadata that executes arbitrary shell commands on the victim’s system when common uniget operations such as describe, install, update, or inspect are performed. This vulnerability can lead to arbitrary code execution with the privileges of the user running uniget. This vulnerability is fixed in 0.27.1."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://github.com/uniget-org/cli/security/advisories/GHSA-qqq4-5773-pmw5","source":"security-advisories@github.com"},{"url":"https://github.com/uniget-org/cli/security/advisories/GHSA-qqq4-5773-pmw5","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-9208","sourceIdentifier":"3938794e-25f5-4123-a1ba-5cbd7f104512","published":"2026-05-27T22:16:37.097","lastModified":"2026-05-29T02:47:03.023","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Tanium addressed an unauthorized code execution vulnerability in Connect."}],"metrics":{"cvssMetricV31":[{"source":"3938794e-25f5-4123-a1ba-5cbd7f104512","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"3938794e-25f5-4123-a1ba-5cbd7f104512","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://security.tanium.com/TAN-2026-015","source":"3938794e-25f5-4123-a1ba-5cbd7f104512"}]}},{"cve":{"id":"CVE-2026-45322","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T23:16:47.313","lastModified":"2026-05-28T18:56:36.823","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Microsoft UFO open-source framework for intelligent automation across devices and platforms. Microsoft UFO tagged releases up to and including v3.0.0 contain an OS command injection vulnerability in the shell action replay path. In affected releases, ShellReceiver.run_shell() passes a command string from action parameters directly to subprocess.Popen() with shell=True and executable=powershell.exe. The same shell-execution behavior is also reachable through ShellReceiver.execute_command(). The shell receiver is invoked by action classes such as RunShellCommand.execute() and ExecuteCommand.execute(), which forward stored action parameters to the shell receiver. Because UFO stores planned and executed actions in per-session JSON records, an attacker who can write or modify a session/action JSON file can plant a shell action. When the session is resumed or replayed, UFO executes the attacker's command as the UFO process user."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://github.com/microsoft/UFO/security/advisories/GHSA-wj72-7w8h-695f","source":"security-advisories@github.com"},{"url":"https://github.com/microsoft/UFO/security/advisories/GHSA-wj72-7w8h-695f","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-46414","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T23:16:47.833","lastModified":"2026-05-28T18:56:36.823","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's WebSocket control plane trusts client-supplied identity and role fields in task messages. A client connection can register as a normal device, but later send a TASK message claiming client_type=\"constellation\" and target_id=<victim-device-id>. The server trusts the role and target values from the wire message rather than enforcing the role registered for that WebSocket connection. As a result, any authenticated WebSocket client with the shared server token can spoof the higher-privilege constellation role and dispatch attacker-controlled tasks to another connected device. The same client registry also allows duplicate client_id registration, overwriting an existing live client's stored websocket, role, and task protocol. This is an authenticated WebSocket role/identity spoofing issue leading to peer task hijacking."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-290"},{"lang":"en","value":"CWE-639"},{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/microsoft/UFO/security/advisories/GHSA-qgx6-cvhg-jw7p","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-46416","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T23:16:47.973","lastModified":"2026-05-28T18:56:36.823","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO creates one shared UFOWebSocketHandler instance and reuses it for multiple authenticated WebSocket connections. The handler stores per-connection protocol objects in mutable instance fields. Each new WebSocket connection overwrites those fields. Later, message handlers send responses through the shared fields instead of through protocol objects bound to the originating connection. As a result, the most recently connected authenticated client can receive protocol responses that belong to another authenticated client."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"},{"lang":"en","value":"CWE-488"}]}],"references":[{"url":"https://github.com/microsoft/UFO/security/advisories/GHSA-cwwh-p9rv-4pj4","source":"security-advisories@github.com"},{"url":"https://github.com/microsoft/UFO/security/advisories/GHSA-cwwh-p9rv-4pj4","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-46538","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T23:16:48.107","lastModified":"2026-05-28T18:56:36.823","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's constellation client tracks pending task responses by session_id only and does not verify that a TASK_END message came from the device that originally received the task. When the constellation sends a task to a target device, it records a pending Future under a session key. The pending task record stores the expected device ID, but the completion path ignores that binding. If another authenticated peer device sends a forged TASK_END with the same session_id, the constellation accepts the response and completes the victim device's pending Future with attacker-controlled result data. This is an authenticated cross-device task-result injection issue."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":1.6,"impactScore":4.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-294"},{"lang":"en","value":"CWE-345"}]}],"references":[{"url":"https://github.com/microsoft/UFO/security/advisories/GHSA-wmq2-74rj-7pjc","source":"security-advisories@github.com"},{"url":"https://github.com/microsoft/UFO/security/advisories/GHSA-wmq2-74rj-7pjc","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-46544","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T23:16:48.247","lastModified":"2026-05-28T18:56:36.823","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO accepts client-supplied session_id values in WebSocket task messages and reuses an existing in-memory session object if that session_id already exists. If a prior session has completed and remains in memory with populated results, a different authenticated client can send a new TASK message using the same session_id. The server re-enters the existing session object and sends the stale stored result to the new requester through the normal send_task_end() callback path. This is an authenticated cross-client stale result replay issue. The issue requires that the attacker knows or can predict a live or recently completed session_id."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://github.com/microsoft/UFO/security/advisories/GHSA-29gc-vqjp-7fqf","source":"security-advisories@github.com"},{"url":"https://github.com/microsoft/UFO/security/advisories/GHSA-29gc-vqjp-7fqf","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-4888","sourceIdentifier":"security@wordfence.com","published":"2026-05-28T00:16:43.797","lastModified":"2026-05-28T13:45:25.260","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the send_test_email() function in all versions up to, and including, 3.4.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to send test emails to arbitrary addresses from the server."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/everest-forms/tags/3.4.4/includes/class-evf-ajax.php#L1174","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8bced7df-3e1a-4d7b-9ad0-64be5e18900f?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-8915","sourceIdentifier":"PSIRT@samsung.com","published":"2026-05-28T00:16:43.950","lastModified":"2026-05-28T13:44:54.327","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers.\n\nThis issue affects Escargot: 36f5fb58366a67b713c02f6fd985e924fcc09e31."}],"metrics":{"cvssMetricV31":[{"source":"PSIRT@samsung.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"PSIRT@samsung.com","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"references":[{"url":"https://github.com/Samsung/escargot/pull/1579","source":"PSIRT@samsung.com"}]}},{"cve":{"id":"CVE-2026-9789","sourceIdentifier":"8fc372e3-d9c5-46e4-9410-38469745c639","published":"2026-05-28T03:16:44.200","lastModified":"2026-05-28T17:58:14.497","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A Local Privilege Escalation (LPE) vulnerability affects Acer NitroSense software versions prior to 3.01.3052. The vulnerability stems from the the PSAdminAgent service, which creates a Named Pipe with a weak Access Control List (ACL). This allows any authenticated local user to connect and send commands. Because the service does not check the caller's privileges before running file deletion commands, a low-privileged local user can exploit this to delete arbitrary files with system authority."}],"metrics":{"cvssMetricV40":[{"source":"8fc372e3-d9c5-46e4-9410-38469745c639","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"8fc372e3-d9c5-46e4-9410-38469745c639","type":"Secondary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-269"},{"lang":"en","value":"CWE-284"},{"lang":"en","value":"CWE-732"}]}],"references":[{"url":"https://community.acer.com/en/kb/articles/19670","source":"8fc372e3-d9c5-46e4-9410-38469745c639"}]}},{"cve":{"id":"CVE-2026-2374","sourceIdentifier":"security@wordfence.com","published":"2026-05-28T05:16:34.290","lastModified":"2026-05-28T13:45:25.260","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Login No Captcha reCAPTCHA plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `$_SERVER['PHP_SELF']` superglobal in all versions up to, and including, 1.8.0. This is due to the `authenticate()` function storing the unsanitized output of `basename($_SERVER['PHP_SELF'])` in the `login_nocaptcha_error` WordPress option when a login attempt is made from a non-standard login page (e.g., xmlrpc.php). The `admin_notices()` function then echoes this stored value directly into the admin dashboard HTML without escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute when an administrator with a whitelisted IP address visits the WordPress dashboard within 30 seconds of the attack."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.7}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/login-recaptcha/tags/1.7.3/login-nocaptcha.php#L281","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/login-recaptcha/tags/1.7.3/login-nocaptcha.php#L377","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/login-recaptcha/trunk/login-nocaptcha.php#L281","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/login-recaptcha/trunk/login-nocaptcha.php#L377","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3549342%40login-recaptcha&new=3549342%40login-recaptcha&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://wordpress.org/plugins/login-recaptcha/","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/99dfce3b-2b47-41bf-8b20-b53fb9f061a7?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-5737","sourceIdentifier":"security@wordfence.com","published":"2026-05-28T05:16:38.100","lastModified":"2026-05-28T13:45:25.260","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Independent Analytics plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.14.9. This is due to a public tracking route at /wp-json/iawp/search that accepts attacker-controlled referrer_url values when the signature matches, combined with a scheduled favicon fetcher that performs unrestricted cURL requests to stored domains. The signature validation is insufficient because the signature is embedded in publicly-accessible JavaScript and the salt is static per site, allowing attackers to extract valid signatures. The favicon downloader uses raw cURL functions without any SSRF protection mechanisms (no localhost blocking, no private network filtering, and does not use WordPress's wp_safe_remote_* functions). This makes it possible for unauthenticated attackers to inject malicious referrer domains into the database and trigger server-side requests to arbitrary hosts including internal services."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/independent-analytics/tags/2.14.4/IAWP/Favicon/FaviconDownloader.php#L57","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/independent-analytics/tags/2.14.4/IAWP/FetchFaviconsJob.php#L27","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/independent-analytics/tags/2.14.4/IAWP/REST_API.php#L409","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/independent-analytics/tags/2.14.4/IAWP/Views/View.php#L252","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/independent-analytics/trunk/IAWP/Favicon/FaviconDownloader.php#L57","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/independent-analytics/trunk/IAWP/FetchFaviconsJob.php#L27","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/independent-analytics/trunk/IAWP/REST_API.php#L409","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/independent-analytics/trunk/IAWP/Views/View.php#L252","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3537814%40independent-analytics&new=3537814%40independent-analytics&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/06ecc40c-6a63-4354-9f49-1925896622f5?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-7802","sourceIdentifier":"security@wordfence.com","published":"2026-05-28T05:16:38.493","lastModified":"2026-05-28T13:45:25.260","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.29.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to overwrite an administrator's user_pass, user_email, first_name, last_name, and other profile fields by supplying an arbitrary ?user_id= value, enabling full administrator account takeover via direct password replacement or email-redirect password reset. Exploitation requires the targeted Edit-User form to have its 'Roles' configuration setting left empty; when a non-empty roles list is configured, load_data() sets the user ID to 'none' for users whose roles fall outside the allowed list, preventing administrators from being targeted through that form."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/acf-frontend-form-element/tags/3.28.36/main/frontend/forms/actions/user.php#L565","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/acf-frontend-form-element/tags/3.28.36/main/frontend/forms/actions/user.php#L636","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/acf-frontend-form-element/tags/3.28.36/main/frontend/forms/classes/submit.php#L110","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/acf-frontend-form-element/tags/3.28.36/main/frontend/forms/classes/submit.php#L392","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/acf-frontend-form-element/tags/3.29.1/main/frontend/forms/actions/user.php#L565","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/acf-frontend-form-element/tags/3.29.1/main/frontend/forms/actions/user.php#L636","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/acf-frontend-form-element/tags/3.29.1/main/frontend/forms/classes/submit.php#L110","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/acf-frontend-form-element/tags/3.29.1/main/frontend/forms/classes/submit.php#L392","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/acf-frontend-form-element/trunk/main/frontend/forms/actions/user.php#L565","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/acf-frontend-form-element/trunk/main/frontend/forms/actions/user.php#L636","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/acf-frontend-form-element/trunk/main/frontend/forms/classes/submit.php#L110","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/acf-frontend-form-element/trunk/main/frontend/forms/classes/submit.php#L392","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3525193%40acf-frontend-form-element&new=3525193%40acf-frontend-form-element&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/cd091bd5-6b6a-4964-9249-525bbbec702c?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-9228","sourceIdentifier":"security@wordfence.com","published":"2026-05-28T05:16:39.447","lastModified":"2026-05-28T13:45:25.260","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.16 via the action_get_event_data due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with contributor-level access and above, to enumerate timeslot IDs and read the full WP_Post object — including post_content, post_excerpt, post_status, and post_author — of draft, pending, and private mp-event posts belonging to other users, along with their associated raw timeslot descriptions."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/mp-timetable/tags/2.4.16/classes/class-core.php#L311","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/mp-timetable/tags/2.4.16/classes/class-hooks.php#L152","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/mp-timetable/tags/2.4.16/classes/controllers/class-controller-events.php#L62","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/mp-timetable/tags/2.4.16/classes/models/class-events.php#L102","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3548166%40mp-timetable&new=3548166%40mp-timetable&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9adf94ac-30ef-4c24-afa6-04248c25bd7f?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-9241","sourceIdentifier":"security@wordfence.com","published":"2026-05-28T05:16:39.600","lastModified":"2026-05-28T13:45:25.260","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 1.4.6. This is due to the `get_value()` function in `classes/fixed/fixed_user_role.php` trusting the attacker-controlled `$_REQUEST['wooc_order_user_roles']` parameter to determine the user's role context for role-based price resolution without any validation, allowing it to override the legitimate role data derived from the authenticated user's session object via `$user->roles`. This makes it possible for authenticated attackers, with Subscriber-level access and above, to impersonate higher-privileged roles — such as wholesale customer or administrator — and obtain discounted or otherwise restricted pricing that should not be available to their actual role. This vulnerability only has practical impact when the fixed user-role pricing feature is enabled and at least one product has a privileged-role price configured."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/woocommerce-currency-switcher/trunk/classes/fixed/fixed_user_role.php#L228","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/woocommerce-currency-switcher/trunk/classes/fixed/fixed_user_role.php#L229","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/woocommerce-currency-switcher/trunk/classes/woocs.php#L2271","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3543524%40woocommerce-currency-switcher&new=3543524%40woocommerce-currency-switcher&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1c8c1fec-0e87-46f7-83c5-8f9e9aa97b4f?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-9791","sourceIdentifier":"secalert@redhat.com","published":"2026-05-28T05:16:39.977","lastModified":"2026-05-28T13:44:54.327","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in Keycloak. An authenticated user with existing organization membership can exploit this flaw by accessing user-facing APIs, such as the account API or by requesting an OpenID Connect (OIDC) token with the 'organization' scope. This allows organization metadata to be disclosed in tokens, even after an administrator has explicitly disabled the Organizations feature, potentially leading to incorrect authorization decisions by resource servers."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-9791","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2482458","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-9792","sourceIdentifier":"secalert@redhat.com","published":"2026-05-28T05:16:40.537","lastModified":"2026-05-28T13:44:54.327","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in Keycloak's Client Policies, specifically within the `org.keycloak.protocol.oidc` component. When certain condition providers (client-type, client-roles, client-attributes, client-scopes) are used to enforce security restrictions, the `reject-ropc-grant` executor is silently bypassed. This allows an unauthenticated remote attacker to obtain tokens via a Resource Owner Password Credentials (ROPC) grant, even when a policy is explicitly configured to block it. This bypass can lead to unauthorized access and information disclosure."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Primary","description":[{"lang":"en","value":"CWE-280"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-9792","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2482459","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-9793","sourceIdentifier":"secalert@redhat.com","published":"2026-05-28T05:16:40.697","lastModified":"2026-05-28T13:44:54.327","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in Keycloak. When a JSON Web Encryption (JWE) encrypted request object is submitted, Keycloak may incorrectly process unsigned claims if the decrypted content is raw JSON, bypassing the configured signature policy. This allows a remote attacker to submit unauthorized claims, leading to a compromise of data integrity within the OpenID Connect (OIDC) authorization flow. While a redirect URI allowlist acts as a compensating control, this vulnerability violates OIDC Core and Financial-grade API (FAPI) signing requirements."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Primary","description":[{"lang":"en","value":"CWE-347"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-9793","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2482460","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-9794","sourceIdentifier":"secalert@redhat.com","published":"2026-05-28T05:16:40.847","lastModified":"2026-05-28T13:44:54.327","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in Keycloak. A remote, unauthenticated attacker can exploit this vulnerability by sending specially crafted SOAP requests to the SAML ECP (Security Assertion Markup Language Enhanced Client or Proxy) endpoint with varying client IDs. By observing distinct faultstrings in the responses, the attacker can determine the client's protocol type, leading to information disclosure."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Primary","description":[{"lang":"en","value":"CWE-209"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-9794","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2482461","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-9795","sourceIdentifier":"secalert@redhat.com","published":"2026-05-28T05:16:41.003","lastModified":"2026-05-28T13:44:54.327","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in Keycloak's Fine-Grained Admin Permissions (FGAPv2) feature. An administrator with limited client management permissions can exploit this vulnerability to assign any realm role, including highly privileged roles, to a client's scope mapping. This bypasses intended security controls, allowing the injected role to be projected into a user's authentication token when they access the modified client. This could lead to unauthorized privilege escalation within the Keycloak realm."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.0,"impactScore":5.8}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Primary","description":[{"lang":"en","value":"CWE-266"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-9795","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2482462","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-9796","sourceIdentifier":"secalert@redhat.com","published":"2026-05-28T05:16:41.153","lastModified":"2026-05-28T13:44:54.327","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in Keycloak. An authenticated administrator with the `manage-clients` role can exploit a Time-of-check to time-of-use (TOCTOU) vulnerability in the name-based admin role checks. This allows the attacker to escalate their privileges to `realm-admin` for all users within the realm, granting them extensive control over the system. The composite role relationship persists even after the attacker's own permissions are revoked and across system reboots."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":5.2}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Primary","description":[{"lang":"en","value":"CWE-367"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-9796","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2482464","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-3173","sourceIdentifier":"security@wordfence.com","published":"2026-05-28T06:16:26.917","lastModified":"2026-05-28T13:45:25.260","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Meta Field Block plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.5.1. This is due to the plugin allowing users to specify arbitrary object IDs and object types via block attributes without validating whether the authenticated user has permission to access the requested object's metadata. This makes it possible for authenticated attackers, with Contributor-level access and above, to read arbitrary user meta, post meta, and term meta data from any object in the database. On sites using plugins that store sensitive data in meta fields (e.g., WooCommerce billing/shipping information), this could lead to the exposure of Personally Identifiable Information (PII) including names, email addresses, phone numbers, and physical addresses."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/display-a-meta-field-as-block/trunk/meta-field-block.php#L206","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/display-a-meta-field-as-block/trunk/meta-field-block.php#L328","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3472303/","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/247df9e2-0a63-49ad-86fa-cb4c6e62c4cf?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-7533","sourceIdentifier":"security@wordfence.com","published":"2026-05-28T06:16:28.730","lastModified":"2026-05-28T13:45:25.260","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.7. This is due to missing nonce verification in the `handle_oauth_redirect()` function, which is registered on the `admin_init` hook and processes Square OAuth tokens from a user-supplied GET parameter without any CSRF token validation. This makes it possible for unauthenticated attackers to overwrite the store's Square payment gateway credentials by tricking a logged-in administrator into clicking a crafted link, potentially resulting in payment account hijacking."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/easy-digital-downloads/tags/3.6.5/src/Gateways/Square/Connection.php#L47","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/easy-digital-downloads/tags/3.6.5/src/Gateways/Square/Connection.php#L58","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/easy-digital-downloads/tags/3.6.5/src/Gateways/Square/Gateway.php#L114","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/easy-digital-downloads/trunk/src/Gateways/Square/Connection.php#L47","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/easy-digital-downloads/trunk/src/Gateways/Square/Connection.php#L58","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/easy-digital-downloads/trunk/src/Gateways/Square/Gateway.php#L114","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3536197%40easy-digital-downloads&old=3511193%40easy-digital-downloads&sfp_email=&sfph_mail=#file6607","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e375f761-459c-4cad-823b-2a94ac901410?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-9009","sourceIdentifier":"security@wordfence.com","published":"2026-05-28T06:16:28.873","lastModified":"2026-05-28T13:45:25.260","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.7.2 via the filter_content function. This is due to passing the attacker-supplied 'callback_raw' shortcode attribute directly into call_user_func() with no sanitization or allowlist validation, relying solely on an is_callable() check that permits dangerous PHP built-ins such as system, shell_exec, exec, passthru, and assert. This makes it possible for authenticated attackers, with author-level access and above, to execute code on the server. An identical sink exists for the 'callback' attribute, providing a second independent vector through the same shortcode."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/crawlomatic-multipage-scraper-post-generator/trunk/class.crawlomatic.shortcode.php#L273","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7ff39b8f-ef87-4b1c-888e-00c9599c7b07?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-9644","sourceIdentifier":"security@wordfence.com","published":"2026-05-28T06:16:29.010","lastModified":"2026-05-28T13:45:25.260","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The LiveSmart Video Chat Live Video Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'livesmart_widget' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3539257%40new-dev-livesmart-video-chat&new=3539257%40new-dev-livesmart-video-chat","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a3798336-e63b-4ede-9e4d-09a28249ea46?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-9673","sourceIdentifier":"report@snyk.io","published":"2026-05-28T06:16:29.147","lastModified":"2026-05-29T02:47:03.023","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Versions of the package json-2-csv from 3.15.0 and before 5.5.11 are vulnerable to CSV Injection via the preventCsvInjection option which can be bypassed. An attacker can inject formulas into CSV files, which execute when the files are opened in spreadsheet applications."}],"metrics":{"cvssMetricV40":[{"source":"report@snyk.io","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"report@snyk.io","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.5,"impactScore":4.2}]},"weaknesses":[{"source":"report@snyk.io","type":"Secondary","description":[{"lang":"en","value":"CWE-1236"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-1236"}]}],"references":[{"url":"https://gist.github.com/whoamins/299745a2d36b482b44e9613b78e40613","source":"report@snyk.io"},{"url":"https://github.com/mrodrig/json-2-csv/blob/main/src/json2csv.ts%23L410","source":"report@snyk.io"},{"url":"https://github.com/mrodrig/json-2-csv/commit/0fdd0bb6d0273178cd940afc323ccbce19688229","source":"report@snyk.io"},{"url":"https://security.snyk.io/vuln/SNYK-JS-JSON2CSV-14221326","source":"report@snyk.io"}]}},{"cve":{"id":"CVE-2026-9798","sourceIdentifier":"secalert@redhat.com","published":"2026-05-28T06:16:29.330","lastModified":"2026-05-28T13:44:54.327","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in Keycloak, an open-source identity and access management solution. When a user account is temporarily locked due to repeated failed login attempts, an attacker with valid client credentials can exploit the Client-Initiated Backchannel Authentication (CIBA) flow to bypass this brute-force protection. This allows continued authentication attempts and token issuance even when the account should be locked, potentially enabling further unauthorized access attempts."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Primary","description":[{"lang":"en","value":"CWE-305"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-9798","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2482470","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-9801","sourceIdentifier":"secalert@redhat.com","published":"2026-05-28T06:16:29.493","lastModified":"2026-05-28T13:44:54.327","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in Keycloak. A remote attacker with high privileges, such as a realm administrator configuring a malicious Lightweight Directory Access Protocol (LDAP) server or an attacker compromising an upstream LDAP server, could exploit this vulnerability. By sending a malformed LDAP password policy response during a password authentication request, the attacker can trigger an OutOfMemoryError. This causes the Keycloak Java Virtual Machine (JVM) to terminate, leading to a denial of service (DoS) for all realms on the affected node."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":3.6}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Primary","description":[{"lang":"en","value":"CWE-1284"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-9801","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2482473","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-9802","sourceIdentifier":"secalert@redhat.com","published":"2026-05-28T06:16:29.620","lastModified":"2026-05-28T13:44:54.327","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in Keycloak. When revokeRefreshToken=true is enabled and persistent session storage is in use, a server restart can reset internal timing mechanisms. This allows a remote attacker, who has previously captured a user's refresh token, to replay that token even after it has been revoked. Successful exploitation grants the attacker unauthorized access to the victim's account, potentially leading to information disclosure or privilege escalation."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":5.2}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Primary","description":[{"lang":"en","value":"CWE-613"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-9802","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2482467","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-9803","sourceIdentifier":"secalert@redhat.com","published":"2026-05-28T06:16:29.750","lastModified":"2026-05-28T13:44:54.327","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in Keycloak's ClientRegistrationAuth component. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with a malformed 'Authorization: Bearer' header to any client registration endpoint. This can lead to an ArrayIndexOutOfBoundsException, causing the server to return an HTTP 500 error and resulting in a Denial of Service (DoS) for the affected service."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-9803","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2482465","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-44604","sourceIdentifier":"secalert@redhat.com","published":"2026-05-28T08:16:35.280","lastModified":"2026-05-28T13:44:54.327","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A command injection vulnerability was discovered in the `rpmuncompress` utility of RPM. When extracting certain archive formats (ZIP, 7z, GEM) to a specified destination directory, the tool inserts the archive's top-level folder name into a shell command without properly sanitizing it. A specially crafted archive containing shell metacharacters in its folder name can execute arbitrary commands as the user running the extraction."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-44604","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460967","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-6427","sourceIdentifier":"security@wordfence.com","published":"2026-05-28T08:16:36.317","lastModified":"2026-05-28T13:45:25.260","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The a3 Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.7.6 This is due to a regex bug in the _filter_videos() method that breaks HTML attribute quoting when processing crafted <video> elements, combined with unescaped output in the admin/views/form-data.php template. An authenticated attacker with Contributor-level access can insert a crafted <video> tag whose src attribute contains an embedded class=\" substring that tricks the plugin's class-replacement regex into consuming an attribute-value closing quote. This shifts the HTML5 parser's quote boundary, promoting attacker-controlled text from inside a quoted attribute value into standalone event-handler attributes (autofocus, onfocus). The injected script executes in the browser of any user (including administrators) who views the post."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/a3-lazy-load/trunk/admin/views/form-data.php#L11","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/a3-lazy-load/trunk/classes/class-a3-lazy-load.php#L124","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/a3-lazy-load/trunk/classes/class-a3-lazy-load.php#L136","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/a3-lazy-load/trunk/classes/class-a3-lazy-load.php#L623","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/a3-lazy-load/trunk/classes/class-a3-lazy-load.php#L643","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/a3-lazy-load/trunk/classes/class-a3-lazy-load.php#L666","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?old_path=%2Fa3-lazy-load/tags/2.7.6&new_path=%2Fa3-lazy-load/tags/2.7.7","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5246efbb-93cc-4951-900e-d13d08840f03?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-6455","sourceIdentifier":"security@wordfence.com","published":"2026-05-28T08:16:36.477","lastModified":"2026-05-28T13:45:25.260","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The WP Contact Form 7 DB Handler plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Arbitrary File Deletion via SQL Injection and PHP Object Injection in versions up to and including 3.0. This is due to a missing nonce verification in the process_bulk_action() function, the nonce check is only executed when _wpnonce is present in the POST body, allowing it to be trivially bypassed by omitting the field, combined with the use of an unsanitized, unparameterized user-supplied value in a numeric SQL context (WHERE ID = $ID) and the unsafe deserialization of the query result's post_content field. An attacker can craft a CSRF page that tricks a logged-in administrator into triggering a UNION-based SQL injection payload (using CHAR() to avoid esc_sql quote-escaping) that returns a malicious serialized PHP array as post_content; upon deserialization, array values associated with keys containing 'ys_cfdbh_file' are used as file paths appended to the uploads directory path without any path traversal validation, and then passed to wp_delete_file(), allowing the attacker to delete arbitrary files on the server (e.g., wp-config.php, system files)."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/wp-contact-form-7-db-handler/tags/3.0/include/form-inner-page-class.php#L589","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-contact-form-7-db-handler/tags/3.0/include/form-inner-page-class.php#L605","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-contact-form-7-db-handler/tags/3.0/include/form-inner-page-class.php#L607","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-contact-form-7-db-handler/tags/3.0/include/form-inner-page-class.php#L615","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-contact-form-7-db-handler/trunk/include/form-inner-page-class.php#L589","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-contact-form-7-db-handler/trunk/include/form-inner-page-class.php#L605","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-contact-form-7-db-handler/trunk/include/form-inner-page-class.php#L607","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-contact-form-7-db-handler/trunk/include/form-inner-page-class.php#L615","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3520240%40wp-contact-form-7-db-handler&new=3520240%40wp-contact-form-7-db-handler&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/96cdba03-7385-4374-915d-061be0276a95?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-7052","sourceIdentifier":"security@wordfence.com","published":"2026-05-28T08:16:36.603","lastModified":"2026-05-28T13:45:25.260","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The HT Contact Form – Drag & Drop Form Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'file_upload' parameter in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Exploitation requires the 'Store Submissions' setting to be enabled, as this controls whether unsanitized field values are persisted to the database and subsequently rendered via dangerouslySetInnerHTML in the admin entry viewer."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.7}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/ht-contactform/tags/2.8.2/admin/Includes/Api/Endpoints/Submission.php#L108","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ht-contactform/tags/2.8.2/admin/Includes/Api/Endpoints/Submission.php#L126","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ht-contactform/tags/2.8.2/admin/Includes/Api/Endpoints/Submission.php#L403","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ht-contactform/tags/2.8.2/admin/Includes/Models/Entries.php#L298","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ht-contactform/tags/2.8.2/admin/dist/bundle.js#L2","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ht-contactform/trunk/admin/Includes/Api/Endpoints/Submission.php#L108","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ht-contactform/trunk/admin/Includes/Api/Endpoints/Submission.php#L126","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ht-contactform/trunk/admin/Includes/Api/Endpoints/Submission.php#L403","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ht-contactform/trunk/admin/Includes/Models/Entries.php#L298","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ht-contactform/trunk/admin/dist/bundle.js#L2","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3521197%40ht-contactform%2Ftrunk&old=3499444%40ht-contactform%2Ftrunk","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/edb0ee0c-1eab-4988-9eb6-cc0c253fee15?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-7552","sourceIdentifier":"security@wordfence.com","published":"2026-05-28T08:16:36.730","lastModified":"2026-05-28T13:45:25.260","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Geo Mashup plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.13.19. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to expose sensitive plugin configuration data, including Google Maps API keys and GeoNames service credentials, to unauthenticated attackers."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/geo-mashup/tags/1.13.18/geo-mashup.php#L1525","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/geo-mashup/tags/1.13.18/geo-mashup.php#L515","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/geo-mashup/tags/1.13.18/geo-mashup.php#L528","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/geo-mashup/tags/1.13.19/geo-mashup.php#L1525","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/geo-mashup/tags/1.13.19/geo-mashup.php#L515","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/geo-mashup/tags/1.13.19/geo-mashup.php#L528","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/geo-mashup/trunk/geo-mashup.php#L1525","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/geo-mashup/trunk/geo-mashup.php#L515","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/geo-mashup/trunk/geo-mashup.php#L528","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3503627/geo-mashup","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/605dc24c-5b6e-479b-98dd-ad80c547824c?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-7621","sourceIdentifier":"security@wordfence.com","published":"2026-05-28T08:16:36.863","lastModified":"2026-05-28T13:45:25.260","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The SMTP2GO for WordPress – Email Made Easy plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.16.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to truncate all SMTP2GO log records from the database or download a CSV export of all SMTP log data including recipient addresses, sender addresses, message subjects, and API response data."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/smtp2go/tags/1.14.0/app/WordpressPlugin.php#L135","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/smtp2go/tags/1.14.0/app/WordpressPluginAdmin.php#L75","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/smtp2go/tags/1.14.0/app/WordpressPluginAdmin.php#L85","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/smtp2go/tags/1.14.1/app/WordpressPlugin.php#L135","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/smtp2go/tags/1.14.1/app/WordpressPluginAdmin.php#L75","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/smtp2go/tags/1.14.1/app/WordpressPluginAdmin.php#L85","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/smtp2go/trunk/app/WordpressPlugin.php#L135","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/smtp2go/trunk/app/WordpressPluginAdmin.php#L75","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/smtp2go/trunk/app/WordpressPluginAdmin.php#L85","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3546743%40smtp2go&new=3546743%40smtp2go&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6424de06-95ca-4148-9b24-0df0a2a8871d?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-7634","sourceIdentifier":"security@wordfence.com","published":"2026-05-28T08:16:36.990","lastModified":"2026-05-28T13:45:25.260","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'User-Agent' header in all versions up to, and including, 5.4.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The show_complete_user_agent_tooltip setting must be explicitly enabled by an administrator (disabled by default) for the stored payload to be rendered and executed."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.7}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/wp-slimstat/wp-slimstat/pull/297","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-slimstat/tags/5.4.11/admin/view/wp-slimstat-reports.php#L2099","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-slimstat/tags/5.4.11/src/Services/Browscap.php#L270","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-slimstat/tags/5.4.11/src/Tracker/Processor.php#L776","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-slimstat/tags/5.4.11/src/Tracker/Storage.php#L25","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-slimstat/tags/5.4.4/admin/view/wp-slimstat-reports.php#L2099","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-slimstat/tags/5.4.4/src/Services/Browscap.php#L270","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-slimstat/tags/5.4.4/src/Tracker/Processor.php#L776","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-slimstat/tags/5.4.4/src/Tracker/Storage.php#L25","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-slimstat/trunk/admin/view/wp-slimstat-reports.php#L2099","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-slimstat/trunk/src/Services/Browscap.php#L270","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-slimstat/trunk/src/Tracker/Processor.php#L776","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-slimstat/trunk/src/Tracker/Storage.php#L25","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0a309bf8-7fe3-4033-993c-3c8dba0f216d?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-7651","sourceIdentifier":"security@wordfence.com","published":"2026-05-28T08:16:37.117","lastModified":"2026-05-28T13:45:25.260","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.5. This is due to missing ownership validation on a user-controlled attachment ID, allowing the plugin to store and subsequently delete arbitrary media attachments without verifying that the referenced attachment belongs to the requesting user. This makes it possible for authenticated attackers, with subscriber-level access and above, to permanently delete arbitrary media attachments uploaded by any other user, including administrators."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/user-registration/trunk/includes/frontend/class-ur-frontend.php#L114","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/user-registration/trunk/includes/frontend/class-ur-frontend.php#L86","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/user-registration/trunk/includes/functions-ur-core.php#L4262","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3539426/user-registration/tags/5.2.0/includes/frontend/class-ur-frontend.php","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0def7637-edf4-4ae2-a2e7-31ccb3b52d71?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-7660","sourceIdentifier":"security@wordfence.com","published":"2026-05-28T08:16:37.240","lastModified":"2026-05-28T13:45:25.260","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Easy Updates Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'paged' parameter in versions up to, and including, 9.0.20 This is due to insufficient input sanitization and output escaping in the pagination() function. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page granted they can trick an administrator into performing an action such as clicking on a link."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/stops-core-theme-and-plugin-updates/tags/9.0.20/includes/MPSUM_List_Table.php#L800","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/stops-core-theme-and-plugin-updates/tags/9.0.20/includes/MPSUM_Plugins_List_Table.php#L55","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/stops-core-theme-and-plugin-updates/trunk/includes/MPSUM_List_Table.php#L800","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/stops-core-theme-and-plugin-updates/trunk/includes/MPSUM_Plugins_List_Table.php#L55","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3531188/stops-core-theme-and-plugin-updates/trunk/includes/MPSUM_List_Table.php","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?old_path=%2Fstops-core-theme-and-plugin-updates/tags/9.0.20&new_path=%2Fstops-core-theme-and-plugin-updates/tags/9.0.21","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/bbbd989c-4d69-45c9-bcb9-44f9ab98b969?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-7797","sourceIdentifier":"security@wordfence.com","published":"2026-05-28T08:16:37.360","lastModified":"2026-05-28T13:45:25.260","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'append_where_sql' parameter in all versions up to, and including, 1.6.11.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. The /appointments/bulk REST endpoint is reachable by unauthenticated attackers because its permission check accepts a public nonce that is embedded in the booking widget's frontend JavaScript (ssa.api.public_nonce) and visible to all site visitors; exploitation requires issuing the request as a PUT with an application/x-www-form-urlencoded body so that PHP's superglobals are not populated and the blocklist check silently passes."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/simply-schedule-appointments/tags/1.6.10.2/includes/lib/td-util/class-td-api-model.php#L304","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/simply-schedule-appointments/tags/1.6.10.2/includes/lib/td-util/class-td-api-model.php#L361","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/simply-schedule-appointments/tags/1.6.10.2/includes/lib/td-util/class-td-db-model.php#L1049","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/simply-schedule-appointments/tags/1.6.11.2/includes/lib/td-util/class-td-api-model.php#L304","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/simply-schedule-appointments/tags/1.6.11.2/includes/lib/td-util/class-td-api-model.php#L361","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/simply-schedule-appointments/tags/1.6.11.2/includes/lib/td-util/class-td-db-model.php#L1049","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/simply-schedule-appointments/trunk/includes/lib/td-util/class-td-api-model.php#L304","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/simply-schedule-appointments/trunk/includes/lib/td-util/class-td-api-model.php#L361","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/simply-schedule-appointments/trunk/includes/lib/td-util/class-td-db-model.php#L1049","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3549843/simply-schedule-appointments/tags/1.6.11.9/includes/lib/td-util/class-td-db-model.php","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/db3bddbd-44b0-4105-9039-0d669d643481?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-7862","sourceIdentifier":"contact@wpscan.com","published":"2026-05-28T08:16:37.487","lastModified":"2026-05-28T13:45:25.260","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Eupago Gateway For Woocommerce WordPress plugin before 4.7.2 does not properly restrict access to its refund request handler, allowing unauthenticated attackers to initiate refunds against any WooCommerce order using the merchant's payment gateway credentials, and for applicable payment methods, to redirect refunded funds to an attacker-controlled bank account."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":4.7}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://wpscan.com/vulnerability/b4ce2a06-b435-4b77-851f-4406f2a91ca6/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2026-8682","sourceIdentifier":"security@wordfence.com","published":"2026-05-28T08:16:37.590","lastModified":"2026-05-28T13:45:25.260","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The 3D Viewer – 3D Model Viewer – Augmented Reality – Virtual Try On plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify all plugin settings by writing arbitrary data to the ar_try_on_settings option in the database via the /wp-json/ar_try_on/v1/settings REST endpoint."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/ar-vr-3d-model-try-on/tags/1.9.0/api/AR_TRY_ON_Api_Routes.php#L102","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ar-vr-3d-model-try-on/tags/1.9.0/api/AR_TRY_ON_Api_Routes.php#L358","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ar-vr-3d-model-try-on/tags/1.9.0/api/AR_TRY_ON_Api_Routes.php#L40","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ar-vr-3d-model-try-on/tags/2.0.1/api/AR_TRY_ON_Api_Routes.php#L102","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ar-vr-3d-model-try-on/tags/2.0.1/api/AR_TRY_ON_Api_Routes.php#L358","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ar-vr-3d-model-try-on/tags/2.0.1/api/AR_TRY_ON_Api_Routes.php#L40","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3536110%40ar-vr-3d-model-try-on&new=3536110%40ar-vr-3d-model-try-on&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/bfcd914c-3c12-4e6a-bb05-38d42ce411d4?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-9227","sourceIdentifier":"security@wordfence.com","published":"2026-05-28T08:16:37.713","lastModified":"2026-05-28T13:45:25.260","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The GutenBee – Gutenberg Blocks plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.20.1 via the gutenbee_file_and_ext_json function. This is due to a flawed strpos() substring check that only verifies whether the filename contains the string '.json' rather than confirming the filename ends with a .json extension, allowing double-extension filenames like shell.json.php to bypass validation. This makes it possible for authenticated attackers, with author-level access and above, to upload files that may be executable, which makes remote code execution possible."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://github.com/cssigniter/gutenbee/commit/bde934cdecf67a4de1d6548cc1fc6c59bc6690e5","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/gutenbee/tags/2.20.0/gutenbee.php#L570","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/gutenbee/tags/2.20.0/gutenbee.php#L571","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/gutenbee/tags/2.20.0/gutenbee.php#L579","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/gutenbee/tags/2.20.1/gutenbee.php#L570","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/gutenbee/tags/2.20.1/gutenbee.php#L571","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/gutenbee/tags/2.20.1/gutenbee.php#L579","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3543574%40gutenbee&new=3543574%40gutenbee&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2d20e8c9-975d-4e8c-8bea-50935853c7d4?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-9618","sourceIdentifier":"security@wordfence.com","published":"2026-05-28T08:16:37.870","lastModified":"2026-05-28T13:45:25.260","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The PeachPay — Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net, NMI) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.120.46. This is due to missing or incorrect nonce validation on the peachpay_stripe_handle_admin_actions function. This makes it possible for unauthenticated attackers to permanently delete all stored Stripe credentials — including publishable keys, secret keys, webhook secrets, and Apple Pay configuration — from the WordPress database, disabling Stripe payment processing for the store via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/peachpay-for-woocommerce/tags/1.120.23/core/admin/settings.php#L190","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/peachpay-for-woocommerce/tags/1.120.23/core/payments/stripe/functions.php#L612","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/peachpay-for-woocommerce/tags/1.120.23/core/payments/stripe/functions.php#L640","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/peachpay-for-woocommerce/tags/1.120.45/core/admin/settings.php#L190","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/peachpay-for-woocommerce/tags/1.120.45/core/payments/stripe/functions.php#L612","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/peachpay-for-woocommerce/tags/1.120.45/core/payments/stripe/functions.php#L640","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3550723%40peachpay-for-woocommerce&new=3550723%40peachpay-for-woocommerce&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2270b66f-b07c-44ce-b161-7b2123f8c21e?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2024-47096","sourceIdentifier":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","published":"2026-05-28T09:16:28.957","lastModified":"2026-05-28T18:56:36.823","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Cross Site Scripting vulnerability in Follet School Solutions Destiny before v22.0.1 AU1 allows a remote attacker to run arbitrary client-side code via the showSupportExpiredMessage parameter of handleloginform.do."}],"metrics":{"cvssMetricV40":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://www.securin.io/zero-day/cve-2024-47096-reflected-cross-site-scripting-in-follett-school-solutions-destiny-library-manager/","source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c"}]}},{"cve":{"id":"CVE-2024-47097","sourceIdentifier":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","published":"2026-05-28T09:16:30.013","lastModified":"2026-05-28T18:56:36.823","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Cross Site Scripting vulnerability in Follet School Solutions Destiny before v22.0.1 AU1 allows a remote attacker to run arbitrary client-side code via the site parameter of handleloginform.do."}],"metrics":{"cvssMetricV40":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://www.securin.io/zero-day/cve-2024-47097-reflected-cross-site-scripting-in-follett-school-solutions-destiny-library-manager/","source":"33c584b5-0579-4c06-b2a0-8d8329fcab9c"}]}},{"cve":{"id":"CVE-2026-4334","sourceIdentifier":"security@wordfence.com","published":"2026-05-28T09:16:45.360","lastModified":"2026-05-28T13:45:25.260","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'headline' parameter in the [shariff] shortcode in all versions up to, and including, 4.6.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability occurs because the plugin uses a custom wp_kses implementation with permissive allowed HTML tags, and then performs a str_replace operation that injects HTML after sanitization, allowing event handlers to be introduced through the %total placeholder in the style attribute."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/shariff/trunk/shariff.php#L1143","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/shariff/trunk/shariff.php#L1144","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/shariff/trunk/shariff.php#L868","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/shariff/trunk/shariff.php#L965","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3532532%40shariff&new=3532532%40shariff&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e037d22a-3d4d-4f70-a749-6d6c552c7553?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-4408","sourceIdentifier":"secalert@redhat.com","published":"2026-05-28T09:16:47.643","lastModified":"2026-05-28T13:44:54.327","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the \"check password script\" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper escaping of shell meta-characters. This vulnerability allows an attacker to achieve remote command execution on the affected system. This issue primarily affects non-standard configurations where the \"check password script\" is used with %u and the samba-dcerpcd service is started as a system service."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":9.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":6.0}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-4408","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479762","source":"secalert@redhat.com"},{"url":"https://bugzilla.samba.org/show_bug.cgi?id=16034","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-6226","sourceIdentifier":"security@wordfence.com","published":"2026-05-28T09:16:47.903","lastModified":"2026-05-28T13:45:25.260","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to unauthenticated privilege escalation in versions up to and including 3.29.2. This is due to insecure form submission handling that accepts arbitrary form definitions from user input instead of securely loading them from the backend. When $_POST['_acf_form'] is an array (rather than a form ID), the validate_form() function bypasses database lookup and directly processes the attacker-controlled structure. The create_record() function preserves attacker-supplied record data if present, and the user action's run() function falls back to attacker-controlled field definitions from $form['fields'] when legitimate fields cannot be found. The role field's pre_update_value() validation reads $field['role_options'] from this attacker-controlled definition, allowing an attacker to specify ['administrator'] as an allowed role and bypass the security check. This makes it possible for unauthenticated attackers to create administrator accounts by injecting a custom form configuration with a spoofed role field."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-269"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/acf-frontend-form-element/tags/3.28.33/main/frontend/fields/user/class-role.php#L107","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/acf-frontend-form-element/tags/3.28.33/main/frontend/forms/actions/user.php#L458","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/acf-frontend-form-element/tags/3.28.33/main/frontend/forms/classes/display.php#L245","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/acf-frontend-form-element/tags/3.28.33/main/frontend/forms/classes/submit.php#L124","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/acf-frontend-form-element/trunk/main/frontend/fields/user/class-role.php#L107","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/acf-frontend-form-element/trunk/main/frontend/forms/actions/user.php#L458","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/acf-frontend-form-element/trunk/main/frontend/forms/classes/display.php#L245","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/acf-frontend-form-element/trunk/main/frontend/forms/classes/submit.php#L124","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3525193%40acf-frontend-form-element&new=3525193%40acf-frontend-form-element&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/123e1758-3384-4ea7-96dd-d6adcce40392?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-6937","sourceIdentifier":"security@wordfence.com","published":"2026-05-28T09:16:48.170","lastModified":"2026-05-28T13:45:25.260","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.6.11.8 due to the plugin not properly verifying that a user is authorized to perform an action via the bulk appointments REST API endpoint. This makes it possible for unauthenticated attackers to modify arbitrary appointment records including customer PII, payment status, and meeting URL fields, and to expose full customer PII from existing appointment records via the bulk endpoint response. The public nonce is a static, user-independent value present in the HTML source of any page hosting the [ssa_booking] shortcode, meaning any visitor who has viewed such a page can obtain it and target any appointment in the system without authentication."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/simply-schedule-appointments/tags/1.6.10.0/includes/class-appointment-model.php#L724","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/simply-schedule-appointments/tags/1.6.10.0/includes/class-bootstrap.php#L151","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/simply-schedule-appointments/tags/1.6.10.0/includes/lib/td-util/class-td-api-model.php#L74","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/simply-schedule-appointments/tags/1.6.11.0/includes/class-appointment-model.php#L724","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/simply-schedule-appointments/tags/1.6.11.0/includes/class-bootstrap.php#L151","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/simply-schedule-appointments/tags/1.6.11.0/includes/lib/td-util/class-td-api-model.php#L74","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/simply-schedule-appointments/trunk/includes/class-appointment-model.php#L724","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/simply-schedule-appointments/trunk/includes/class-bootstrap.php#L151","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/simply-schedule-appointments/trunk/includes/lib/td-util/class-td-api-model.php#L74","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3549843%40simply-schedule-appointments&new=3549843%40simply-schedule-appointments&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ef0f5f9d-788a-4cf8-9747-ada076a69a1f?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-7048","sourceIdentifier":"security@wordfence.com","published":"2026-05-28T09:16:48.433","lastModified":"2026-05-28T13:45:25.260","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'order_by' parameter in all versions up to, and including, 1.8.40 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This is exploitable by embedding a malicious shortcode in a post or draft, allowing the injected SQL to execute when the shortcode is rendered."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/photo-gallery/tags/1.8.39/framework/WDWLibrary.php#L1351","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/photo-gallery/tags/1.8.39/framework/WDWLibrary.php#L2112","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/photo-gallery/tags/1.8.39/frontend/controllers/controller.php#L354","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/photo-gallery/tags/1.8.39/photo-gallery.php#L789","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/framework/WDWLibrary.php#L1351","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/framework/WDWLibrary.php#L2112","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/frontend/controllers/controller.php#L354","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/photo-gallery.php#L789","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3532364%40photo-gallery&new=3532364%40photo-gallery&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/27394b03-3604-4fb0-950f-e1f838cabb05?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-7526","sourceIdentifier":"security@wordfence.com","published":"2026-05-28T09:16:48.700","lastModified":"2026-05-28T13:45:25.260","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The PDF Embedder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.9.3 via the enqueue_block_assets. This makes it possible for authenticated attackers, with contributor-level access and above, to extract configuration data. License key exposure occurs when the premium add-on is also installed and has saved a key; on Lite-only installations, the exposed data is limited to non-sensitive viewer configuration values such as width, height, toolbar settings, usage tracking, and plan."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/pdf-embedder/tags/4.9.3/src/Plugin.php#L204","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/pdf-embedder/tags/4.9.3/src/Plugin.php#L224","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/pdf-embedder/trunk/src/Plugin.php#L204","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/pdf-embedder/trunk/src/Plugin.php#L224","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3531901/pdf-embedder/trunk/src/Plugin.php?old=3429550&old_path=pdf-embedder%2Ftrunk%2Fsrc%2FPlugin.php","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0e0f2516-0fa7-415e-868e-6bd259bc6546?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-8689","sourceIdentifier":"security@wordfence.com","published":"2026-05-28T09:16:48.973","lastModified":"2026-05-28T13:45:25.260","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.11.14. This is due to a missing capability check on the renderChartPages() and uploadData() functions, where the wp_ajax_visualizer-create-chart and wp_ajax_visualizer-edit-chart AJAX actions invoke renderChartPages() without any current_user_can() check, and wp_ajax_visualizer-upload-data invokes uploadData() which also lacks a capability check and validates its nonce without an action argument, making it trivially bypassable. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create arbitrary chart posts and access or modify chart data belonging to other users, including administrators."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/visualizer/tags/3.11.14/classes/Visualizer/Module/Chart.php#L1221","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/visualizer/tags/3.11.14/classes/Visualizer/Module/Chart.php#L531","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/visualizer/tags/3.11.14/classes/Visualizer/Module/Chart.php#L56","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/visualizer/tags/4.0.1/classes/Visualizer/Module/Chart.php#L1221","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/visualizer/tags/4.0.1/classes/Visualizer/Module/Chart.php#L531","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/visualizer/tags/4.0.1/classes/Visualizer/Module/Chart.php#L56","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3474710","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d18e9696-0f96-4478-9871-a93ac2976c11?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-9015","sourceIdentifier":"security@wordfence.com","published":"2026-05-28T09:16:49.240","lastModified":"2026-05-28T13:45:25.260","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Equalize Digital Accessibility Checker – WCAG, ADA, EAA and Section 508 compliance plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.42.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify the ignore state, ignore reason, and ignore comment of arbitrary accessibility issues across the entire site — including mass modification of all rows sharing an 'object' identifier when largeBatch=true is supplied — corrupting accessibility audit integrity by hiding or dismissing findings outside their authorization scope."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/accessibility-checker/tags/1.38.0/admin/class-ajax.php#L40","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/accessibility-checker/tags/1.38.0/admin/class-ajax.php#L814","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/accessibility-checker/tags/1.38.0/admin/class-ajax.php#L856","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/accessibility-checker/tags/1.38.0/admin/class-enqueue-admin.php#L89","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/accessibility-checker/tags/1.41.0/admin/class-ajax.php#L40","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/accessibility-checker/tags/1.41.0/admin/class-ajax.php#L814","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/accessibility-checker/tags/1.41.0/admin/class-ajax.php#L856","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/accessibility-checker/tags/1.41.0/admin/class-enqueue-admin.php#L89","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3539961%40accessibility-checker&new=3539961%40accessibility-checker&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/613fc64a-1206-4a11-b945-216068b9339a?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-9804","sourceIdentifier":"secalert@redhat.com","published":"2026-05-28T09:16:49.500","lastModified":"2026-05-28T13:44:54.327","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in KubeVirt's virt-exportserver component. An attacker with specific namespace-level access can exploit a path traversal vulnerability in the VMExport directory endpoint. By placing a symbolic link (symlink) within an exported filesystem Persistent Volume Claim (PVC) that points outside its designated mount root, the attacker can read arbitrary files from the exporter pod's filesystem. This leads to information disclosure, potentially exposing sensitive data."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.0}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Primary","description":[{"lang":"en","value":"CWE-59"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-9804","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2482487","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-46104","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:25.757","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nselinux: use sk blob accessor in socket permission helpers\n\nSELinux socket state lives in the composite LSM socket blob.\n\nsock_has_perm() and nlmsg_sock_has_extended_perms() currently\ndereference sk->sk_security directly, which assumes the SELinux socket\nblob is at offset zero.\n\nIn stacked configurations that assumption does not hold. If another LSM\nallocates socket blob storage before SELinux, these helpers may read the\nwrong blob and feed invalid SID and class values into AVC checks.\n\nUse selinux_sock() instead of accessing sk->sk_security directly."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/032e70aff025d7c519af9ab791cd084380619263","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/7eca71f57f194c1638ebb7f4097d6be8fd04c101","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/d350fef4bc2467fe1bce15f7a20fe60e01ce41ad","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46106","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:25.950","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\neventfs: Hold eventfs_mutex and SRCU when remount walks events\n\nCommit 340f0c7067a9 (\"eventfs: Update all the eventfs_inodes from the\nevents descriptor\") had eventfs_set_attrs() recurse through ei->children\non remount.  The walk only holds the rcu_read_lock() taken by\ntracefs_apply_options() over tracefs_inodes, which is wrong:\n\n  - list_for_each_entry over ei->children races with the list_del_rcu()\n    in eventfs_remove_rec() -- LIST_POISON1 deref, same shape as\n    d2603279c7d6.\n  - eventfs_inodes are freed via call_srcu(&eventfs_srcu, ...).\n    rcu_read_lock() does not extend an SRCU grace period, so ti->private\n    can be reclaimed under the walk.\n  - The writes to ei->attr race with eventfs_set_attr(), which holds\n    eventfs_mutex.\n\nReproducer:\n\n  while :; do mount -o remount,uid=$((RANDOM%1000)) /sys/kernel/tracing; done &\n  while :; do\n      echo \"p:kp submit_bio\" > /sys/kernel/tracing/kprobe_events\n      echo > /sys/kernel/tracing/kprobe_events\n  done\n\nWrap the events portion of tracefs_apply_options() in\neventfs_remount_lock()/_unlock() that take eventfs_mutex and\nsrcu_read_lock(&eventfs_srcu).  eventfs_set_attrs() doesn't sleep so the\nnested rcu_read_lock() is fine; lockdep_assert_held() pins the contract.\n\nComment in tracefs_drop_inode() said \"RCU cycle\" -- it is SRCU."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/07004a8c4b572171934390148ee48c4175c77eed","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/44e64d8a432837308f4dda3ffe819f1ec092a0ba","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/52b109f1b875b912d4ab2c5fdd8c322d47119d9b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/ae9cd0b46b1890040006a2fc5e905c5d6053fd02","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/ed2ad73bcb0a7a6cc934097d4853b6d5124c317e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46108","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:26.190","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nipmi:si: Return state to normal if message allocation fails\n\nThere were places where nothing would get started if a message\nallocation failed, so the driver needs to return to normal state."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/09dd798270ff582d7309f285d4aaf5dbebae01cb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/88881dc1da86064f479378bc9d0a4956c3d0bb12","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/ba60140d4133231b49185ac8bf6e54f318d3134e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/bc13fce9eeec88c4950924754c3347c6dc66ff4c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/ce905b65e649eee378a0f37e8219f1d70efb3007","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46109","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:26.307","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nusb: ulpi: fix memory leak on ulpi_register() error paths\n\nCommit 01af542392b5 (\"usb: ulpi: fix double free in\nulpi_register_interface() error path\") removed kfree(ulpi) from\nulpi_register_interface() to fix a double-free when device_register()\nfails.\n\nBut when ulpi_of_register() or ulpi_read_id() fail before\ndevice_register() is called, the ulpi allocation is leaked.\n\nAdd kfree(ulpi) on both error paths to properly clean up the allocation."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/0b9fcab1b8608d429e5f239afb197de928d4de7d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/2a71e01b2cf9b4329ff67102c1bea7448c2a2d2d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/b0c0d44adb55c66663886cb6e30ee92cbb0f5385","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/be2c1d825f54277472c87019e82013ac534ddc4c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/f30ccfc2985590b33a23a3d8bed7ca16c0af551b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46118","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:27.293","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\npseries/papr-hvpipe: Fix null ptr deref in papr_hvpipe_dev_create_handle()\n\ncommit 6d3789d347a7 (\"papr-hvpipe: convert papr_hvpipe_dev_create_handle() to FD_PREPARE()\"),\nchanged the create handle to FD_PREPARE(), but it caused kernel\nnull-ptr-deref because after call to retain_and_null_ptr(src_info),\nsrc_info is re-used for adding it to the global list.\n\nGetting the following kernel panic in papr_hvpipe_dev_create_handle()\nwhen trying to add src_info to the list.\n Kernel attempted to write user page (0) - exploit attempt? (uid: 0)\n BUG: Kernel NULL pointer dereference on write at 0x00000000\n Faulting instruction address: 0xc0000000001b44a0\n Oops: Kernel access of bad area, sig: 11 [#1]\n ...\n Call Trace:\n papr_hvpipe_dev_ioctl+0x1f4/0x48c (unreliable)\n sys_ioctl+0x528/0x1064\n system_call_exception+0x128/0x360\n system_call_vectored_common+0x15c/0x2ec\n\nNow, the error handling with FD_PREPARE's file cleanup and __free(kfree) auto\ncleanup is getting too convoluted. This is mainly because we need to\nensure only 1 user get the srcID handle. To simplify this, we allocate\nprepare the src_info in the beginning and add it to the global list\nunder a spinlock after checking that no duplicates exist.\n\nThis simplify the error handling where if the FD_ADD fails, we can\nsimply remove the src_info from the list and consume any pending msg in\nhvpipe to be cleared, after src_info became visible in the global list."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/1b9f7aafa44f5ce852c00509104d10fd9eb0f402","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/735439394dde8462f9b50566727fbe333beaadaf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/cf51bec1560f8bf115d1476f60335f9d90e110b0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46121","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:27.600","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/sysfs-schemes: protect memcg_path kfree() with damon_sysfs_lock\n\nPatch series \"mm/damon/sysfs-schemes: fix use-after-free for [memcg_]path\".\n\nReads of 'memcg_path' and 'path' files in DAMON sysfs interface could race\nwith their writes, results in use-after-free.  Fix those.\n\n\nThis patch (of 2):\n\ndamon_sysfs_scheme_filter->mmecg_path can be read and written by users,\nvia DAMON sysfs memcg_path file.  It can also be indirectly read, for the\nparameters {on,off}line committing to DAMON.  The reads for parameters\ncommitting are protected by damon_sysfs_lock to avoid the sysfs files\nbeing destroyed while any of the parameters are being read.  But the\nuser-driven direct reads and writes are not protected by any lock, while\nthe write is deallocating the memcg_path-pointing buffer.  As a result,\nthe readers could read the already freed buffer (user-after-free).  Note\nthat the user-reads don't race when the same open file is used by the\nwriter, due to kernfs's open file locking.  Nonetheless, doing the reads\nand writes with separate open files would be common.  Fix it by protecting\nboth the user-direct reads and writes with damon_sysfs_lock."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/1e68eb96e8beb1abefd12dd22c5637795d8a877e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/b1e9f2d5870776347edef927f9bb3ea19b8e3abb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/baecc45ad60e621ef14d6c1e7f41ef36bbfdf910","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/c88802d0e8edd14b6cd2daf3000f99adbc4c85c5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/eafd6f5372d29b0dd213799b92c2c9c7ad31d7da","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46122","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:27.713","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: b43: enforce bounds check on firmware key index in b43_rx()\n\nThe firmware-controlled key index in b43_rx() can exceed the dev->key[]\narray size (58 entries). The existing B43_WARN_ON is non-enforcing in\nproduction builds, allowing an out-of-bounds read.\n\nMake the B43_WARN_ON check enforcing by dropping the frame when the\nfirmware returns an invalid key index."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/1e9e55cf66f0fa4799f4d86ef3aaba8e606b5c14","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/1f4f78bf8549e6ac4f04fba4176854f3a6e0c332","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/219ba67e69e49681e48c822d6eaafb5def032f34","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/c3d7b90dc95020cd9282c4630e402fe224f7644e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/d7029879bafdac2006c67553807d122283dc6cbf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46126","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:28.140","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mana: Fix mana_destroy_wq_obj() cleanup in mana_ib_create_qp_rss()\n\nSashiko points out there are two bugs here in the error unwind flow, both\nrelated to how the WQ table is unwound.\n\nFirst there is a double i-- on the first failure path due to the while loop\nhaving a i--, remove it.\n\nSecond if mana_ib_install_cq_cb() fails then mana_create_wq_obj() is not\nundone due to the above i--."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/34ecf795692ee57c393109f4a24ccc313091e137","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/8f23eb6c50f1a4bf32fc4d62cfb9fc39e8e586cf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/9a05a6798177e44dfbe18393be2c1ebb89ab06fd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/bb9cb36eaefa4dcb7c0d9f7a01e5c739abdd53a8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46127","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:28.250","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/ocrdma: Don't NULL deref uctx on errors in ocrdma_copy_pd_uresp()\n\nSashiko points out that pd->uctx isn't initialized until late in the\nfunction so all these error flow references are NULL and will crash. Use\nthe uctx that isn't NULL."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/34fbf48cf3b410d2a6e8c586fa952a36331ca5ba","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/75fc130664ae324e7b2f9ad3630e0f175e9ca6c8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/8832626a483439e207734e027afff322ccdf726e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/e01a957561f663d3b68d2fd233a4502e3367efcd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/ec44c00a4fe1327efa35083f98b39c01cb535a51","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46128","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:28.373","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nipmi: Check event message buffer response for bad data\n\nThe event message buffer response data size got checked later when\nprocessing, but check it right after the response comes back.  It\nappears some BMCs may return an empty message instead of an error\nwhen fetching events.\n\nThere are apparently some new BMCs that make this error, so we need to\ncompensate."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/2418e4b21fb1355504d095da5d5f0a210564a43d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/24269264c3d59a49eb09b10af2c75b14f2931482","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/36920f30e78e69df01f9691c470b6f3ba8aebf98","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/42432b579a594b66ac32e5e7b7c26e6bc578ec89","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/7f7ada72c07a83b46045ddfeee526bd9e2e3c8f0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46130","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:28.570","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndm-verity-fec: fix reading parity bytes split across blocks (take 3)\n\nfec_decode_bufs() assumes that the parity bytes of the first RS codeword\nit decodes are never split across parity blocks.\n\nThis assumption is false.  Consider v->fec->block_size == 4096 &&\nv->fec->roots == 17 && fio->nbufs == 1, for example.  In that case, each\ncall to fec_decode_bufs() consumes v->fec->roots * (fio->nbufs <<\nDM_VERITY_FEC_BUF_RS_BITS) = 272 parity bytes.\n\nConsidering that the parity data for each message block starts on a\nblock boundary, the byte alignment in the parity data will iterate\nthrough 272*i mod 4096 until the 3 parity blocks have been consumed.  On\nthe 16th call (i=15), the alignment will be 4080 bytes into the first\nblock.  Only 16 bytes remain in that block, but 17 parity bytes will be\nneeded.  The code reads out-of-bounds from the parity block buffer.\n\nFortunately this doesn't normally happen, since it can occur only for\ncertain non-default values of fec_roots *and* when the maximum number of\nbuffers couldn't be allocated due to low memory.  For example with\nblock_size=4096 only the following cases are affected:\n\n    fec_roots=17: nbufs in [1, 3, 5, 15]\n    fec_roots=19: nbufs in [1, 229]\n    fec_roots=21: nbufs in [1, 3, 5, 13, 15, 39, 65, 195]\n    fec_roots=23: nbufs in [1, 89]\n\nRegardless, fix it by refactoring how the parity blocks are read."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/3d1b4e2d8ac0a1a1390a117f61ce0ca1c47e3bcb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/430a05cb926f6bdf53e81460a2c3a553257f3f61","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46131","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:28.663","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: check for nEPT/nNPT in slow flush hypercalls\n\nChecking is_guest_mode(vcpu) is incorrect, because translate_nested_gpa()\nis only valid if an L2 guest is running *with nested EPT/NPT enabled*.\nInstead use the same condition as translate_nested_gpa() itself."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/45fc766bc756ff1d66f8ca026a9c4f7f764adfae","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/464af6fc2b1dcc74005b7f58ee3812b17777efee","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/4c7f8436b19a2a3acc0cb6b6e3becd6796ae5c57","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/971f17f5d91045404e3914029ea57c3da90179a4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/d6f4e217d663ede5becc2fd6cb612c749677387b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46132","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:28.753","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rtnetlink: zero ifla_vf_broadcast to avoid stack infoleak in rtnl_fill_vfinfo\n\nrtnl_fill_vfinfo() declares struct ifla_vf_broadcast on the stack\nwithout initialisation:\n\n\tstruct ifla_vf_broadcast vf_broadcast;\n\nThe struct contains a single fixed 32-byte field:\n\n\t/* include/uapi/linux/if_link.h */\n\tstruct ifla_vf_broadcast {\n\t\t__u8 broadcast[32];\n\t};\n\nThe function then copies dev->broadcast into it using dev->addr_len\nas the length:\n\n\tmemcpy(vf_broadcast.broadcast, dev->broadcast, dev->addr_len);\n\nOn Ethernet devices (the overwhelming majority of SR-IOV NICs)\ndev->addr_len is 6, so only the first 6 bytes of broadcast[] are\nwritten. The remaining 26 bytes retain whatever was previously on\nthe kernel stack. The full struct is then handed to userspace via:\n\n\tnla_put(skb, IFLA_VF_BROADCAST,\n\t\tsizeof(vf_broadcast), &vf_broadcast)\n\nleaking up to 26 bytes of uninitialised kernel stack per VF per\nRTM_GETLINK request, repeatable.\n\nThe other vf_* structs in the same function are explicitly zeroed\nfor exactly this reason - see the memset() calls for ivi,\nvf_vlan_info, node_guid and port_guid a few lines above.\nvf_broadcast was simply missed when it was added.\n\nReachability: any unprivileged local process can open AF_NETLINK /\nNETLINK_ROUTE without capabilities and send RTM_GETLINK with an\nIFLA_EXT_MASK attribute carrying RTEXT_FILTER_VF. The kernel walks\neach VF and emits IFLA_VF_BROADCAST, leaking 26 bytes of stack per\nVF per request. Stack residue at this call site can include return\naddresses and transient sensitive data; KASAN with stack\ninstrumentation, or KMSAN, will flag the nla_put() when reproduced.\n\nZero the on-stack struct before the partial memcpy, matching the\nexisting pattern used for the other vf_* structs in the same\nfunction."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/0653c0516234c8258975d268a749115fc0f0ff00","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/38bcc21f52246badb3154b6158dcb381d98de011","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/4b9e327991815e128ad3af75c3a04630a63ce3e0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/c5b1b92ab7eff1a6e8c507ddde6fd02fabd0cfa8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/fbe0e6197225e6a83cf113a67a4b425f8de0bcd5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46134","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:28.970","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/chrome: cros_ec_typec: Init mutex in Thunderbolt registration\n\ncros_typec_register_thunderbolt() missed initializing the `adata->lock`\nmutex.  This leads to a NULL dereference when the mutex is later\nacquired (e.g. in cros_typec_altmode_work()).\n\nInitialize the mutex in cros_typec_register_thunderbolt() to fix the\nissue."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/23ae72e8c2f1c1d1da8cbd479320ddcfcc9c7435","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/3b13d5883a097f538fccbab1c61c95546d29621f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/525cb7ba6661074c1c5cc3772bccc6afab6791ef","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46136","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:29.160","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7921: fix a potential clc buffer length underflow\n\nThe buf_len is used to limit the iterations for retrieving the country\npower setting and may underflow under certain conditions due to changes\nin the power table in CLC.\n\nThis underflow leads to an almost infinite loop or an invalid power\nsetting resulting in driver initialization failure."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/0aa63d33742b805d1a218d18d12b983cce4b2f7b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/5373f8b19e568b5c217832b9bbef165bd2b2df14","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/90cc573fd2f46ddbc2c329e7814b5ba3deb7b939","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/a0111847f0b4f6023f6dd320114697514e024ba3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/e451c325b000b9a0081fd93bc6d103d6943d4b55","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46139","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:29.470","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: use kzalloc to zero-initialize security descriptor buffer\n\nCommit 62e7dd0a39c2d (\"smb: common: change the data type of num_aces\nto le16\") split struct smb_acl's __le32 num_aces field into __le16\nnum_aces and __le16 reserved. The reserved field corresponds to Sbz2\nin the MS-DTYP ACL wire format, which must be zero [1].\n\nWhen building an ACL descriptor in build_sec_desc(), we are using a\nkmalloc()'ed descriptor buffer and writing the fields explicitly using\nle16() writes now. This never writes to the 2 byte reserved field,\nleaving it as uninitialized heap data.\n\nWhen the reserved field happens to contain non-zero slab garbage,\nSamba rejects the security descriptor with \"ndr_pull_security_descriptor\nfailed: Range Error\", causing chmod to fail with EINVAL.\n\nChange kmalloc() to kzalloc() to ensure the entire buffer is\nzero-initialized.\n\n\n[1] https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/20233ed8-a6c6-4097-aafa-dd545ed24428"}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/4c3ed344a970aad51388ac3b0145b98318f0e21f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/5e489c6c47a2ac15edbaca153b9348e42c1eacab","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/941a1e6eb35440336913afc88a82103291956d5d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/9bdb2ca31368b7671949dfb94a5d57ffccd01edd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/be1ef9512a3f5a755895c24f31b334342f4aa15b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46140","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:29.580","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btmtk: validate WMT event SKB length before struct access\n\nbtmtk_usb_hci_wmt_sync() casts the WMT event response SKB data to\nstruct btmtk_hci_wmt_evt (7 bytes) and struct btmtk_hci_wmt_evt_funcc\n(9 bytes) without first checking that the SKB contains enough data.\nA short firmware response causes out-of-bounds reads from SKB tailroom.\n\nUse skb_pull_data() to validate and advance past the base WMT event\nheader. For the FUNC_CTRL case, pull the additional status field bytes\nbefore accessing them."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/624fb79dadc1b65757986a9d0fdde5c0cf3fe179","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/634a4408c0615c523cf7531790f4f14a422b9206","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/70d37a8b9229e394cc17ddad47e90b81d80fcd09","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/c411cf1bfde951cfa821809cf4020ba177f76e0c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46141","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:29.680","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/xive: fix kmemleak caused by incorrect chip_data lookup\n\nThe kmemleak reports the following memory leak:\n\nUnreferenced object 0xc0000002a7fbc640 (size 64):\n  comm \"kworker/8:1\", pid 540, jiffies 4294937872\n  hex dump (first 32 bytes):\n    01 00 00 00 00 00 00 00 00 00 09 04 00 04 00 00  ................\n    00 00 a7 81 00 00 0a c0 00 00 08 04 00 04 00 00  ................\n  backtrace (crc 177d48f6):\n    __kmalloc_cache_noprof+0x520/0x730\n    xive_irq_alloc_data.constprop.0+0x40/0xe0\n    xive_irq_domain_alloc+0xd0/0x1b0\n    irq_domain_alloc_irqs_parent+0x44/0x6c\n    pseries_irq_domain_alloc+0x1cc/0x354\n    irq_domain_alloc_irqs_parent+0x44/0x6c\n    msi_domain_alloc+0xb0/0x220\n    irq_domain_alloc_irqs_locked+0x138/0x4d0\n    __irq_domain_alloc_irqs+0x8c/0xfc\n    __msi_domain_alloc_irqs+0x214/0x4d8\n    msi_domain_alloc_irqs_all_locked+0x70/0xf8\n    pci_msi_setup_msi_irqs+0x60/0x78\n    __pci_enable_msix_range+0x54c/0x98c\n    pci_alloc_irq_vectors_affinity+0x16c/0x1d4\n    nvme_pci_enable+0xac/0x9c0 [nvme]\n    nvme_probe+0x340/0x764 [nvme]\n\nThis occurs when allocating MSI-X vectors for an NVMe device. During\nallocation the XIVE code creates a struct xive_irq_data and stores it\nin irq_data->chip_data.\n\nWhen the MSI-X irqdomain is later freed, xive_irq_free_data() is\nresponsible for retrieving this structure and freeing it. However,\nafter commit cc0cc23babc9 (\"powerpc/xive: Untangle xive from child\ninterrupt controller drivers\"), xive_irq_free_data() retrieves the\nchip_data using irq_get_chip_data(), which looks up the data through\nthe child domain.\n\nThis is incorrect because the XIVE-specific irq data is associated with\nthe XIVE (parent) domain. As a result the lookup fails and the allocated\nstruct xive_irq_data is never freed, leading to the kmemleak report\nshown above.\n\nFix this by retrieving the irq_data from the correct domain using\nirq_domain_get_irq_data() and then accessing the chip_data via\nirq_data_get_irq_chip_data()."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/2546fb8c9acc8c7512ed4339ce2a982cb7407065","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/6771c54728c278bf1e4bfdab4fddbbb186e33498","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/e66ed135cdf23a318e9727dca48f98f7f6142f78","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46142","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:29.790","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: libwx: fix VF illegal register access\n\nRegister WX_CFG_PORT_ST is a PF restricted register. When a VF is\ninitialized, attempting to read this register triggers an illegal\nregister access, which lead to a system hang.\n\nWhen the device is VF, the bus function ID can be obtained directly from\nthe PCI_FUNC(pdev->devfn)."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/33c5bb50b9c40e8451e6aec4487a31d794b98d92","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/68a007a701bc06fa426507c551ef12514f2e721d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/694de316f607fe2473d52ca0707e3918e72c1562","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/d3bd8040497968f6f5470018724ef7b0df92f707","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/f6e656f7cea16b638675a2ab7d7e4cf2516c5eb0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46143","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:29.903","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: qcom: q6apm-lpass-dai: Fix multiple graph opens\n\nAs prepare can be called mulitple times, this can result in multiple\ngraph opens for playback path.\n\nThis will result in a memory leaks, fix this by adding a check before\nopening."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/3141d8b00cad6d3331953c79060ccc3a0262311b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/69acc488aaf39d0ddf6c3cf0e47c1873d39919a2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/7cab9f2ad51c858263da836baebad050a1bc7914","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/b97493f0f42ab9d882a62466782e1900e481a9d6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/c91b7bcc70346d07f57ef03d1b9a338324e213de","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46144","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:30.013","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mana: Fix error unwind in mana_ib_create_qp_rss()\n\nSashiko points out that mana_ib_cfg_vport_steering() is leaked, the normal\ndestroy path cleans it up."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/190e570cc0fc7f57eacf80d2b854ba54b4dfad6b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/30e8a2f33815d8f51b8f8b829c07af16c671cc27","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/6aaa978c6b6218cfac15fe1dab17c76fe229ce3f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/726af85ea4af750b2f75095e24e3cd99797344cb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/ab64c63b460bbd0521480bf90d5695783f5e66bc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46146","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:30.203","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Avoid potential endless loop in convert_chmap_v3()\n\nThe convert_chmap_v3() has a loop with its increment size of\ncs_desc->wLength, but we forgot to validate cs_desc->wLength itself,\nwhich may lead to potential endless loop by a malformed descriptor.\n\nAdd a proper size check to abort the loop for plugging the hole."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/4e0ee232ebe3df04874125d7c7f3e6c25ea5483d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/6e7247d8f5fefeceb0bb9cc80a5388a636b219cd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/be09b47ed8677d76962e3240c145502e2ad9f3c8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/e0e3dcf48189603f3865f1a0b799b3b42baae96d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/fa5b19ce69067874b1413f3c2027563bae8c2cb3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46147","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:30.320","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Fix pin leak and publication ordering in __pkvm_init_vcpu()\n\nTwo bugs exist in the vCPU initialisation path:\n\n1. If a check fails after hyp_pin_shared_mem() succeeds, the cleanup\n   path jumps to 'unlock' without calling unpin_host_vcpu() or\n   unpin_host_sve_state(), permanently leaking pin references on the\n   host vCPU and SVE state pages.\n\n   Extract a register_hyp_vcpu() helper that performs the checks and\n   the store. When register_hyp_vcpu() returns an error, call\n   unpin_host_vcpu() and unpin_host_sve_state() inline before falling\n   through to the existing 'unlock' label.\n\n2. register_hyp_vcpu() publishes the new vCPU pointer into\n   'hyp_vm->vcpus[]' with a bare store, allowing a concurrent caller\n   of pkvm_load_hyp_vcpu() to observe a partially initialised vCPU\n   object.\n\n   Ensure the store uses smp_store_release() and the load uses\n   smp_load_acquire(). While 'vm_table_lock' currently serialises the\n   store and the load, these barriers ensure the reader sees the fully\n   initialised 'hyp_vcpu' object even if there were a lockless path or\n   if the lock's own ordering guarantees were insufficient for nested\n   object initialization."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/6d69c0ed978f7f0efd053fc98390f25ab77c1aea","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/73b9c1e5da84cd69b1a86e374e450817cd051371","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/7d3c27b54253cda91dc4d2c1bfc109c490837ab9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46148","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:30.410","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nspi: microchip-core-qspi: control built-in cs manually\n\nThe coreQSPI IP supports only a single chip select, which is\nautomagically operated by the hardware - set low when the transmit\nbuffer first gets written to and set high when the number of bytes\nwritten to the TOTALBYTES field of the FRAMES register have been sent on\nthe bus. Additional devices must use GPIOs for their chip selects.\nIt was reported to me that if there are two devices attached to this\nQSPI controller that the in-built chip select is set low while linux\ntries to access the device attached to the GPIO.\n\nThis went undetected as the boards that connected multiple devices to\nthe SPI controller all exclusively used GPIOs for chip selects, not\nrelying on the built-in chip select at all. It turns out that this was\nbecause the built-in chip select, when controlled automagically, is set\nlow when active and high when inactive, thereby ruling out its use for\nactive-high devices or devices that need to transmit with the chip\nselect disabled.\n\nModify the driver so that it controls chip select directly, retaining\nthe behaviour for mem_ops of setting the chip select active for the\nentire duration of the transfer in the exec_op callback. For regular\ntransfers, implement the set_cs callback for the core to use.\n\nAs part of this, the existing setup callback, mchp_coreqspi_setup_op(),\nis removed. Modifying the CLKIDLE field is not safe to do during\noperation when there are multiple devices, so this code is removed\nentirely. Setting the MASTER and ENABLE fields is something that can be\ndone once at probe, it doesn't need to be re-run for each device.\nInstead the new setup callback sets the built-in chip select to its\ninactive state for active-low devices, as the reset value of the chip\nselect in software controlled mode is low."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/7672749e1496215e8683ce57cf323119033954cf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/998f43196d732f20f9b71eb6ebd973736c9fa911","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/ee3c99aa102212ad59dc2c19595515c4a6729307","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46151","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:30.723","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nusb: usblp: fix heap leak in IEEE 1284 device ID via short response\n\nusblp_ctrl_msg() collapses the usb_control_msg() return value to\n0/-errno, discarding the actual number of bytes transferred.  A broken\nprinter can complete the GET_DEVICE_ID control transfer short and the\ndriver has no way to know.\n\nusblp_cache_device_id_string() reads the 2-byte big-endian length prefix\nfrom the response and trusts it (clamped only to the buffer bounds).\nThe buffer is kmalloc(1024) at probe time. A device that sends exactly\ntwo bytes (e.g. 0x03 0xFF, claiming a 1023-byte ID) leaves\ndevice_id_string[2..1022] holding stale kmalloc heap.\n\nThat stale data is then exposed:\n  - via the ieee1284_id sysfs attribute (sprintf(\"%s\", buf+2), truncated\n    at the first NUL in the stale heap), and\n  - via the IOCNR_GET_DEVICE_ID ioctl, which copy_to_user()s the full\n    claimed length regardless of NULs, up to 1021 bytes of uninitialized\n    heap, with the leak size chosen by the device.\n\nFix this up by just zapping the buffer with zeros before each request\nsent to the device."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/522d17e93a85575256894212d10e5a1fa6f36529","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/6d8142141c942c0d8e79343cffda9c44bb1f3f4f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/6e29c32a27218f2dcd4a4e9b0b3c5e7728640698","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/7a400c6fe3617e31e690e3f7ca37bb335e0498f3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/8247f52d822180e94ccbfdab91613af386a4e34d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46153","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:30.947","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\n8021q: delete cleared egress QoS mappings\n\nvlan_dev_set_egress_priority() currently keeps cleared egress\npriority mappings in the hash as tombstones. Repeated set/clear cycles\nwith distinct skb priorities therefore accumulate mapping nodes until\ndevice teardown and leak memory.\n\nDelete mappings when vlan_prio is cleared instead of keeping tombstones.\nNow that the egress mapping lists are RCU protected, the node can be\nunlinked safely and freed after a grace period."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/7dddc74af369478ba7f9bc136d0fc1dc4570cb66","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/a52e122c9e4d56ad9a03b32c915a199276d989c3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46156","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:31.233","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: Fix potential ADE in loongson_gpu_fixup_dma_hang()\n\nThe switch case in loongson_gpu_fixup_dma_hang() may not DC2 or DC3, and\nreadl(crtc_reg) will access with random address, because the \"device\" is\nfrom \"base+PCI_DEVICE_ID\", \"base\" is from \"pdev->devfn+1\". This is wrong\nwhen my platform inserts a discrete GPU:\n\nlspci -tv\n-[0000:00]-+-00.0  Loongson Technology LLC Hyper Transport Bridge Controller\n...\n           +-06.0  Loongson Technology LLC LG100 GPU\n           +-06.2  Loongson Technology LLC Device 7a37\n...\n\nAdd a default switch case to fix the panic as below:\n\n Kernel ade access[#1]:\n CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.6.136-loong64-desktop-hwe+ #4\n pc 90000000017e5534 ra 90000000017e54c0 tp 90000001002f8000 sp 90000001002fb6c0\n a0 80000efe00003100 a1 0000000000003100 a2 0000000000000000 a3 0000000000000002\n a4 90000001002fb6b4 a5 900000087cdb58fd a6 90000000027af000 a7 0000000000000001\n t0 00000000000085b9 t1 000000000000ffff t2 0000000000000000 t3 0000000000000000\n t4 fffffffffffffffd t5 00000000fffb6d9c t6 0000000000083b00 t7 00000000000070c0\n t8 900000087cdb4d94 u0 900000087cdb58fd s9 90000001002fb826 s0 90000000031c12c8\n s1 7fffffffffffff00 s2 90000000031c12d0 s3 0000000000002710 s4 0000000000000000\n s5 0000000000000000 s6 9000000100053000 s7 7fffffffffffff00 s8 90000000030d4000\n    ra: 90000000017e54c0 loongson_gpu_fixup_dma_hang+0x40/0x210\n   ERA: 90000000017e5534 loongson_gpu_fixup_dma_hang+0xb4/0x210\n  CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE)\n  PRMD: 00000004 (PPLV0 +PIE -PWE)\n  EUEN: 00000000 (-FPE -SXE -ASXE -BTE)\n  ECFG: 00071c1d (LIE=0,2-4,10-12 VS=7)\n ESTAT: 00480000 [ADEM] (IS= ECode=8 EsubCode=1)\n  BADV: 7fffffffffffff00\n  PRID: 0014d000 (Loongson-64bit, Loongson-3A6000-HV)\n Modules linked in:\n Process swapper/0 (pid: 1, threadinfo=(____ptrval____), task=(____ptrval____))\n Stack : 0000000000000006 90000001002fb778 90000001002fb704 0000000000000007\n         0000000016a65700 90000000017e5690 000000000000ffff ffffffffffffffff\n         900000000209f7c0 9000000100053000 900000000209f7a8 9000000000eebc08\n         0000000000000000 0000000000000000 0000000000000006 90000001002fb778\n         90000001000530b8 90000000027af000 0000000000000000 9000000100054000\n         9000000100053000 9000000000ebb70c 9000000100004c00 9000000004000001\n         90000001002fb7e4 bae765461f31cb12 0000000000000000 0000000000000000\n         0000000000000006 90000000027af000 0000000000000030 90000000027af000\n         900000087cd6f800 9000000100053000 0000000000000000 9000000000ebc560\n         7a2500147cdaf720 bae765461f31cb12 0000000000000001 0000000000000030\n         ...\n Call Trace:\n [<90000000017e5534>] loongson_gpu_fixup_dma_hang+0xb4/0x210\n [<9000000000eebc08>] pci_fixup_device+0x108/0x280\n [<9000000000ebb70c>] pci_setup_device+0x24c/0x690\n [<9000000000ebc560>] pci_scan_single_device+0xe0/0x140\n [<9000000000ebc684>] pci_scan_slot+0xc4/0x280\n [<9000000000ebdd00>] pci_scan_child_bus_extend+0x60/0x3f0\n [<9000000000f5bc94>] acpi_pci_root_create+0x2b4/0x420\n [<90000000017e5e74>] pci_acpi_scan_root+0x2d4/0x440\n [<9000000000f5b02c>] acpi_pci_root_add+0x21c/0x3a0\n [<9000000000f4ee54>] acpi_bus_attach+0x1a4/0x3c0\n [<90000000010e200c>] device_for_each_child+0x6c/0xe0\n [<9000000000f4bbf4>] acpi_dev_for_each_child+0x44/0x70\n [<9000000000f4ef40>] acpi_bus_attach+0x290/0x3c0\n [<90000000010e200c>] device_for_each_child+0x6c/0xe0\n [<9000000000f4bbf4>] acpi_dev_for_each_child+0x44/0x70\n [<9000000000f4ef40>] acpi_bus_attach+0x290/0x3c0\n [<9000000000f5211c>] acpi_bus_scan+0x6c/0x280\n [<900000000189c028>] acpi_scan_init+0x194/0x310\n [<900000000189bc6c>] acpi_init+0xcc/0x140\n [<9000000000220cdc>] do_one_initcall+0x4c/0x310\n [<90000000018618fc>] kernel_init_freeable+0x258/0x2d4\n [<900000000184326c>] kernel_init+0x28/0x13c\n [<9000000000222008>] ret_from_kernel_thread+0xc/0xa4"}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/07d190e4ec689d6478f7f5e36099fb9bf457e7c5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/2cb19b06c09983727573bbe7d7430cbad480a714","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/81fef1c278436e6bd68ee4ca05a0acb96e256561","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/8dfa2f8780e486d05b9a0ffce70b8f5fbd62053e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/9e1aed63a5552958ef2a9bfd699a3f990e52a77f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46158","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:31.460","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: ADD_ADDR rtx: always decrease sk refcount\n\nWhen an ADD_ADDR is retransmitted, the sk is held in sk_reset_timer().\nIt should then be released in all cases at the end.\n\nSome (unlikely) checks were returning directly instead of calling\nsock_put() to decrease the refcount. Jump to a new 'exit' label to call\n__sock_put() (which will become sock_put() in the next commit) to fix\nthis potential leak.\n\nWhile at it, drop the '!msk' check which cannot happen because it is\nnever reset, and explicitly mark the remaining one as \"unlikely\"."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/25e37407442b8766ec2cf52fb4e31b5c3d3aeeae","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/9634cb35af17019baec21ca648516ce376fa10e6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/acd3d3562315c99f3c0db16f0fcc5f0306638982","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46159","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:31.553","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix btrfs_ioctl_space_info() slot_count TOCTOU which can lead to info-leak\n\nbtrfs_ioctl_space_info() has a TOCTOU race between two passes over the\nblock group RAID type lists. The first pass counts entries to determine\nthe allocation size, then the second pass fills the buffer. The\ngroups_sem rwlock is released between passes, allowing concurrent block\ngroup removal to reduce the entry count.\n\nWhen the second pass fills fewer entries than the first pass counted,\ncopy_to_user() copies the full alloc_size bytes including trailing\nuninitialized kmalloc bytes to userspace.\n\nFix by copying only total_spaces entries (the actually-filled count from\nthe second pass) instead of alloc_size bytes, and switch to kzalloc so\nany future copy size mismatch cannot leak heap data."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/4fdc6ee0802121d9cd96b8d085e589f51e5a4ec3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/5d12e0ab009ade48c1bff9324fd9bea2c773d088","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/973e57c726c1f8e77259d1c8e519519f1e9aea77","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/d09d67d5de577cedae3de9497dff217e0ac8b641","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/f5ee467b56764964027c361641f64953fc0f8f9a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46160","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:31.647","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix missing last_unlink_trans update when removing a directory\n\nWhen removing a directory we are not updating its last_unlink_trans field,\nwhich can result in incorrect fsync behaviour in case some one fsyncs the\ndirectory after it was removed because it's holding a file descriptor on\nit.\n\nExample scenario:\n\n   mkdir /mnt/dir1\n   mkdir /mnt/dir1/dir2\n   mkdir /mnt/dir3\n\n   sync -f /mnt\n\n   # Do some change to the directory and fsync it.\n   chmod 700 /mnt/dir1\n   xfs_io -c fsync /mnt/dir1\n\n   # Move dir2 out of dir1 so that dir1 becomes empty.\n   mv /mnt/dir1/dir2 /mnt/dir3/\n\n   open fd on /mnt/dir1\n   call rmdir(2) on path \"/mnt/dir1\"\n   fsync fd\n\n   <trigger power failure>\n\nWhen attempting to mount the filesystem, the log replay will fail with\nan -EIO error and dmesg/syslog has the following:\n\n   [445771.626482] BTRFS info (device dm-0): first mount of filesystem 0368bbea-6c5e-44b5-b409-09abe496e650\n   [445771.626486] BTRFS info (device dm-0): using crc32c checksum algorithm\n   [445771.627912] BTRFS info (device dm-0): start tree-log replay\n   [445771.628335] page: refcount:2 mapcount:0 mapping:0000000061443ddc index:0x1d00 pfn:0x7072a5\n   [445771.629453] memcg:ffff89f400351b00\n   [445771.629892] aops:btree_aops [btrfs] ino:1\n   [445771.630737] flags: 0x17fffc00000402a(uptodate|lru|private|writeback|node=0|zone=2|lastcpupid=0x1ffff)\n   [445771.632359] raw: 017fffc00000402a fffff47284d950c8 fffff472907b7c08 ffff89f458e412b8\n   [445771.633713] raw: 0000000000001d00 ffff89f6c51d1a90 00000002ffffffff ffff89f400351b00\n   [445771.635029] page dumped because: eb page dump\n   [445771.635825] BTRFS critical (device dm-0): corrupt leaf: root=5 block=30408704 slot=10 ino=258, invalid nlink: has 2 expect no more than 1 for dir\n   [445771.638088] BTRFS info (device dm-0): leaf 30408704 gen 10 total ptrs 17 free space 14878 owner 5\n   [445771.638091] BTRFS info (device dm-0): refs 4 lock_owner 0 current 3581087\n   [445771.638094] \titem 0 key (256 INODE_ITEM 0) itemoff 16123 itemsize 160\n   [445771.638097] \t\tinode generation 3 transid 9 size 16 nbytes 16384\n   [445771.638098] \t\tblock group 0 mode 40755 links 1 uid 0 gid 0\n   [445771.638100] \t\trdev 0 sequence 2 flags 0x0\n   [445771.638102] \t\tatime 1775744884.0\n   [445771.660056] \t\tctime 1775744885.645502983\n   [445771.660058] \t\tmtime 1775744885.645502983\n   [445771.660060] \t\totime 1775744884.0\n   [445771.660062] \titem 1 key (256 INODE_REF 256) itemoff 16111 itemsize 12\n   [445771.660064] \t\tindex 0 name_len 2\n   [445771.660066] \titem 2 key (256 DIR_ITEM 1843588421) itemoff 16077 itemsize 34\n   [445771.660068] \t\tlocation key (259 1 0) type 2\n   [445771.660070] \t\ttransid 9 data_len 0 name_len 4\n   [445771.660075] \titem 3 key (256 DIR_ITEM 2363071922) itemoff 16043 itemsize 34\n   [445771.660076] \t\tlocation key (257 1 0) type 2\n   [445771.660077] \t\ttransid 9 data_len 0 name_len 4\n   [445771.660078] \titem 4 key (256 DIR_INDEX 2) itemoff 16009 itemsize 34\n   [445771.660079] \t\tlocation key (257 1 0) type 2\n   [445771.660080] \t\ttransid 9 data_len 0 name_len 4\n   [445771.660081] \titem 5 key (256 DIR_INDEX 3) itemoff 15975 itemsize 34\n   [445771.660082] \t\tlocation key (259 1 0) type 2\n   [445771.660083] \t\ttransid 9 data_len 0 name_len 4\n   [445771.660084] \titem 6 key (257 INODE_ITEM 0) itemoff 15815 itemsize 160\n   [445771.660086] \t\tinode generation 9 transid 9 size 8 nbytes 0\n   [445771.660087] \t\tblock group 0 mode 40777 links 1 uid 0 gid 0\n   [445771.660088] \t\trdev 0 sequence 2 flags 0x0\n   [445771.660089] \t\tatime 1775744885.641174097\n   [445771.660090] \t\tctime 1775744885.645502983\n   [445771.660091] \t\tmtime 1775744885.645502983\n   [445771.660105] \t\totime 1775744885.641174097\n   [445771.660106] \titem 7 key (257 INODE_REF 256) itemoff 15801 itemsize 14\n   [445771.660107] \t\tindex 2 name_len 4\n   [445771.660108] \titem 8 key (257 DIR_ITEM 2676584006) itemoff 15767 itemsize 34\n   [445771.660109] \t\tlocation key (2\n---truncated---"}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/36fcc2c7517f8a86379154c9793f867592aa8b7e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/999757231c49376cd1a37308d2c8c4c9932571e1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/aa9c3ecaf7337df3a689318584f879b5339ede0f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/cc3c0a0f965754ce230d93ba44ee5b34fbe6138a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/fb388eb58c1ba047ccabc33901839acfecadcf49","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46161","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:31.770","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid10: fix divide-by-zero in setup_geo() with zero far_copies\n\nsetup_geo() extracts near_copies (nc) and far_copies (fc) from the\nuser-provided layout parameter without checking for zero. When fc=0\nwith the \"improved\" far set layout selected, 'geo->far_set_size =\ndisks / fc' triggers a divide-by-zero.\n\nValidate nc and fc immediately after extraction, returning -1 if\neither is zero."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/4af2e558e6fdfb972c61350653fd55d1f62b60a5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/913d556e4bd1b56ed822815655b82c7bb54edc51","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/9aa6d860b0930e2f72795665c42c44252a558a0c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/9d8e03b9a2b1e8ce5c198bf3a409a629f4d02cda","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/f9ddb621b2325eb69c95692958daf2bab4dea2c4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46162","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:31.860","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix double free in ice_sf_eth_activate() error path\n\nWhen auxiliary_device_add() fails, ice_sf_eth_activate() jumps to\naux_dev_uninit and calls auxiliary_device_uninit(&sf_dev->adev).\n\nThe device release callback ice_sf_dev_release() frees sf_dev, but\nthe current error path falls through to sf_dev_free and calls\nkfree(sf_dev) again, causing a double free.\n\nKeep kfree(sf_dev) for the auxiliary_device_init() failure path, but\navoid falling through to sf_dev_free after auxiliary_device_uninit()."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/121d1f253aed515cd85748f68c664a6cb756e8ad","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/2ca30340b5028ddc3f17086a538feeff06167b1b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/9aab1c3d7299285e2569cbc0ed5892d631a241b2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/d0c6a4816609f145ffcc74e64baa214c571c17c6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46163","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:31.950","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: b43legacy: enforce bounds check on firmware key index in RX path\n\nSame fix as b43: the firmware-controlled key index in b43legacy_rx()\ncan exceed dev->max_nr_keys. The existing B43legacy_WARN_ON is\nnon-enforcing in production builds, allowing an out-of-bounds read of\ndev->key[].\n\nMake the check enforcing by dropping the frame for invalid indices."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/1baaeb6adecb9691748c0253dab6ddd19a2b4e9e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/6ee946077607d7783ae6709a899213fc4fe08f35","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/9d1bc155802943e92c57a5fb923d23edfbf0b525","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/a035766f970bde2d4298346a31a80685be5c0205","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/fdd4e51979f42ca8b1ab7e6176b607e1caabf2a5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46165","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:32.143","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nopenvswitch: vport: fix self-deadlock on release of tunnel ports\n\nvports are used concurrently and protected by RCU, so netdev_put()\nmust happen after the RCU grace period.  So, either in an RCU call or\nafter the synchronize_net().  The rtnl_delete_link() must happen under\nRTNL and so can't be executed in RCU context.  Calling synchronize_net()\nwhile holding RTNL is not a good idea for performance and system\nstability under load in general, so calling netdev_put() in RCU call\nis the right solution here.\n\nHowever,\nwhen the device is deleted, rtnl_unlock() will call netdev_run_todo()\nand block until all the references are gone.  In the current code this\nmeans that we never reach the call_rcu() and the vport is never freed\nand the reference is never released, causing a self-deadlock on device\nremoval.\n\nFix that by moving the rcu_call() before the rtnl_unlock(), so the\nscheduled RCU callback will be executed when synchronize_net() is\ncalled from the rtnl_unlock()->netdev_run_todo() while the RTNL itself\nis already released."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/366c482965c673565ecb8bcfb15d5548f13a6a10","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/3df75fff46b1517eb479d8e6b8e3500763715dd0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/6522d59fb7de55ce0f0f285d962243ddffebb01f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/aa69918bd418e700309fdd08509dba324fb24296","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/c741433f6c8dcdecd1d9549d89053761fd1ea413","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46167","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:32.340","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nusb: usblp: fix uninitialized heap leak via LPGETSTATUS ioctl\n\nJust like in a previous problem in this driver, usblp_ctrl_msg() will\ncollapse the usb_control_msg() return value to 0/-errno, discarding the\nactual number of bytes transferred.\n\nIdeally that short command should be detected and error out, but many\nprinters are known to send \"incorrect\" responses back so we can't just\ndo that.\n\nstatusbuf is kmalloc(8) at probe time and never filled before the first\nLPGETSTATUS ioctl.\n\nusblp_read_status() requests 1 byte. If a malicious printer responds\nwith zero bytes, *statusbuf is one byte of stale kmalloc heap,\nsign-extended into the local int status, which the LPGETSTATUS path then\ncopy_to_user()s directly to the ioctl caller.\n\nFix this all by just zapping out the memory buffer when allocated at\nprobe time.  If a later call does a short read, the data will be\nidentical to what the device sent it the last time, so there is no\n\"leak\" of information happening."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/6b0e7438e31c74b01514d31ff35c1e688c4baaba","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/762a6ccf391db0d629e590a803a3a2231e17dd3f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/a502b997668401a6821501fc98b7f9220f9b6ff2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/b38e53cbfb9d84732e5984fbd73e128d592415c5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/d06d937b0a4cdb8867f04275c8100a8b943da31a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46168","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:32.440","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix scheduling with atomic in timestamp sockopt\n\nUsing lock_sock_fast() (atomic context) around sock_set_timestamp()\nand sock_set_timestamping() is unsafe, as both helpers can sleep.\n\nReplace lock_sock_fast() with sleepable lock_sock()/release_sock()\nto avoid scheduling while atomic panic."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/7eb513b42721bee4b96da69f6188d5a7783f210d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/8a005fe451c73fd2b3d1faa5643c11e6bd07acfc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/b157dab93a7af44a84e78cf0cb311dde475cff5b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/b5c52908d52c6c8eb8933264aa6087a0600fd892","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/ebeb70e29e37cfce899309cc2665a3bfe960ed94","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46169","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:32.537","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: fix uninit-value by validating catalog record size\n\nSyzbot reported a KMSAN uninit-value issue in hfsplus_strcasecmp(). The\nroot cause is that hfs_brec_read() doesn't validate that the on-disk\nrecord size matches the expected size for the record type being read.\n\nWhen mounting a corrupted filesystem, hfs_brec_read() may read less data\nthan expected. For example, when reading a catalog thread record, the\ndebug output showed:\n\n  HFSPLUS_BREC_READ: rec_len=520, fd->entrylength=26\n  HFSPLUS_BREC_READ: WARNING - entrylength (26) < rec_len (520) - PARTIAL READ!\n\nhfs_brec_read() only validates that entrylength is not greater than the\nbuffer size, but doesn't check if it's less than expected. It successfully\nreads 26 bytes into a 520-byte structure and returns success, leaving 494\nbytes uninitialized.\n\nThis uninitialized data in tmp.thread.nodeName then gets copied by\nhfsplus_cat_build_key_uni() and used by hfsplus_strcasecmp(), triggering\nthe KMSAN warning when the uninitialized bytes are used as array indices\nin case_fold().\n\nFix by introducing hfsplus_brec_read_cat() wrapper that:\n1. Calls hfs_brec_read() to read the data\n2. Validates the record size based on the type field:\n   - Fixed size for folder and file records\n   - Variable size for thread records (depends on string length)\n3. Returns -EIO if size doesn't match expected\n\nFor thread records, check against HFSPLUS_MIN_THREAD_SZ before reading\nnodeName.length to avoid reading uninitialized data at call sites that\ndon't zero-initialize the entry structure.\n\nAlso initialize the tmp variable in hfsplus_find_cat() as defensive\nprogramming to ensure no uninitialized data even if validation is\nbypassed."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/61a790974ff7e533acbceca06c7d02f22bf96d4d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/93e8d613f1a01b6637f387cc93f184cf7fb881d6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/a420904450962a562ad053a41a53a27755021b48","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/b6b592275aeff184aa82fcf6abccd833fb71b393","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/c91bbd6193c70a02c50c22e0fb1f60c3c5bd053a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46170","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:32.650","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: ADD_ADDR rtx: free sk if last\n\nWhen an ADD_ADDR is retransmitted, the sk is held in sk_reset_timer(),\nand released at the end.\n\nIf at that moment, it was the last reference being held, the sk would\nnot be freed. sock_put() should then be called instead of __sock_put().\n\nBut that's not enough: if it is the last reference, sock_put() will call\nsk_free(), which will end up calling sk_stop_timer_sync() on the same\ntimer, and waiting indefinitely to finish. So it is needed to mark that\nthe timer is done at the end of the timer handler when it has not been\nrescheduled, not to call sk_stop_timer_sync() on \"itself\"."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/8143a224785ceaf2b0856e08d4498916f38228fb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/b74ad20198652b6b39a761c277ba65ae82b1e107","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/b7b9a461569734d33d3259d58d2507adfac107ed","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46171","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:32.740","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: kvm: fix vector context allocation leak\n\nWhen the second kzalloc (host_context.vector.datap) fails in\nkvm_riscv_vcpu_alloc_vector_context, the first allocation\n(guest_context.vector.datap) is leaked. Free it before returning."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/1d57ab45ec5c0e22789de793bcf2a31ad6fb7d98","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/b7c958d7c1eb1cb9b2be7b5ee4129fcd66cec978","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/bd62c0f61bc722a097417401030c596cea8e21aa","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46172","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:32.830","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: xfrm6: release dst on error in xfrm6_rcv_encap()\n\nxfrm6_rcv_encap() performs an IPv6 route lookup when the skb does not\nalready have a dst attached. ip6_route_input_lookup() returns a\nreferenced dst entry even when the lookup resolves to an error route.\n\nIf dst->error is set, xfrm6_rcv_encap() drops the skb without attaching\nthe dst to the skb and without releasing the reference returned by the\nlookup. Repeated packets hitting this path therefore leak dst entries.\n\nRelease the dst before jumping to the drop path."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/554c9b090c8ac5b1c5c507f4badf8d5d0c9c6e13","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/6a5eec0a2a0e99ec9743cf8f1c4082178811d90a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/9d5047782f9bd2829e529df69209bf3232eb561f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/bc0fcb9823cd0894934cf968b525c575833d7078","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/c2efc4956981066df2fef1cc77391b523db6d8e4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46179","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:33.540","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: Don't allow pointer operations on unconfigured streams\n\nWhen reporting the pointer for a compressed stream we report the current\nI/O frame position by dividing the position by the number of channels\nmultiplied by the number of container bytes. These values default to 0 and\nare only configured as part of setting the stream parameters so this allows\na divide by zero to be configured. Validate that they are non zero,\nreturning an error if not"}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/0f0c0c1397a42aacaacae828206ee1b921623952","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/327a64241f30c74b6f35537eb9e1fc6c3cbe060b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/4f42dd01f5217465f23a763e27b3984e114d0972","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/98ed1383f597f8a45b6cb816bb20b96d46eeceda","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/c5b6285aae050ff1c3ea824ca3d88ac4be1e69c8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46180","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:33.643","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: Fix potential use-after-free issue when stopping watchdog task\n\nWatchdog task might end between send_sig() and kthread_stop() calls, what\nresults in the use-after-free issue. Fix this by increasing watchdog task\nreference count before calling send_sig() and dropping it by switching to\nkthread_stop_put()."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/658d2e46c2e9a8eb9b80c5e803ce3c89885b3366","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/908b92231e1ded53e43fcfad5e0704d83e1b803c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/c623b63580880cc742255eaed3d79804c1b91143","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/d16827cb1d3936f7627d0da6044483f743ebde03","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/ed4168d1a50fef5be8eca947fbbf05a28507d265","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46182","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:33.837","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\npseries/papr-hvpipe: Prevent kernel stack memory leak to userspace\n\nThe hdr variable is allocated on the stack and only hdr.version and\nhdr.flags are initialized explicitly. Because the struct papr_hvpipe_hdr\ncontains reserved padding bytes (reserved[3] and reserved2[40]), these\ncould leak the uninitialized bytes to userspace after copy_to_user().\n\nThis patch fixes that by initializing the whole struct to 0."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/0479b6e9f999cc1cbad7d9f09f574fc387e605d5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/cefeed44296261173a806bef988b26bc565da4be","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/f88f8e4485b437e0a2f96a7ff1f88aa22d925659","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46183","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:33.933","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/sysfs-schemes: protect path kfree() with damon_sysfs_lock\n\ndamon_sysfs_quot_goal->path can be read and written by users, via DAMON\nsysfs 'path' file.  It can also be indirectly read, for the parameters\n{on,off}line committing to DAMON.  The reads for parameters committing are\nprotected by damon_sysfs_lock to avoid the sysfs files being destroyed\nwhile any of the parameters are being read.  But the user-driven direct\nreads and writes are not protected by any lock, while the write is\ndeallocating the path-pointing buffer.  As a result, the readers could\nread the already freed buffer (user-after-free).  Note that the user-reads\ndon't race when the same open file is used by the writer, due to kernfs's\nopen file locking.  Nonetheless, doing the reads and writes with separate\nopen files would be common.  Fix it by protecting both the user-direct\nreads and writes with damon_sysfs_lock."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/a34ca3e33da4b924c66bcca3729bf68ec5936910","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/cf3b71421ca00807328c6d9cd242f9de3b77a4bf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46184","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:34.023","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nsound: ua101: fix division by zero at probe\n\nAdd a missing sanity check for bNrChannels in detect_usb_format()\nto prevent a division by zero in playback_urb_complete() and\ncapture_urb_complete().\n\nUSB core does not validate class-specific descriptor fields such\nas bNrChannels, so drivers must verify them before use. If a\ndevice provides bNrChannels = 0, frame_bytes becomes zero and is\nlater used as a divisor in the URB completion handlers, leading\nto a kernel crash."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/0ff2b713f406e9ecadb406014d74e7a020ac12b1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/593dd7e6c890d8e4ca21b3e2f796b7cb8e8da983","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/6162e8212e88c39492d981b248b5e37002486c66","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/d1f73f169c1014463b5060e3f60813e13ddc7b87","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/f1862dbf09080254c52175a448290c784dd7d3de","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46186","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:34.223","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: virtio_bt: validate rx pkt_type header length\n\nvirtbt_rx_handle() reads the leading pkt_type byte from the RX skb\nand forwards the remainder to hci_recv_frame() for every\nevent/ACL/SCO/ISO type, without checking that the remaining payload\nis at least the fixed HCI header for that type.\n\nAfter the preceding patch bounds the backend-supplied used.len to\n[1, VIRTBT_RX_BUF_SIZE], a one-byte completion still reaches\nhci_recv_frame() with skb->len already pulled to 0. If the byte\nhappened to be HCI_ACLDATA_PKT, the ACL-vs-ISO classification\nfast-path in hci_dev_classify_pkt_type() dereferences\nhci_acl_hdr(skb)->handle whenever the HCI device has an active\nCIS_LINK, BIS_LINK, or PA_LINK connection, reading two bytes of\nuninitialized RX-buffer data. The same hazard exists for every\npacket type the driver accepts because none of the switch cases in\nvirtbt_rx_handle() check skb->len against the per-type minimum HCI\nheader size before handing the frame to the core.\n\nAfter stripping pkt_type, require skb->len to cover the fixed\nheader size for the selected type (event 2, ACL 4, SCO 3, ISO 4)\nbefore calling hci_recv_frame(); drop ratelimited otherwise.\nUnknown pkt_type values still take the original kfree_skb() default\npath.\n\nUse bt_dev_err_ratelimited() because both the length and pkt_type\nvalues come from an untrusted backend that can otherwise flood the\nkernel log."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/1e1e509b6fd2a42421745bbcd98bd16daad20904","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/2c1143564c71e7497b42d8360a8379ccbb011d3c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/3485c7236c59c8c34a41af1c4b52982437554e79","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/daf23014e5d975e72ea9c02b5160d3fcf070ea47","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/f743eab6486965f276c7e3f1700895f014fdc6db","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46187","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:34.333","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rsi: fix kthread lifetime race between self-exit and external-stop\n\nRSI driver use both self-exit(kthread_complete_and_exit) and external-stop\n(kthread_stop) when killing a kthread. Generally, kthread_stop() is called\nfirst, and in this case, no particular issues occur.\n\nHowever, in rare instances where kthread_complete_and_exit() is called\nfirst and then kthread_stop() is called, a UAF occurs because the kthread\nobject, which has already exited and been freed, is accessed again.\n\nTherefore, to prevent this with minimal modification, you must remove\nkthread_stop() and change the code to wait until the self-exit operation\nis completed."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/16d9f674c619838bdeae42abc0929c9c5477ea1f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/4f4c9b13c485abd0a2d2c97f9db339d1dd8e147f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/4f9a4ae8d2c198f01611ea376034c326ef43ab56","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/95fcb436586dc3c2983537d557ac05bbc6a027f3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/db57a1aa54ff68669781976e4edb045e09e2b65b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46188","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:34.440","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nocteon_ep_vf: add NULL check for napi_build_skb()\n\nnapi_build_skb() can return NULL on allocation failure. In\n__octep_vf_oq_process_rx(), the result is used directly without a NULL\ncheck in both the single-buffer and multi-fragment paths, leading to a\nNULL pointer dereference.\n\nAdd NULL checks after both napi_build_skb() calls, properly advancing\ndescriptors and consuming remaining fragments on failure."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/60246cdd4c515ea7d920cddf48932efcb990773e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/6fef6640bbf360e254cc0174365ed30ce3a07572","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/b0f4711b426a06fb4c4be85c36b9f5588d5140d3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/dd66b42854705e4e4ee7f14d260f86c578bed3e3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46189","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:34.540","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/vmw_pvrdma: Fix double free on pvrdma_alloc_ucontext() error path\n\nSashiko points out that pvrdma_uar_free() is already called within\npvrdma_dealloc_ucontext(), so calling it before triggers a double free."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/0c63333ff97bd1275294fd12840a0efe9d7a4c59","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/45d25e3ec17900bf5a9d6876ff16ceee31c4c0e0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/935ee27d0904aa944cbcc979094c20e5ef62eead","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/e38e86995df27f1f854063dab1f0c6a513db3faf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/ecc36a82ecfcfdf3c6606d209f22ec5543c410e0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46191","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:34.740","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nfbcon: Avoid OOB font access if console rotation fails\n\nClear the font buffer if the reallocation during console rotation fails\nin fbcon_rotate_font(). The putcs implementations for the rotated buffer\nwill return early in this case. See [1] for an example.\n\nCurrently, fbcon_rotate_font() keeps the old buffer, which is too small\nfor the rotated font. Printing to the rotated console with a high-enough\ncharacter code will overflow the font buffer.\n\nv2:\n- fix typos in commit message"}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/594973a2e54924d8ba31c9faac669fc1ba6fcb80","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/7105d9f1387d63b15c9a860674fc92c959181f2f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/ab6c34b9829d5de03f1d08a47a2253729a6e7e27","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/b44cc78ff46b96e72d333a3be6aaaa0a14797263","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/e4ef723d8975a2694cc90733a6b888a5e2841842","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46192","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:34.837","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nspi: microchip-core-qspi: don't attempt to transmit during emulated read-only dual/quad operations\n\nThe core will deal with reads by creating clock cycles itself, there's\nno need to generate clock cycles by transmitting garbage data at the\ndriver level. Further, transmitting garbage data just bricks the transfer\nsince QSPI doesn't have a dedicated master-out line like MOSI in regular\nSPI. I'm not entirely sure if the transfer is bricked because of the\ngarbage data being transmitted on the bus or because the core loses\ntrack of whether it is supposed to be sending or receiving data."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/67184f361ab4d9fac6d2b8d5fed6649d496038a4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/eb56deaabf127e8985fc91fa6c97bf8a3b062844","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/ec9d0ddbde6003c303fa5e1d5cd48952852984d8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46193","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:34.923","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: ah: account for ESN high bits in async callbacks\n\nAH allocates its temporary auth/ICV layout differently when ESN is enabled:\nthe async ahash setup appends a 4-byte seqhi slot before the ICV or\nauth_data area, but the async completion callbacks still reconstruct the\ntemporary layout as if seqhi were absent.\n\nWith an async AH implementation selected, that makes AH copy or compare\nthe wrong bytes on both the IPv4 and IPv6 paths. In UML repro on IPv4 AH\nwith ESN and forced async hmac(sha1), ping fails with 100% packet loss,\nand the callback logs show the pre-fix drift:\n\n  ah4 output_done: esn=1 err=0 icv_off=20 expected_off=24\n  ah4 input_done: esn=1 auth_off=20 expected_auth_off=24 icv_off=32 expected_icv_off=36\n\nReconstruct the callback-side layout the same way the setup path built it\nby skipping the ESN seqhi slot before locating the saved auth_data or ICV.\nPer RFC 4302, the ESN high-order 32 bits participate in the AH ICV\ncomputation, so the async callbacks must account for the seqhi slot.\n\nPost-fix, the same IPv4 AH+ESN+forced-async-hmac(sha1) UML repro shows\nthe corrected offset (ah4 output_done: esn=1 err=0 icv_off=24\nexpected_off=24) and ping succeeds; net/ipv4/ah4.o and net/ipv6/ah6.o\nbuild clean at W=1. IPv6 AH+ESN was not exercised at runtime, and the\nchange has not been tested against a real async hardware AH engine."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/0555d4f526232b3c9e3afbcd490c0c0793aefec6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/2ffaa7a94f9a4d22724364a1821735a0231d9f8d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/729899a2aa8bda7844be0cdcd3b470f11b912eda","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/7db99a09b3bc87268287bc7ab5f2e7f382b5ad87","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/ec54093e6a8f87e800bb6aa15eb7fc1e33faa524","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46194","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:35.033","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix node_cnt race between extent node destroy and writeback\n\nf2fs_destroy_extent_node() does not set FI_NO_EXTENT before clearing\nextent nodes. When called from f2fs_drop_inode() with I_SYNC set,\nconcurrent kworker writeback can insert new extent nodes into the same\nextent tree, racing with the destroy and triggering f2fs_bug_on() in\n__destroy_extent_node(). The scenario is as follows:\n\ndrop inode                            writeback\n - iput\n  - f2fs_drop_inode  // I_SYNC set\n   - f2fs_destroy_extent_node\n    - __destroy_extent_node\n     - while (node_cnt) {\n        write_lock(&et->lock)\n        __free_extent_tree\n        write_unlock(&et->lock)\n                                       - __writeback_single_inode\n                                        - f2fs_outplace_write_data\n                                         - f2fs_update_read_extent_cache\n                                          - __update_extent_tree_range\n                                           // FI_NO_EXTENT not set,\n                                           // insert new extent node\n       } // node_cnt == 0, exit while\n     - f2fs_bug_on(node_cnt)  // node_cnt > 0\n\nAdditionally, __update_extent_tree_range() only checks FI_NO_EXTENT for\nEX_READ type, leaving EX_BLOCK_AGE updates completely unprotected.\n\nThis patch set FI_NO_EXTENT under et->lock in __destroy_extent_node(),\nconsistent with other callers (__update_extent_tree_range and\n__drop_extent_tree) and check FI_NO_EXTENT for both EX_READ and\nEX_BLOCK_AGE tree."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/0559a0e962aacbb47519e26ee663be04b72dcb92","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/42dd1c91f993431d0b399502479d00e6ad1bca71","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/ab1eaf9d5c99042f5b0243bf67a06283a4c0757f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/b0e4395870eb3441ddc959f6710b5f6ca61aff26","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/ed78aeebef05212ef7dca93bd931e4eff67c113f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46196","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:35.253","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ntracepoint: balance regfunc() on func_add() failure in tracepoint_add_func()\n\nWhen a tracepoint goes through the 0 -> 1 transition, tracepoint_add_func()\ninvokes the subsystem's ext->regfunc() before attempting to install the\nnew probe via func_add(). If func_add() then fails (for example, when\nallocate_probes() cannot allocate a new probe array under memory pressure\nand returns -ENOMEM), the function returns the error without calling the\nmatching ext->unregfunc(), leaving the side effects of regfunc() behind\nwith no installed probe to justify them.\n\nFor syscall tracepoints this is particularly unpleasant: syscall_regfunc()\nbumps sys_tracepoint_refcount and sets SYSCALL_TRACEPOINT on every task.\nAfter a leaked failure, the refcount is stuck at a non-zero value with no\nconsumer, and every task continues paying the syscall trace entry/exit\noverhead until reboot. Other subsystems providing regfunc()/unregfunc()\npairs exhibit similarly scoped persistent state.\n\nMirror the existing 1 -> 0 cleanup and call ext->unregfunc() in the\nfunc_add() error path, gated on the same condition used there so the\nunwind is symmetric with the registration."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/247ed8a969f981bfba3112fd4bb441eaa6cef59c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/2c5b8eeea006eb694c81631cd5713d494b80be90","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/342829e042ac00f3d68d442ea92873fb6683f494","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/7bcadb3c2bc1cf60690e931aadd35fb7bd646a49","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/fad217e16fded7f3c09f8637b0f6a224d58b5f2e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46200","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:35.677","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nspi: mpc52xx: fix controller deregistration\n\nMake sure to deregister the controller before disabling and releasing\nunderlying resources like interrupts and gpios during driver unbind."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/0f997fdae819a8c2cc83bd4ff7d935ad76c727c9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/28f28a0f4e327f792c230493a0ea00389ff68ff5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/7fea80d93bfd34051b2ac1cec07766c87d8d28be","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/a3669f678d0ee8b686d3eea4c0ed9817c9374945","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46202","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:35.860","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nHID: appletb-kbd: run inactivity autodim from workqueues\n\nThe autodim code in hid-appletb-kbd takes backlight_device->ops_lock\nvia backlight_device_set_brightness() -> mutex_lock() from two\ndifferent atomic contexts:\n\n * appletb_inactivity_timer() is a struct timer_list callback, so it\n   runs in softirq context.  Every expiry triggers\n\n     BUG: sleeping function called from invalid context at kernel/locking/mutex.c:591\n     Call Trace:\n      <IRQ>\n      __might_resched\n      __mutex_lock\n      backlight_device_set_brightness\n      appletb_inactivity_timer\n      call_timer_fn\n      run_timer_softirq\n\n * reset_inactivity_timer() is called from appletb_kbd_hid_event() and\n   appletb_kbd_inp_event().  On real USB hardware these run in\n   softirq/IRQ context (URB completion and input-event dispatch).\n   When the Touch Bar has already been dimmed or turned off, the\n   reset path calls backlight_device_set_brightness() directly to\n   restore brightness, producing the same warning.\n\nBoth call sites hit the same mutex_lock()-from-atomic bug.  Fix them\ntogether by moving the blocking work onto the system workqueue:\n\n * Convert the inactivity timer from struct timer_list to\n   struct delayed_work; the callback (appletb_inactivity_work) now\n   runs in process context where mutex_lock() is legal.\n * Add a dedicated struct work_struct restore_brightness_work and have\n   reset_inactivity_timer() schedule it instead of calling\n   backlight_device_set_brightness() directly.\n\nCancel both works synchronously during driver tear-down alongside the\nexisting backlight reference drop.\n\nThe semantics are unchanged (same delays, same state transitions on\ndim, turn-off and user activity); only the execution context of the\nsleeping call changes.  The timer field and callback are renamed to\nmatch their new type; reset_inactivity_timer() keeps its name because\nit is invoked from input event paths that read naturally as \"reset\nthe inactivity timer\"."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/1654e53349d4e657b331de354313461f401f5063","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/2473a334c292af257ef68e33bc7760f4a8251812","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/5c0830323689ef15224f0025276176988861b3b0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46203","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:35.960","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nspi: cadence-quadspi: fix unclocked access on unbind\n\nMake sure that the controller is runtime resumed before disabling it\nduring driver unbind to avoid an unclocked register access.\n\nThis issue was flagged by Sashiko when reviewing a controller\nderegistration fix."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/233db2cb14db8b1935dda52a6affd97276462b82","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/d67a5311818b3e6481a1e4293c9337ebfee73111","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46207","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:36.340","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/virtio: fix empty payload in tap skb for non-linear buffers\n\nFor non-linear skbs, virtio_transport_build_skb() goes through\nvirtio_transport_copy_nonlinear_skb() to copy the original payload\nin the new skb to be delivered to the vsockmon tap device.\nThis manually initializes an iov_iter but does not set iov_iter.count.\nSince the iov_iter is zero-initialized, the copy length is zero and no\npayload is actually copied to the monitor interface, leaving data\nun-initialized.\n\nFix this by removing the linear vs non-linear split and using\nskb_copy_datagram_iter() with iov_iter_kvec() for all cases, as\nvhost-vsock already does. This handles both linear and non-linear skbs,\nproperly initializes the iov_iter, and removes the now unused\nvirtio_transport_copy_nonlinear_skb().\n\nWhile touching this code, let's also check the return value of\nskb_copy_datagram_iter(), even though it's unlikely to fail."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/06747f52ab157591cec7e5623a759473b66ef6f6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/378b131a25bd1a5ee27ca199fe486c299d5350c5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/3a3e3d90cbc79600544536723911657730759af3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/52da6a74ca3de0fcda60301096b71534b3b18641","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46211","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:36.760","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/gem: fix error handling in msm_ioctl_gem_info_get_metadata()\n\nmsm_ioctl_gem_info_get_metadata() always returns 0 regardless of\nerrors. When copy_to_user() fails or the user buffer is too small,\nthe error code stored in ret is ignored because the function\nunconditionally returns 0. This causes userspace to believe the\nioctl succeeded when it did not.\n\nAdditionally, kmemdup() can return NULL on allocation failure, but\nthe return value is not checked. This leads to a NULL pointer\ndereference in the subsequent copy_to_user() call.\n\nAdd the missing NULL check for kmemdup() and return ret instead of 0.\n\nNote that the SET counterpart (msm_ioctl_gem_info_set_metadata)\ncorrectly returns ret.\n\nPatchwork: https://patchwork.freedesktop.org/patch/714478/"}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/47cbfe2608314b833ad61a65827d8fb363bc2d2d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/697e1a9559f6962f999cc4c748c2ffffcc0a7a7a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/b079e85c91f446f29e808d8291189e897f1884ff","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/c57c861956b89f2e2528e6384d51e2dedd915809","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46213","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:36.947","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nHID: appletb-kbd: fix UAF in inactivity-timer cleanup path\n\nCommit 38224c472a03 (\"HID: appletb-kbd: fix slab use-after-free bug in\nappletb_kbd_probe\") added timer_delete_sync(&kbd->inactivity_timer) to\nboth the probe close_hw error path and appletb_kbd_remove(), but the\nway it was wired in left the inactivity timer reachable during driver\ntear-down via two distinct windows.\n\nWindow A -- put_device() before timer_delete_sync():\n\n\tput_device(&kbd->backlight_dev->dev);\n\ttimer_delete_sync(&kbd->inactivity_timer);\n\nThe inactivity_timer softirq reads kbd->backlight_dev and calls\nbacklight_device_set_brightness() -> mutex_lock(&ops_lock).  If a\nconcurrent hid_appletb_bl unbind drops the last devm reference\nbetween these two calls, the backlight_device is freed and the\nmutex_lock() touches freed memory.\n\nWindow B -- backlight cleanup before hid_hw_stop():\n\n\tif (kbd->backlight_dev) {\n\t\ttimer_delete_sync(...);\n\t\tput_device(...);\n\t}\n\thid_hw_close(hdev);\n\thid_hw_stop(hdev);\n\nEven after Window A is closed, hid_hw_close()/hid_hw_stop() still run\nafterwards, so a late \".event\" callback from the HID core (USB URB\ncompletion on real Apple hardware) can arrive after\ntimer_delete_sync() drained the softirq but before put_device() drops\nthe reference.  That callback reaches reset_inactivity_timer(), which\ncalls mod_timer() and re-arms the timer.  The freshly re-armed timer\ncan then fire on the about-to-be-freed backlight_device.\n\nBoth windows produce the same KASAN slab-use-after-free:\n\n  BUG: KASAN: slab-use-after-free in __mutex_lock+0x1aab/0x21c0\n  Read of size 8 at addr ffff88803ee9a108 by task swapper/0/0\n  Call Trace:\n   <IRQ>\n   __mutex_lock\n   backlight_device_set_brightness\n   appletb_inactivity_timer\n   call_timer_fn\n   run_timer_softirq\n   handle_softirqs\n  Allocated by task N:\n   devm_backlight_device_register\n   appletb_bl_probe\n  Freed by task M:\n   (concurrent hid_appletb_bl unbind path)\n\nClose both windows at once by reworking the tear-down in\nappletb_kbd_remove() and in the probe close_hw error path so that\n\n 1) hid_hw_close()/hid_hw_stop() run before the backlight cleanup,\n    guaranteeing no further .event callback can fire and re-arm the\n    timer, and\n 2) inside the \"if (kbd->backlight_dev)\" block, timer_delete_sync()\n    runs before put_device(), so the softirq is drained before the\n    final reference is dropped."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/4db2af929279c799b5653a39eb0795c72baffca4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/59a79938ca5541fe55d675304116b7ea684afef0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/93d989e47bc316c793a69c6a332e053c90e29f02","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46214","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:37.050","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/virtio: fix accept queue count leak on transport mismatch\n\nvirtio_transport_recv_listen() calls sk_acceptq_added() before\nvsock_assign_transport(). If vsock_assign_transport() fails or\nselects a different transport, the error path returns without\ncalling sk_acceptq_removed(), permanently incrementing\nsk_ack_backlog.\n\nAfter approximately backlog+1 such failures, sk_acceptq_is_full()\nreturns true, causing the listener to reject all new connections.\n\nFix by moving sk_acceptq_added() to after the transport validation,\nmatching the pattern used by vmci_transport and hyperv_transport."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/29371f3cc83e2a92265b4768014a30b80234112f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/52bcb57a4e8a0865a76c587c2451906342ae1b2d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/65c484726e74013a2ec7ba67a34d87760ae8f390","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/6d3275fc4ed968938e1d556c344798046776668d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/e9edf9893cf26d060705c910a9b62d8cc96ed56a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46216","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:37.237","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/hdcp: Add NULL check for media_gt in intel_hdcp_gsc_check_status()\n\nWhen media GT is disabled via configfs, there is no allocation for\nmedia_gt, which is kept as NULL.  In such scenario,\nintel_hdcp_gsc_check_status() results in a kernel pagefault error due to\n&gt->uc.gsc being evaluated as an invalid memory address.\n\nFix that by introducing a NULL check on media_gt and bailing out early\nif so.\n\nWhile at it, also drop the NULL check for gsc, since it can't be NULL if\nmedia_gt is not NULL.\n\nv2:\n  - Get address for gsc only after checking that gt is not NULL.\n    (Shuicheng)\n  - Drop the NULL check for gsc. (Shuicheng)\nv3:\n  - Add \"Fixes\" and \"Cc: <stable...>\" tags. (Matt)\n\n(cherry picked from commit bfaf87e84ca3ca3f6e275f9ae56da47a8b55ffd1)"}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/60a1e131a811b68703da58fd805ab359b704ab03","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/d8ab4b47edf4578dbfbe5e95817107a514fa34cc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46217","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:37.330","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/vcn4: Avoid overflow on msg bound check\n\nAs pointed out by SDL, the previous condition may be vulnerable to\noverflow.\n\n(cherry picked from commit 3c5367d950140d4ec7af830b2268a5a6fdaa3885)"}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/271cd5429513ff9b364a9bf8903e5b65b687eb25","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/30d12ee310a6024ff4c7b9eafdbbeab2db450d4a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/5bb5faff4837b1d98fd655cf8bd7b5d4da0fc4dc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/65bce27ea6192320448c30267ffc17ffa094e713","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/73043d296787bf187d89ffb5c5dcf5bdc3db7885","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46219","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:37.530","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nspi: mpc52xx: fix use-after-free on unbind\n\nThe state machine work is scheduled by the interrupt handler and\ntherefore needs to be cancelled after disabling interrupts to avoid a\npotential use-after-free."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/6c3e413919a12627d04a31a4a5fccb9fc129bb02","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/706b3dc2ac7a998c55e14b3fd2e8f934c367e6e0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/bb6b50f709c5a01906ff72a07fdc070bb3357188","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/bbcd6dd8e9f264440eaf6167382bf404911c1c46","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/ee52da0dd83ebcd89ecbbe2660c57b15a25489f2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46220","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:37.640","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/sdma4: replace BUG_ON with WARN_ON in fence emission\n\nsdma_v4_0_ring_emit_fence() contains two BUG_ON(addr & 0x3) assertions\nthat verify fence writeback addresses are dword-aligned.  These\nassertions can be reached from unprivileged userspace via crafted\nDRM_IOCTL_AMDGPU_CS submissions, causing a fatal kernel panic in a\nscheduler worker thread.\n\nReplace both BUG_ON() calls with WARN_ON() to log the condition without\ncrashing the kernel.  A misaligned fence address at this point indicates\na driver bug, but crashing the kernel is never the correct response when\nthe assertion is reachable from userspace.\n\nThe CS IOCTL path is the correct place to filter invalid submissions;\nthe ring emission callback is too late to do anything about it.\n\n(cherry picked from commit b90250bd933afd1ba94d86d6b13821997b22b18e)"}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/0b91ea46bb68abf98a082bf239092253bbd6aaa2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/4f7ca00fa91daf0795ec6b3b130c5ebba1f155fe","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/78d2e624fa073c14970aa097adcf3ea31c157a66","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/a4fd82fb0757c180bf622907397c528b89a827b2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/d331fb241a4602253976ddd65144a8ba2b05665d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46221","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:37.737","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nEDAC/versalnet: Fix device name memory leak\n\nThe device name allocated via kzalloc() in init_one_mc() is assigned to\ndev->init_name but never freed on the normal removal path.  device_register()\ncopies init_name and then sets dev->init_name to NULL, so the name pointer\nbecomes unreachable from the device. Thus leaking memory.\n\nUse a stack-local char array instead of using kzalloc() for name."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/24d2912962d087ebff7c4984f8ac34a5f23c8dbf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/8cf5dd235eff6008cb04c3d8064d2acfa90616f1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/b16033c8774f5fb4c0cb9b445a1dfc68f499ae6a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46222","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:37.823","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: rockchip: rkcif: Add missing MUST_CONNECT flag to pads\n\nThe pads missed checks for connected devices which may a null dereference\nwhen the stream is enabled.\n\nUnable to handle kernel NULL pointer dereference at virtual address\n0000000000000020\npc : rkcif_interface_enable_streams+0x48/0xf0\nlr : rkcif_interface_enable_streams+0x44/0xf0\nCall trace:\n rkcif_interface_enable_streams+0x48/0xf0\n v4l2_subdev_enable_streams+0x26c/0x3f0\n rkcif_stream_start_streaming+0x140/0x278\n vb2_start_streaming+0x74/0x188\n vb2_core_streamon+0xe0/0x1d8\n vb2_ioctl_streamon+0x60/0xa8\n v4l_streamon+0x2c/0x40\n __video_do_ioctl+0x34c/0x400\n video_usercopy+0x2d0/0x800\n video_ioctl2+0x20/0x60\n v4l2_ioctl+0x48/0x78"}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/318142640590342bfec7aa06d0bdcd0ddbf953d0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/8e3c751259dc2d1325838eff26f41032523c7b57","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46223","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:37.913","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ncgroup: Defer css percpu_ref kill on rmdir until cgroup is depopulated\n\nA chain of commits going back to v7.0 reworked rmdir to satisfy the\ncontroller invariant that a subsystem's ->css_offline() must not run while\ntasks are still doing kernel-side work in the cgroup.\n\n[1] d245698d727a (\"cgroup: Defer task cgroup unlink until after the task is done switching out\")\n[2] a72f73c4dd9b (\"cgroup: Don't expose dead tasks in cgroup\")\n[3] 1b164b876c36 (\"cgroup: Wait for dying tasks to leave on rmdir\")\n[4] 4c56a8ac6869 (\"cgroup: Fix cgroup_drain_dying() testing the wrong condition\")\n[5] 13e786b64bd3 (\"cgroup: Increment nr_dying_subsys_* from rmdir context\")\n\n[1] moved task cset unlink from do_exit() to finish_task_switch() so a\ntask's cset link drops only after the task has fully stopped scheduling.\nThat made tasks past exit_signals() linger on cset->tasks until their final\ncontext switch, which led to a series of problems as what userspace expected\nto see after rmdir diverged from what the kernel needs to wait for. [2]-[5]\ntried to bridge that divergence: [2] filtered the exiting tasks from\ncgroup.procs; [3] had rmdir(2) sleep in TASK_UNINTERRUPTIBLE for them; [4]\nfixed the wait's condition; [5] made nr_dying_subsys_* visible\nsynchronously.\n\nThe cgroup_drain_dying() wait in [3] turned out to be a dead end. When the\nrmdir caller is also the reaper of a zombie that pins a pidns teardown (e.g.\nhost PID 1 systemd reaping orphan pids that were re-parented to it during\nthe same teardown), rmdir blocks in TASK_UNINTERRUPTIBLE waiting for those\npids to free, the pids can't free because PID 1 is the reaper and it's stuck\nin rmdir, and the system A-A deadlocks. No internal lock ordering breaks\nthis; the wait itself is the bug.\n\nThe css killing side that drove the original reorder, however, can be made\ncleanly asynchronous: ->css_offline() is already async, run from\ncss_killed_work_fn() driven by percpu_ref_kill_and_confirm(). The fix is to\nmake that chain start only after all tasks have left the cgroup. rmdir's\nuser-visible side then returns as soon as cgroup.procs and friends are\nempty, while ->css_offline() still runs only after the cgroup is fully\ndrained.\n\nVerified by the original reproducer (pidns teardown + zombie reaper, runs\nunder vng) which hangs vanilla and succeeds here, and by per-commit\ndeterministic repros for [2], [3], [4], [5] with a boot parameter that\nwidens the post-exit_signals() window so each state is reliably reachable.\nSome stress tests on top of that.\n\ncgroup_apply_control_disable() has the same shape of pre-existing race:\nwhen a controller is disabled via subtree_control, kill_css() ran\nsynchronously while tasks past exit_signals() could still be linked to\nthe cgroup's csets, and ->css_offline() could fire before they drained.\nThis patch preserves the existing synchronous behavior at that call site\n(kill_css_sync() + kill_css_finish() back-to-back) and a follow-up patch\nwill defer kill_css_finish() there using a per-css trigger.\n\nThis seems like the right approach and I don't see problems with it. The\nchanges are somewhat invasive but not excessively so, so backporting to\n-stable should be okay. If something does turn out to be wrong, the fallback\nis to revert the entire chain ([1]-[5]) and rework in the development branch\ninstead.\n\nv2: Pin cgrp across the deferred destroy work with explicit\n    cgroup_get()/cgroup_put() around queue_work() and the work_fn. v1\n    wasn't actually broken (ordered cgroup_offline_wq + queue_work order\n    in cgroup_task_dead() saved it) but the explicit ref removes the\n    dependency on those non-obvious invariants. Also note the\n    pre-existing cgroup_apply_control_disable() race in the description;\n    a follow-up will defer kill_css_finish() there."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/33fa2e6b1507a0a377a151a8826438bedad1d0b0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/93618edf753838a727dbff63c7c291dee22d656b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46224","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:38.037","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Fix bo leak in xe_dma_buf_init_obj() on allocation failure\n\nWhen drm_gpuvm_resv_object_alloc() fails, the pre-allocated storage bo\nis not freed. Add xe_bo_free(storage) before returning the error.\n\nxe_dma_buf_init_obj() calls xe_bo_init_locked(), which frees the bo on\nerror. Therefore, xe_dma_buf_init_obj() must also free the bo on its own\nerror paths. Otherwise, since xe_gem_prime_import() cannot distinguish\nwhether the failure originated from xe_dma_buf_init_obj() or from\nxe_bo_init_locked(), it cannot safely decide whether the bo should be\nfreed.\n\nAdd comments documenting the ownership semantics: on success, ownership\nof storage is transferred to the returned drm_gem_object; on failure,\nstorage is freed before returning.\n\nv2: Add comments to explain the free logic.\n\n(cherry picked from commit 78a6c5f899f22338bbf48b44fb8950409c5a69b9)"}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/8fa8c2a22585fcb31dc605b91a67bbcca223fdd7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/93a528f67ce5095bcab46a69839eca97f43dd352","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/f9ad21b90162baf1d78f8036ff3813c3ec1ac88e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46225","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:38.130","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nspi: rspi: fix controller deregistration\n\nMake sure to deregister the controller before releasing underlying\nresources like DMA during driver unbind."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/77defd64b405b680db73d767313fce770d368368","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/9944fa6726afb1e6eb7e2212764e7da0c97f2dcc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/aee76c1dd189562c6678313caec12761f78a9ef3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/c5090db1b31de3ef4db0cda7e822ab49cb572292","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/fee6abd9845c3edd217b0e429d09f764f9a5690e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46226","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:38.227","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nspi: fsl: fix controller deregistration\n\nMake sure to deregister the controller before releasing underlying\nresources like DMA during driver unbind."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/562d954a144950ec2aa6a874ae657cb3fa31fe53","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/5750743a39c9d46ac9fcf57ffe000956da4942cf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/9b7abfed4c3754062d1f3ffd452e65a38667f586","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/ca3195c7b88362d7c81efe685948663a9f9db0e6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/e888308222375ac28bae69134dae288178718a96","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46228","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:38.433","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nspi: ch341: fix devres lifetime\n\nUSB drivers bind to USB interfaces and any device managed resources\nshould have their lifetime tied to the interface rather than parent USB\ndevice. This avoids issues like memory leaks when drivers are unbound\nwithout their devices being physically disconnected (e.g. on probe\ndeferral or configuration changes).\n\nFix the controller and driver data lifetime so that they are released\non driver unbind.\n\nNote that this also makes sure that the SPI controller is placed\ncorrectly under the USB interface in the device tree."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/108a64b27a52f781c4f3751641e3dd65c7dd2fb5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/4422fc2411cbbdf5104a914e0596bb483faea254","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/abe572f630bc1f0e77041012ab075869036ede4f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46229","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:38.520","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Clear VRAM on allocation to prevent stale data exposure\n\nKFD VRAM allocations set AMDGPU_GEM_CREATE_VRAM_WIPE_ON_RELEASE\nbut not AMDGPU_GEM_CREATE_VRAM_CLEARED, leaving freshly allocated\nVRAM with stale data from prior use observable by compute kernels.\n\nThe GEM ioctl path already sets VRAM_CLEARED for all userspace\nallocations via amdgpu_gem_create_ioctl() and\namdgpu_mode_dumb_create(). The KFD path was missing this flag,\nallowing stale page table remnants to leak into user buffers.\n\nThis causes crashes in RCCL P2P transport where non-zero data in\nptrExchange/head/tail fields corrupts the protocol handshake."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/047d44d8d29a6a1a5757256837aa9dd78e3cd0b5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/1db431380879fd9d28b763a88a0c0431be5be8df","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/32b153658f017ad2f5bf8aab479e8d16ac95bc3a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/77d0b5d11387071770246fd0185a69fa28e8e109","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/ad52d61d82181dbdb7f05826de38352d5e550cc2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46231","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:38.743","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: bla: put backbone reference on failed claim hash insert\n\nWhen batadv_bla_add_claim() fails to insert a new claim into the hash, it\nleaked a reference to the backbone_gw for which the claim was intended.\nCall batadv_backbone_gw_put() on the error path to release the reference\nand avoid leaking the backbone_gw object."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/0baf4b659cdc7305cf685b5a5d60f9e3816ab5d0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/65419eb4259a26a3cd3f56fa0e3b3c113bf8c256","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/7cccf4eb4f96d3c3af91a00b7a9caa652439542e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/ba9d20ee9076dac32c371116bacbe72480eb356c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/fd0ca034c1e71ca7613cde9dd892836b2c2831bd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46233","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:38.943","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: bla: only purge non-released claims\n\nWhen batadv_bla_purge_claims() goes through the list of claims, it is only\ntraversing the hash list with an rcu_read_lock(). Due to a potential\nparallel batadv_claim_put(), it can happen that it encounters a claim which\nwas actually in the process of being released+freed by\nbatadv_claim_release(). In this case, backbone_gw is set to NULL before the\ndelayed RCU kfree is started. Calling batadv_bla_claim_get_backbone_gw() is\nthen no longer allowed because it would cause a NULL-ptr derefence.\n\nTo avoid this, only claims with a valid reference counter must be purged.\nAll others are already taken care of."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/7b7ebb7222a5524ce58e48cc9c6d688320ea6cfe","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/7b8fbcee3184d848b5aee085ca16d0cf05c9b641","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/ab3dbd07a809a8eb30c7ddfab9ac886ed30dce8d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/b65365d2b1e6095c538d49baeb140dd1c166c1b3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/cf6b604011591865ae39ac82de8978c1120d17af","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46234","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:39.043","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: fix buffer size clamping order\n\nIn vsock_update_buffer_size(), the buffer size was being clamped to the\nmaximum first, and then to the minimum. If a user sets a minimum buffer\nsize larger than the maximum, the minimum check overrides the maximum\ncheck, inverting the constraint.\n\nThis breaks the intended socket memory boundaries by allowing the\nvsk->buffer_size to grow beyond the configured vsk->buffer_max_size.\n\nFix this by checking the minimum first, and then the maximum. This\nensures the buffer size never exceeds the buffer_max_size."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/0b68881501460c3761f196469e1e503218c5e536","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/2602f7bb5818e92315feeaeb71d8ce4d5c9ab160","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/310da27932dd0afe7ce7456dfe1f0814c3301f41","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/a998a7e250bf976539e05a00ec64a81292afecaa","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/d114bfdc9b76bf93b881e195b7ec957c14227bab","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46235","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:39.143","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: saa7164: add ioremap return checks and cleanups\n\nAdd checks for ioremap return values in saa7164_dev_setup(). If\nioremap for BAR0 or BAR2 fails, release the already allocated PCI\nmemory regions, remove the device from the global list, decrement\nthe device count, and return -ENODEV.\n\nThis prevents potential null pointer dereferences and ensures proper\ncleanup on memory mapping failures."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/3ce8f3057c51bb0a66aa3fab0862be74e9f88684","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/6047dc542fa404b5c187cc2c7906aaaaec6d11ed","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/6c22a6d8e4c1507bba504aeebe80476144a373eb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/a9b83f46e52cf1239d780920d1a7a3e415f7b5d9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/d51c60a498e83c9a79884c8e420f97e3885c9583","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46236","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:39.240","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: rc: xbox_remote: heed DMA restrictions\n\nThe buffer for IO must not be part of the device structure\nbecause that violates the DMA coherency rules."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/0bd8ac88ec5f74cd0f4b8cfc54f4cc0827007249","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/0cc9251833bf02c8c7863404157c94dab5928fcf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/48a668c22e8f92637bc496e84d1cf06900f74a5c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/63a960b39de9c51f29ca19aa5067934f865c0bc7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/e280d1e5e3f2595bbb43fe6e1bce00c59a43c0ff","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46239","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:39.527","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: i2c: ov5647: Fix runtime PM refcount leak in s_ctrl\n\nThree control cases (AUTOGAIN, EXPOSURE_AUTO, ANALOGUE_GAIN) directly\nreturn without calling pm_runtime_put(), causing runtime PM reference\ncount leaks.\n\nChange these cases from 'return' to 'ret = ... break' pattern to ensure\npm_runtime_put() is always called before function exit."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/6b03ecf75bda5900b8e661eb75656f631b598bc2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/f11ae9c04f8368a3b5a0280ef595198dace1c983","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-46241","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:39.710","lastModified":"2026-05-28T13:44:01.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nspi: mpc52xx: fix use-after-free on registration failure\n\nMake sure to disable and free the interrupts in case controller\nregistration fails to avoid a potential use-after-free and resource\nleak.\n\nThis issue was flagged by Sashiko when reviewing a controller\nderegistration fix."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/336d9ad7560b3baba17af06727a888040ee93390","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/5c77f11b9b5f1ad5a704dad875260c44016ede10","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/8b49b6aadd0c622ca7d68b4a53ae10362e221cf3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/f62c060272b9d7423b1650b844e8e4e7b8f9f925","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-4377","sourceIdentifier":"cvd@cert.pl","published":"2026-05-28T10:16:39.940","lastModified":"2026-05-28T18:00:33.730","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Dlink DWR-X1820 router uses weak default password generated from its IMEI number and does not require users to change it. An attacker who knows how passwords are generated can easily crack the default password if they have the device IMEI number.\n\nThis issue was fixed in version 1.00B16CP."}],"metrics":{"cvssMetricV40":[{"source":"cvd@cert.pl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"ADJACENT","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Primary","description":[{"lang":"en","value":"CWE-1391"}]}],"references":[{"url":"https://cert.pl/posts/2026/05/CVE-2026-4377","source":"cvd@cert.pl"},{"url":"https://www.dlink.com/pl/pl/products/dwr-1820-cp#support","source":"cvd@cert.pl"}]}},{"cve":{"id":"CVE-2026-9818","sourceIdentifier":"6064c9f1-42e5-4cc5-a67a-1636d7a9d3fd","published":"2026-05-28T13:16:25.440","lastModified":"2026-05-28T17:16:36.090","vulnStatus":"Rejected","cveTags":[],"descriptions":[{"lang":"en","value":"Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."}],"metrics":{},"references":[]}},{"cve":{"id":"CVE-2026-42250","sourceIdentifier":"cvd@cert.pl","published":"2026-05-28T14:16:19.890","lastModified":"2026-05-28T18:16:32.577","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"bzip2 contains an off‑by‑one error in the bzip2recover utility. When processing a specially crafted file, the application performs an out‑of‑bounds write to a global buffer, resulting in memory corruption and a crash (denial of service).\n\nThis issue was fixed in bzip2 patch 35d122a3df8b0cc4082a4d89fdc6ee99f375fe67"}],"metrics":{"cvssMetricV40":[{"source":"cvd@cert.pl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"references":[{"url":"https://cert.pl/en/posts/2026/05/CVE-2026-42250/","source":"cvd@cert.pl"},{"url":"https://inbox.sourceware.org/bzip2-devel/20260528145407.293768-1-mark@klomp.org/","source":"cvd@cert.pl"},{"url":"https://sourceware.org/bzip2/","source":"cvd@cert.pl"},{"url":"https://sourceware.org/cgit/bzip2/commit/?id=35d122a3df8b0cc4082a4d89fdc6ee99f375fe67","source":"cvd@cert.pl"}]}},{"cve":{"id":"CVE-2026-49237","sourceIdentifier":"security@ubuntu.com","published":"2026-05-28T14:16:24.270","lastModified":"2026-05-28T18:00:33.730","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Canonical Multipass for macOS before version 1.16.3 due to an incomplete fix for CVE-2025-5199. While the patch in version 1.16.0 updated the ownership of the multipassd daemon binary to root:wheel, five co-located binaries (multipass, qemu-img, qemu-system-aarch64, qemu-system-x86_64, and sshfs_server) in /Library/Application Support/com.canonical.multipass/bin/ retain ownership by the installing user and remain writable. Because the root LaunchDaemon (com.canonical.multipassd.plist) configures a PATH environment variable that prioritizes this user-writable directory and invokes these auxiliary binaries by their bare names, a local attacker can replace an auxiliary binary (such as qemu-img) with a malicious wrapper. When the root daemon subsequently triggers the binary during routine execution (e.g., via multipass launch), the malicious code executes with root privileges, leading to local privilege escalation."}],"metrics":{"cvssMetricV31":[{"source":"security@ubuntu.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"security@ubuntu.com","type":"Secondary","description":[{"lang":"en","value":"CWE-276"}]}],"references":[{"url":"https://github.com/canonical/multipass/security/advisories/GHSA-r2xg-x32f-23c5","source":"security@ubuntu.com"}]}},{"cve":{"id":"CVE-2026-49238","sourceIdentifier":"security@ubuntu.com","published":"2026-05-28T14:16:24.403","lastModified":"2026-05-28T18:00:33.730","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Canonical Multipass before version 1.16.3. The host-side SFTP server component (sshfs_server), which executes with root privileges on the host, contains a path containment bypass vulnerability within its validate_path function in src/sshfs_mount/sftp_server.cpp. The function performs a plain string prefix comparison on requested paths without path separator validation or dot-dot (..) normalization. A local attacker with root privileges inside a guest virtual machine can bypass the FUSE layer by injecting raw SFTP frames (such as an SSH_FXP_OPEN request) directly into the sshfs_server process stdin/stdout pipes via procfs. By supplying a path containing directory traversal sequences that match the allowed mount prefix, the attacker can force the host-side root process to resolve the traversal and open files outside the designated mount boundary. This allows a guest-side user to read arbitrary files on the host filesystem, resulting in a virtual machine escape."}],"metrics":{"cvssMetricV31":[{"source":"security@ubuntu.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.0,"impactScore":5.8}]},"weaknesses":[{"source":"security@ubuntu.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/canonical/multipass/security/advisories/GHSA-rhp2-23c4-r34w","source":"security@ubuntu.com"},{"url":"https://github.com/canonical/multipass/security/advisories/GHSA-rhp2-23c4-r34w","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-8979","sourceIdentifier":"office@cyberdanube.com","published":"2026-05-28T14:16:24.910","lastModified":"2026-05-28T18:56:36.823","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Mennekes Amtron series (firmware versions ≤ 5.22.3) is vulnerable to an authentication bypass. An unauthenticated remote attacker can change the password of the user account via a crafted POST request to the /operator/operator endpoint."}],"metrics":{"cvssMetricV40":[{"source":"office@cyberdanube.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"office@cyberdanube.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"references":[{"url":"https://cyberdanube.com/security-research/multiple-vulnerabilities-in-mennekes-amtron-series/","source":"office@cyberdanube.com"},{"url":"https://cyberdanube.com/security-research/multiple-vulnerabilities-in-mennekes-amtron-series/","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-8980","sourceIdentifier":"office@cyberdanube.com","published":"2026-05-28T14:16:25.040","lastModified":"2026-05-28T18:56:36.823","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Mennekes Amtron series (firmware versions ≤ 5.22.3) is vulnerable to privilege escalation. An authenticated low-privileged user can change the passwords of the admin (operator) and manufacturer accounts via crafted POST requests."}],"metrics":{"cvssMetricV40":[{"source":"office@cyberdanube.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"office@cyberdanube.com","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"references":[{"url":"https://cyberdanube.com/security-research/multiple-vulnerabilities-in-mennekes-amtron-series/","source":"office@cyberdanube.com"},{"url":"https://cyberdanube.com/security-research/multiple-vulnerabilities-in-mennekes-amtron-series/","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-8990","sourceIdentifier":"cvd@cert.pl","published":"2026-05-28T14:16:25.170","lastModified":"2026-05-28T18:00:22.543","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A user with physical access to a smartphone can bypass authentication mechanism of Kidsview mobile application and grant himself full access to the device owner's account by interacting with application's push notification.\n\nThis issue was fixed in version 4.4.3"}],"metrics":{"cvssMetricV40":[{"source":"cvd@cert.pl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Primary","description":[{"lang":"en","value":"CWE-288"},{"lang":"en","value":"CWE-359"}]}],"references":[{"url":"https://cert.pl/posts/2026/05/CVE-2026-8990","source":"cvd@cert.pl"},{"url":"https://kidsview.pl/","source":"cvd@cert.pl"}]}},{"cve":{"id":"CVE-2026-35672","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-28T16:16:21.667","lastModified":"2026-05-28T18:56:36.823","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in API v4.0 where the default empty api.apiClientToken allows unauthenticated users to create and modify FAQ entries. Attackers can send an empty x-pmf-token header to bypass token validation and inject malicious content via POST endpoints /api/v4.0/faq/create, /api/v4.0/category, and /api/v4.0/question."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1188"}]}],"references":[{"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-gp95-j463-vv28","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/phpmyfaq-authentication-bypass-via-empty-api-token","source":"disclosure@vulncheck.com"},{"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-gp95-j463-vv28","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-35676","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-28T16:16:21.923","lastModified":"2026-05-28T18:56:36.823","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"phpMyFAQ before 4.1.3 contains an unauthenticated password reset vulnerability in the user password update API endpoint that allows attackers to change account passwords without token validation. Attackers can enumerate valid username and email pairs and force immediate password changes by sending PUT requests to the /api/index.php/user/password/update endpoint, causing account disruption and invalidating legitimate user credentials."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-640"}]}],"references":[{"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9qv9-8xv6-5p35","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/phpmyfaq-unauthenticated-password-reset-via-user-password-update-endpoint","source":"disclosure@vulncheck.com"},{"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9qv9-8xv6-5p35","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-44358","sourceIdentifier":"security-advisories@github.com","published":"2026-05-28T16:16:24.210","lastModified":"2026-05-28T16:16:24.210","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"Espressif Shared GitHub DangerJS is a reusable GitHub Action CI DangerJS workflow for Espressif GitHub projects. Prior to 1.0.1, the action's entrypoint.sh invoked DangerJS from the caller's workspace after copying the fork's checkout into it, creating an untrusted search path for both binary resolution and Node.js module resolution. A fork pull request processed by a pull_request_target workflow could therefore cause fork-supplied code to execute inside the action container in place of the action's own code. This vulnerability is fixed in 1.0.1."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-427"},{"lang":"en","value":"CWE-829"}]}],"references":[{"url":"https://github.com/espressif/shared-github-dangerjs/commit/d742408028135ea200982b5b2e3e438dc4e5a25d","source":"security-advisories@github.com"},{"url":"https://github.com/espressif/shared-github-dangerjs/security/advisories/GHSA-wm3p-pv54-6w73","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-44672","sourceIdentifier":"security-advisories@github.com","published":"2026-05-28T16:16:24.843","lastModified":"2026-05-28T16:16:24.843","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"mapfish-print is a component of MapFish for printing templated cartographic maps. From 3.23.0 to before 3.28.28, 3.30.30, 3.31.22, 3.33.14, and 4.0.3, the attacker can execute arbitrary code  in Dynamic table without being authenticated. This vulnerability is fixed in 3.28.28, 3.30.30, 3.31.22, 3.33.14, and 4.0.3."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://github.com/mapfish/mapfish-print/security/advisories/GHSA-q7m6-wpvf-mvwx","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-45017","sourceIdentifier":"security-advisories@github.com","published":"2026-05-28T16:16:25.883","lastModified":"2026-05-28T18:55:06.837","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and render arbitrary files via the {% include %} and {% render %} tags. Targeted files would need to contain valid Liquid markup and be readable by the application process. This vulnerability is fixed in 2.2.0."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/jg-rp/liquid/security/advisories/GHSA-8p4x-wr7x-3788","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-47759","sourceIdentifier":"security-advisories@github.com","published":"2026-05-28T16:16:28.070","lastModified":"2026-05-28T19:19:37.803","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability via unsanitized data-mce-* attributes (data-mce-href, data-mce-src, data-mce-style). Allows attackers to inject malicious values that override safe attributes during serialization, bypassing validation. This vulnerability is fixed in 5.11.1, 7.9.3, and 8.5.1."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":5.8},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tiny:tinymce:*:*:*:*:*:*:*:*","versionEndExcluding":"5.11.1","matchCriteriaId":"33F45A92-27A3-41F4-91E3-4C3001F11E56"},{"vulnerable":true,"criteria":"cpe:2.3:a:tiny:tinymce:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0.0","versionEndExcluding":"7.9.3","matchCriteriaId":"7A0B42F4-3EAA-49D5-B9DF-AB74687FB282"},{"vulnerable":true,"criteria":"cpe:2.3:a:tiny:tinymce:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0","versionEndExcluding":"8.5.1","matchCriteriaId":"4F3C3EF2-FD5B-4CC3-B2A1-F6D496708272"}]}]}],"references":[{"url":"https://github.com/tinymce/tinymce/security/advisories/GHSA-q742-qvgc-gc2f","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]},{"url":"https://www.tiny.cloud/docs/tinymce/7/7.9.3-release-notes/#overview","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://www.tiny.cloud/docs/tinymce/8/8.5.1-release-notes/#overview","source":"security-advisories@github.com","tags":["Release Notes"]}]}},{"cve":{"id":"CVE-2026-47760","sourceIdentifier":"security-advisories@github.com","published":"2026-05-28T16:16:28.210","lastModified":"2026-05-28T19:19:03.740","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"TinyMCE is an open source rich text editor. From 6.8.0 to before 7.1.0, TinyMCE contains an XSS vulnerability caused by improper SVG namespace scope handling in the sanitizer. A crafted payload using nested elements can bypass attribute sanitization and execute arbitrary JavaScript. This vulnerability is fixed in 7.1.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":5.8},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tiny:tinymce:*:*:*:*:*:*:*:*","versionStartIncluding":"6.8.0","versionEndExcluding":"7.1.0","matchCriteriaId":"D4034B9F-041D-4ACE-9BC6-9170FE25E725"}]}]}],"references":[{"url":"https://github.com/tinymce/tinymce/security/advisories/GHSA-mh5m-5hw4-5c69","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-47761","sourceIdentifier":"security-advisories@github.com","published":"2026-05-28T16:16:28.337","lastModified":"2026-05-28T19:18:37.370","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability in the media plugin. Attackers can inject malicious scripts via crafted data-mce-* attributes, which are executed when content is rendered. Impacts users of TinyMCE with the media plugin enabled. This vulnerability is fixed in 5.11.1, 7.9.3, and 8.5.1."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":5.8},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tiny:tinymce:*:*:*:*:*:*:*:*","versionEndExcluding":"5.11.1","matchCriteriaId":"33F45A92-27A3-41F4-91E3-4C3001F11E56"},{"vulnerable":true,"criteria":"cpe:2.3:a:tiny:tinymce:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0.0","versionEndExcluding":"7.9.3","matchCriteriaId":"7A0B42F4-3EAA-49D5-B9DF-AB74687FB282"},{"vulnerable":true,"criteria":"cpe:2.3:a:tiny:tinymce:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0","versionEndExcluding":"8.5.1","matchCriteriaId":"4F3C3EF2-FD5B-4CC3-B2A1-F6D496708272"}]}]}],"references":[{"url":"https://github.com/tinymce/tinymce/security/advisories/GHSA-vg35-5wq7-3x7w","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]},{"url":"https://www.tiny.cloud/docs/tinymce/7/7.9.3-release-notes/#overview","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://www.tiny.cloud/docs/tinymce/8/8.5.1-release-notes/#overview","source":"security-advisories@github.com","tags":["Release Notes"]}]}},{"cve":{"id":"CVE-2026-47762","sourceIdentifier":"security-advisories@github.com","published":"2026-05-28T16:16:28.470","lastModified":"2026-05-28T19:18:01.763","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability via forged mce:protected comments. Allows attackers to bypass sanitization and inject scripts that execute when content is restored. Impacts users who utilize the protect option. This vulnerability is fixed in 5.11.1, 7.9.3, and 8.5.1."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":5.8},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tiny:tinymce:*:*:*:*:*:*:*:*","versionEndExcluding":"5.11.1","matchCriteriaId":"33F45A92-27A3-41F4-91E3-4C3001F11E56"},{"vulnerable":true,"criteria":"cpe:2.3:a:tiny:tinymce:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0.0","versionEndExcluding":"7.9.3","matchCriteriaId":"7A0B42F4-3EAA-49D5-B9DF-AB74687FB282"},{"vulnerable":true,"criteria":"cpe:2.3:a:tiny:tinymce:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0","versionEndExcluding":"8.5.1","matchCriteriaId":"4F3C3EF2-FD5B-4CC3-B2A1-F6D496708272"}]}]}],"references":[{"url":"https://github.com/tinymce/tinymce/security/advisories/GHSA-v98h-vmpc-fpqv","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://www.tiny.cloud/docs/tinymce/7/7.9.3-release-notes/#overview","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://www.tiny.cloud/docs/tinymce/8/8.5.1-release-notes/#overview","source":"security-advisories@github.com","tags":["Release Notes"]}]}},{"cve":{"id":"CVE-2026-48522","sourceIdentifier":"security-advisories@github.com","published":"2026-05-28T16:16:29.150","lastModified":"2026-05-28T18:03:16.223","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient passes its uri argument directly to urllib.request.urlopen() which uses Python stdlib's default OpenerDirector registering HTTPHandler, HTTPSHandler, FTPHandler, FileHandler, and DataHandler. There is currently no documented option to restrict which schemes PyJWKClient will fetch. If an application's jku URL ingestion path accepts attacker-influenced URLs (e.g., from JWT header, configuration file, OAuth flow parameter), the attacker can cause PyJWKClient to read arbitrary local files via file:// (SSRF on local filesystem), cause PyJWKClient to attempt FTP / data-URI fetches (broader SSRF surface), or forge tokens that PyJWT verifies as valid. The library does not directly return non-HTTP(S) URI contents to the attacker; the chained \"plant a JWKS to forge tokens\" scenario described in the original report requires additional application-layer flaws (attacker write access to a filesystem path, untrusted jku derivation) that this fix does not address. This vulnerability is fixed in 2.13.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N","baseScore":4.2,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":2.5}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-441"},{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-48523","sourceIdentifier":"security-advisories@github.com","published":"2026-05-28T16:16:29.280","lastModified":"2026-05-28T18:03:16.223","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass when jwt.decode() or jwt.decode_complete() are called with a PyJWK key. The token header alg is checked against the caller-supplied algorithms allow-list, but signature verification is performed with the algorithm bound to the PyJWK object instead of the header algorithm. An attacker who controls a registered JWK/JWKS private key can sign with a disallowed algorithm, advertise an allowed algorithm in the JWT header, and still be accepted. The issue affects the documented PyJWKClient.get_signing_key_from_jwt(...) flow. This vulnerability is fixed in 2.13.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-347"}]}],"references":[{"url":"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f","source":"security-advisories@github.com"},{"url":"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-48524","sourceIdentifier":"security-advisories@github.com","published":"2026-05-28T16:16:29.403","lastModified":"2026-05-28T18:03:16.223","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient.get_signing_key() forces a fresh HTTP request to the JWKS endpoint for every JWT with an unknown kid value, with no rate limiting. Since kid comes from the unverified token header, an attacker can trigger unlimited outbound requests. The vulnerability surfaces only when a JWKS fetch fails; an attacker can attempt to provoke that with sustained unknown-kid traffic, but the outcome depends on upstream JWKS-endpoint behavior (rate limiting, transient errors) which is beyond the attacker's control. This vulnerability is fixed in 2.13.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-460"},{"lang":"en","value":"CWE-755"}]}],"references":[{"url":"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-48525","sourceIdentifier":"security-advisories@github.com","published":"2026-05-28T16:16:29.533","lastModified":"2026-05-28T18:03:16.223","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"PyJWT is a JSON Web Token implementation in Python. From 2.8.0 to 2.12.1, when verifying detached JWS tokens using the unencoded-payload option (\"b64\": false, RFC 7797), PyJWT performs Base64URL decoding of the compact-serialization payload segment before enforcing the detached-payload rules. For b64=false, PyJWT later discards that decoded payload and replaces it with the caller-provided detached_payload. In practice, this turns the middle segment into an attacker-controlled “work amplifier”: a remote client can supply an arbitrarily large Base64URL payload segment that forces CPU work + memory allocations even if the signature is invalid. This creates an unauthenticated DoS vector against any endpoint that verifies detached JWS using PyJWT. This vulnerability is fixed in 2.13.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"references":[{"url":"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39","source":"security-advisories@github.com"},{"url":"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-48526","sourceIdentifier":"security-advisories@github.com","published":"2026-05-28T16:16:29.657","lastModified":"2026-05-28T18:03:16.223","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC algorithms, the library does not validate use of JSON Web Keys in HMAC algorithm, allowing attacker to use the issuer public key as the secret key for HMAC algorithm. This vulnerability is fixed in 2.13.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":5.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-287"},{"lang":"en","value":"CWE-347"}]}],"references":[{"url":"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-24444","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-28T17:16:20.143","lastModified":"2026-05-28T17:16:20.143","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"SDMC NE6037 cable modem routers running firmware 7.1.6.0.25 and 7.1.6.1.9_B9 contain a hardcoded password vulnerability in the web management interface recovery endpoints (mgmt.php, npcmd.php) that allows unauthenticated attackers to gain root access by submitting the hardcoded credential to the recovery endpoint via HTTP. Attackers can leverage this hardcoded password to enable filtered SSH and Telnet services on the device, resulting in unauthenticated root-level remote access to the underlying system."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-798"}]}],"references":[{"url":"https://en.sdmctech.com/product/DOCSIS_234.html","source":"disclosure@vulncheck.com"},{"url":"https://www.kr3bz.wtf/posts/sdmc-ne6037-router-recovery-backdoor/","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-41141","sourceIdentifier":"security-advisories@github.com","published":"2026-05-28T17:16:21.810","lastModified":"2026-05-28T20:16:23.383","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"EspoCRM is an open source customer relationship management application. Prior to 9.3.5, the POST /api/v1/EmailTemplate/:id/prepare endpoint accepts an emailAddress parameter and resolves the owning entity (Contact, Lead, Account, or User) without performing an ACL check. An authenticated user with EmailTemplate read permission can extract all field values of any entity by supplying the target's email address, bypassing read: own or read: team ACL restrictions. This vulnerability is fixed in 9.3.5."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://github.com/espocrm/espocrm/security/advisories/GHSA-vvmh-mf4h-96hw","source":"security-advisories@github.com"},{"url":"https://github.com/espocrm/espocrm/security/advisories/GHSA-vvmh-mf4h-96hw","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-41160","sourceIdentifier":"security-advisories@github.com","published":"2026-05-28T17:16:22.053","lastModified":"2026-05-28T20:16:23.507","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"EspoCRM is an open source customer relationship management application. Prior to 9.3.5, a business logic flaw (Broken Access Control) in EspoCRM 9.3.3 allows low-privileged users to pin arbitrary notes without having the required edit permissions for the parent object. Due to a \"write first, authorize later\" execution flaw in the backend API, even though the server correctly returns a 403 Forbidden error, the targeted note's pinned status is already persistently modified in the database. The root cause lies in the server-side processing of the POST /api/v1/Note/{id}/pin endpoint. In application/Espo/Tools/Stream/Api/PostNotePin.php, the process() method first calls getNote($id) before calling checkParent($note). This vulnerability is fixed in 9.3.5."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"},{"lang":"en","value":"CWE-639"},{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/espocrm/espocrm/security/advisories/GHSA-c3rm-m24p-255p","source":"security-advisories@github.com"},{"url":"https://github.com/espocrm/espocrm/security/advisories/GHSA-c3rm-m24p-255p","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-41184","sourceIdentifier":"psirt@tigera.io","published":"2026-05-28T17:16:22.270","lastModified":"2026-05-28T18:55:06.837","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In Calico, the install-cni init container logs the rendered CNI configuration to standard output. When the configuration template uses the __SERVICEACCOUNT_TOKEN__ placeholder (Canal/Flannel-Calico deployments), the installer substitutes the live Kubernetes ServiceAccount bearer token before logging, exposing the token to any authenticated user with pods/log permission in the namespace with calico-node. The token holds patch privileges on pods/status, enabling annotation-based attacks against cluster workloads. The default kubeconfig-based authentication path is not affected. This is a direct regression of TTA-2018-001."}],"metrics":{"cvssMetricV40":[{"source":"psirt@tigera.io","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"psirt@tigera.io","type":"Secondary","description":[{"lang":"en","value":"CWE-532"}]}],"references":[{"url":"https://github.com/projectcalico/calico/pull/12502","source":"psirt@tigera.io"},{"url":"https://github.com/projectcalico/calico/pull/12526","source":"psirt@tigera.io"},{"url":"https://github.com/projectcalico/calico/pull/12527","source":"psirt@tigera.io"},{"url":"https://www.tigera.io/security-bulletins/tta-2026-001/","source":"psirt@tigera.io"}]}},{"cve":{"id":"CVE-2026-41185","sourceIdentifier":"psirt@tigera.io","published":"2026-05-28T17:16:22.670","lastModified":"2026-05-28T18:55:06.837","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"When Calico is configured with the Azure IPAM plugin, the Calico CNI binary mutates the incoming CNI configuration to attach subnet information before delegating to the IPAM plugin. After mutating, the Azure IPAM helper logs the entire unmarshaled configuration map (stdinData) at INFO level to /var/log/calico/cni/cni.log on every CNI ADD and DEL invocation — once per pod scheduled or terminated on the node. When the cluster is deployed using token-based Kubernetes authentication, this log entry contains the ServiceAccount token, client key, and certificate authority in plaintext. Any principal with read access to /var/log/calico/cni/cni.log on a node  can read these logs and extract the credentials, which grant cluster-wide Calico networking admin privileges."}],"metrics":{"cvssMetricV40":[{"source":"psirt@tigera.io","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"psirt@tigera.io","type":"Secondary","description":[{"lang":"en","value":"CWE-532"}]}],"references":[{"url":"https://github.com/projectcalico/calico/pull/12502","source":"psirt@tigera.io"},{"url":"https://github.com/projectcalico/calico/pull/12526","source":"psirt@tigera.io"},{"url":"https://github.com/projectcalico/calico/pull/12527","source":"psirt@tigera.io"},{"url":"https://www.tigera.io/security-bulletins/tta-2026-002/","source":"psirt@tigera.io"}]}},{"cve":{"id":"CVE-2026-44461","sourceIdentifier":"security-advisories@github.com","published":"2026-05-28T17:16:28.853","lastModified":"2026-05-28T18:55:06.837","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Zed is a code editor. Prior to 0.227.1, Zed builds SSH/WSL remote commands as a shell command string that starts with exec env ..., but environment variable keys are inserted without shell quoting or validation. If an attacker can control an environment variable key (for example via project terminal settings), shell expansions in the key (such as $(...)) are evaluated by the remote shell when a terminal is opened. This can lead to arbitrary command execution on the remote host under the victim user's account. This vulnerability is fixed in 0.227.1."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":6.0}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://github.com/zed-industries/zed/security/advisories/GHSA-63qj-jc2q-7hg5","source":"security-advisories@github.com"},{"url":"https://github.com/zed-industries/zed/security/advisories/GHSA-63qj-jc2q-7hg5","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-44462","sourceIdentifier":"security-advisories@github.com","published":"2026-05-28T17:16:29.623","lastModified":"2026-05-28T18:55:06.837","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed via bash variable expansion chaining (${var@P}), allowing arbitrary command execution under an allowlisted command prefix. This vulnerability is fixed in 0.229.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.6,"impactScore":4.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-184"}]}],"references":[{"url":"https://github.com/zed-industries/zed/security/advisories/GHSA-rqq3-p6x4-q866","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-44463","sourceIdentifier":"security-advisories@github.com","published":"2026-05-28T17:16:29.810","lastModified":"2026-05-28T18:55:06.837","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed by prepending environment variable assignments to allowlisted commands, hijacking program behavior (e.g., PAGER) to execute arbitrary code. This vulnerability is fixed in 0.229.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":6.0}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-78"},{"lang":"en","value":"CWE-184"}]}],"references":[{"url":"https://github.com/zed-industries/zed/security/advisories/GHSA-c3g6-c3ff-69cg","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-44465","sourceIdentifier":"security-advisories@github.com","published":"2026-05-28T17:16:30.043","lastModified":"2026-05-28T20:16:24.030","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Zed is a code editor. Prior to 0.227.1, Zed IDE executes arbitrary commands when opening a folder with a malicious .git/config file that abuses the core.fsmonitor Git configuration option. This allows an attacker to achieve Remote Code Execution (RCE) when a victim open a folder in untrusted mode. This vulnerability is fixed in 0.227.1."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":6.0}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://github.com/zed-industries/zed/security/advisories/GHSA-fj2r-rmw6-h222","source":"security-advisories@github.com"},{"url":"https://github.com/zed-industries/zed/security/advisories/GHSA-fj2r-rmw6-h222","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-44543","sourceIdentifier":"security-advisories@github.com","published":"2026-05-28T17:16:30.967","lastModified":"2026-05-28T17:16:30.967","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"Local Path Provisioner provides a way for the Kubernetes users to utilize the local storage in each node. Prior to 0.0.36, a malicious user with permission to edit the local-path-config ConfigMap in the local-path-storage namespace can manipulate the helperPod.yaml template used by rancher/local-path-provisioner. The helperPod.yaml template is loaded by the provisioner and used to create HelperPods during PVC provisioning and cleanup operations. However, the template is not sufficiently validated before use. Security-sensitive fields such as securityContext.privileged, hostPath volumes, and Linux capabilities can be injected into the template. When a PVC operation triggers HelperPod creation, the provisioner creates the HelperPod using the attacker-controlled template. This can result in a privileged pod running on the target node with the host root filesystem mounted. This may allow the attacker to access sensitive host files, read ServiceAccount tokens from other pods on the same node, access other tenants' local-path volume data, or modify files on the host node. This vulnerability is fixed in 0.0.36."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":5.8}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-269"}]}],"references":[{"url":"https://github.com/rancher/local-path-provisioner/security/advisories/GHSA-7fxv-8wr2-mfc4","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-45076","sourceIdentifier":"security-advisories@github.com","published":"2026-05-28T17:16:31.590","lastModified":"2026-05-28T18:03:16.223","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, in federated rooms, malicious homeservers can craft room events in such a way that prevents Synapse from providing full history to paginating clients. Clients could therefore fail to display room history. This vulnerability is fixed in 1.152.1."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"references":[{"url":"https://github.com/element-hq/synapse/security/advisories/GHSA-6qf2-7x63-mm6v","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-45078","sourceIdentifier":"security-advisories@github.com","published":"2026-05-28T17:16:31.750","lastModified":"2026-05-28T18:03:16.223","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, local authenticated users can cause Synapse to starve other requests of CPU and lead to other requests failing, causing other users to be denied service. This vulnerability is fixed in 1.152.1."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-770"}]}],"references":[{"url":"https://github.com/element-hq/synapse/security/advisories/GHSA-8q93-326v-3m7g","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-45261","sourceIdentifier":"security-advisories@github.com","published":"2026-05-28T17:16:31.900","lastModified":"2026-05-28T17:16:31.900","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"GitButler is a modern Git-based version control interface for AI-powered workflows. Prior to 0.19.7, a emote code execution vulnerability exists in the Tauri-based GitButler desktop application. An attacker can inject a malicious link in a pull request body, which if clicked by the user allows for arbitrary script execution in the Tauri webview. Users that have not enabled forge integration are not at risk. This vulnerability is fixed in 0.19.7."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://github.com/gitbutlerapp/gitbutler/security/advisories/GHSA-xpmj-536r-9fc6","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-8697","sourceIdentifier":"f23511db-6c3e-4e32-a477-6aa17d310630","published":"2026-05-28T17:16:33.657","lastModified":"2026-05-28T18:38:35.797","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Due to improper enforcement of authentication rate-limiting on a debug SSH service in Archer C64 v1, the SSH service allows unlimited authentication attempts and uses the same credentials as the web interface.  This enables an attacker to brute-force valid credentials via SSH.\n\nSuccessful exploitation could allow an attacker with adjacent network access to obtain administrative credentials through unrestricted authentication attempts and subsequently gain full administrative access to the device, impacting system confidentiality, integrity, and availability."}],"metrics":{"cvssMetricV40":[{"source":"f23511db-6c3e-4e32-a477-6aa17d310630","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"f23511db-6c3e-4e32-a477-6aa17d310630","type":"Secondary","description":[{"lang":"en","value":"CWE-288"}]}],"references":[{"url":"https://www.tp-link.com/en/support/download/archer-c64/v1/#Firmware","source":"f23511db-6c3e-4e32-a477-6aa17d310630"},{"url":"https://www.tp-link.com/us/support/faq/5105/","source":"f23511db-6c3e-4e32-a477-6aa17d310630"}]}},{"cve":{"id":"CVE-2026-9092","sourceIdentifier":"cret@cert.org","published":"2026-05-28T17:16:34.083","lastModified":"2026-05-28T18:00:22.543","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Casdoor versions 2.362.0 and earlier contain a vulnerability involving unverified email binding that may enable account takeover. The getExistUserByBindingRule function matches users by email without checking the email_verified claim from upstream providers; the idp.UserInfo struct does not even include a EmailVerified field. An attacker can supply an unverified email claim from an upstream provider to take over accounts that use the same email address."}],"metrics":{},"references":[{"url":"https://kb.cert.org/vuls/id/780781","source":"cret@cert.org"}]}},{"cve":{"id":"CVE-2026-9093","sourceIdentifier":"cret@cert.org","published":"2026-05-28T17:16:34.210","lastModified":"2026-05-28T18:00:22.543","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"In Casdoor versions 2.362.0 and earlier, the SAML service provider implementation does not validate the AudienceRestriction element in SAML assertions. The buildSp function in object/saml_sp.go never sets AudienceURI on the gosaml2 SAMLServiceProvider struct and never inspects WarningInfo.NotInAudience. This allows assertions issued for other service providers to be accepted by Casdoor."}],"metrics":{},"references":[{"url":"https://kb.cert.org/vuls/id/780781","source":"cret@cert.org"}]}},{"cve":{"id":"CVE-2026-9094","sourceIdentifier":"cret@cert.org","published":"2026-05-28T17:16:34.337","lastModified":"2026-05-28T18:00:22.543","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Casdoor versions 2.362.0 and earlier contain a vulnerability enabling cross-organization token exchange. The GetTokenExchangeToken function in object/token_oauth.go validates JWT signatures but does not verify that the token's user belongs to the same organization as the target application. This can result in privilege escalation across organizational boundaries."}],"metrics":{},"references":[{"url":"https://kb.cert.org/vuls/id/780781","source":"cret@cert.org"}]}},{"cve":{"id":"CVE-2026-9095","sourceIdentifier":"cret@cert.org","published":"2026-05-28T17:16:34.460","lastModified":"2026-05-28T18:16:36.320","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Casdoor versions 2.362.0 and earlier map SAML assertions to user sessions without replay protection. The ParseSamlResponse() function in object/saml_sp.go calls sp.RetrieveAssertionInfo() and immediately maps the result to a user session. There is no assertion ID cache, OneTimeUse condition enforcement, or replay detection anywhere in the SAML SP code path. As a result, an attacker can replay a previously captured SAML assertion to obtain an authenticated session for the assertion’s subject, including administrator accounts, without needing the user’s password or MFA credentials."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-294"}]}],"references":[{"url":"https://kb.cert.org/vuls/id/780781","source":"cret@cert.org"}]}},{"cve":{"id":"CVE-2026-9096","sourceIdentifier":"cret@cert.org","published":"2026-05-28T17:16:34.647","lastModified":"2026-05-28T18:00:22.543","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Casdoor versions 2.362.0 and earlier do not enforce SAML assertion time bounds. The gosaml2 library reports all time-validation results, including NotOnOrAfter and NotBefore, in the assertionInfo.WarningInfo field. However, ParseSamlResponse() never reads this field, meaning that time bounds are computed by the library but silently discarded before the user session is issued."}],"metrics":{},"references":[{"url":"https://kb.cert.org/vuls/id/780781","source":"cret@cert.org"}]}},{"cve":{"id":"CVE-2026-9097","sourceIdentifier":"cret@cert.org","published":"2026-05-28T17:16:34.767","lastModified":"2026-05-28T18:00:22.543","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Casdoor versions 2.362.0 and earlier do not verify that a JWT used for token exchange is still active. The GetTokenExchangeToken() function in object/token_oauth.go validates the JWT signature and parses its claims, but never queries the Token table to verify whether the subject token has been revoked or invalidated. Because the revocation check is entirely absent, administrators are unable to terminate active sessions or revoke compromised tokens."}],"metrics":{},"references":[{"url":"https://kb.cert.org/vuls/id/780781","source":"cret@cert.org"}]}},{"cve":{"id":"CVE-2026-9098","sourceIdentifier":"cret@cert.org","published":"2026-05-28T17:16:34.963","lastModified":"2026-05-28T18:00:22.543","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"In Casdoor versions 2.362.0 and earlier, the SAML callback handler in controllers/auth.go accepts any well-formed SAMLResponse sent to /api/acs without verifying that it corresponds to an AuthnRequest previously issued by Casdoor. Additionally, if an administrator disables or deletes an IdP (Identity Provider) after a SAML flow has started, the handler still processes the response using the provider snapshot loaded at the start of the request. As a result, an attacker controlling a registered upstream IdP can send unsolicited SAML responses, or replay a legitimately captured response in a different session or after the original flow has ended. In both cases, Casdoor accepts the response and issues a session, enabling persistent unauthorized access."}],"metrics":{},"references":[{"url":"https://kb.cert.org/vuls/id/780781","source":"cret@cert.org"}]}},{"cve":{"id":"CVE-2026-34126","sourceIdentifier":"f23511db-6c3e-4e32-a477-6aa17d310630","published":"2026-05-28T18:16:31.300","lastModified":"2026-05-28T18:38:35.797","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"TP-Link has identified a vulnerability in Tapo L535E v1.0 and v3.0, Tapo P300 v1.0, and Tapo D100C v1.0, where Bluetooth communication during the initial setup phase is transmitted in cleartext without encryption.  Bluetooth is only used during initialization.\n\nAn attacker within the Bluetooth range could exploit this behavior using Bluetooth sniffing or man-in-the-middle techniques, which may allow eavesdropping on Bluetooth communication, manipulate transmitted setup data and potentially gain unauthorized control of the device during initialization. \n\n\nAn attacker\nwithin the Bluetooth range could exploit this behavior using Bluetooth sniffing\nor man-in-the-middle techniques, which may allow eavesdropping on Bluetooth\ncommunication, manipulate transmitted setup data and potentially gain\nunauthorized control of the device during initialization.\n\n\n\nD100C is the\nchime delivered with your Tapo camera, and it is delivered with the following\nTapo products:\n\n\n\n\n\n\n\n\n\nD130, D210, D235,\nD225, TD21, TDB21 and TD25"}],"metrics":{"cvssMetricV40":[{"source":"f23511db-6c3e-4e32-a477-6aa17d310630","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"f23511db-6c3e-4e32-a477-6aa17d310630","type":"Secondary","description":[{"lang":"en","value":"CWE-319"}]}],"references":[{"url":"https://www.tp-link.com/en/support/download/tapo-l535e/v3/#Firmware-Release-Notes","source":"f23511db-6c3e-4e32-a477-6aa17d310630"},{"url":"https://www.tp-link.com/en/support/download/tapo-p300/#Firmware-Release-Notes","source":"f23511db-6c3e-4e32-a477-6aa17d310630"},{"url":"https://www.tp-link.com/jp/support/download/tapo-l535e/#Firmware-Release-Notes","source":"f23511db-6c3e-4e32-a477-6aa17d310630"},{"url":"https://www.tp-link.com/jp/support/download/tapo-p300/#Firmware-Release-Notes","source":"f23511db-6c3e-4e32-a477-6aa17d310630"},{"url":"https://www.tp-link.com/us/support/download/tapo-l535e/#Firmware-Release-Notes","source":"f23511db-6c3e-4e32-a477-6aa17d310630"},{"url":"https://www.tp-link.com/us/support/faq/5106/","source":"f23511db-6c3e-4e32-a477-6aa17d310630"}]}},{"cve":{"id":"CVE-2026-43898","sourceIdentifier":"security-advisories@github.com","published":"2026-05-28T18:16:32.837","lastModified":"2026-05-28T20:16:23.810","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"SandboxJS is a JavaScript sandboxing library. Prior to 0.9.6, sandbox-defined functions expose Function.caller, allowing sandboxed code to recover the internal LispType.Call runtime callback. That callback can then be invoked with attacker-controlled fake context and obj values to extract blocked host statics, recover the real host Function constructor, and execute arbitrary host JavaScript. This vulnerability is fixed in 0.9.6."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nyariv:sandboxjs:*:*:*:*:*:node.js:*:*","versionEndExcluding":"0.9.6","matchCriteriaId":"E5E55743-0929-4200-9EB6-0CF6FA62CB39"}]}]}],"references":[{"url":"https://github.com/nyariv/SandboxJS/commit/826865251232611ec94078bab5a18ec875dad4a5","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/nyariv/SandboxJS/security/advisories/GHSA-g8f2-4f4f-5jqw","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/nyariv/SandboxJS/security/advisories/GHSA-g8f2-4f4f-5jqw","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44798","sourceIdentifier":"security-advisories@github.com","published":"2026-05-28T18:16:34.007","lastModified":"2026-05-28T19:30:57.857","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, a user with access to add/change a GitRepository record could use the REST API to directly set the current_head field on the record, which was not intended to be user-editable. Doing so could cause Nautobot's local clone(s) of the relevant repository to checkout a commit other than the latest commit on the specified branch (resulting in misleading state), or potentially to be unable to make use of the repository at all (until manually remediated) due to the current_head pointing to a nonexistent commit hash or malformed value. This vulnerability is fixed in 2.4.33 and 3.1.2."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":4.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-471"},{"lang":"en","value":"CWE-749"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:networktocode:nautobot:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.33","matchCriteriaId":"1519124C-E6CD-44DF-8DD7-D4A7003ADF94"},{"vulnerable":true,"criteria":"cpe:2.3:a:networktocode:nautobot:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"3.1.2","matchCriteriaId":"8419C360-D723-4365-82B1-B4DE637BE43C"}]}]}],"references":[{"url":"https://github.com/nautobot/nautobot/commit/9deddfc91ad9260ad17b5e20084e9e2d15be3609","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/nautobot/nautobot/commit/c46f97040b2bde4320be36b23577f19a8bcbd8c3","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/nautobot/nautobot/releases/tag/v2.4.33","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/nautobot/nautobot/releases/tag/v3.1.2","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/nautobot/nautobot/security/advisories/GHSA-p3hx-pwf3-j8wr","source":"security-advisories@github.com","tags":["Mitigation","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-45021","sourceIdentifier":"security-advisories@github.com","published":"2026-05-28T18:16:34.167","lastModified":"2026-05-28T18:56:36.823","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Kuma is a modern Envoy-based service mesh that can run on every cloud across both Kubernetes and VMs. Prior to 2.7.25, 2.9.15, 2.11.13, 2.12.10, and 2.13.5, the default kuma-cp config leaks the admin bootstrap token and signing keys to any webpage the operator visits while the control plane is reachable from their browser. CorsAllowedDomains: [\".*\"] reflects any Origin, and LocalhostIsAdmin: true promotes requests from 127.0.0.1 to mesh-system:admin. A cross-origin fetch() from a malicious page returns the admin JWT and signing material. This vulnerability is fixed in 2.7.25, 2.9.15, 2.11.13, 2.12.10, and 2.13.5."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-346"},{"lang":"en","value":"CWE-942"}]}],"references":[{"url":"https://github.com/kumahq/kuma/commit/8fefa8595d44eb68d922405702ed7a0826322907","source":"security-advisories@github.com"},{"url":"https://github.com/kumahq/kuma/pull/16416","source":"security-advisories@github.com"},{"url":"https://github.com/kumahq/kuma/pull/16423","source":"security-advisories@github.com"},{"url":"https://github.com/kumahq/kuma/pull/16424","source":"security-advisories@github.com"},{"url":"https://github.com/kumahq/kuma/pull/16425","source":"security-advisories@github.com"},{"url":"https://github.com/kumahq/kuma/pull/16426","source":"security-advisories@github.com"},{"url":"https://github.com/kumahq/kuma/pull/16427","source":"security-advisories@github.com"},{"url":"https://github.com/kumahq/kuma/security/advisories/GHSA-3vcp-chfh-f6r2","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-45058","sourceIdentifier":"security-advisories@github.com","published":"2026-05-28T18:16:34.313","lastModified":"2026-05-28T18:16:34.313","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In 3.8.8 and earlier, there is persistent local-pty code execution via imported bookmarks or compromised sync targets. Affects users who import bookmark JSON files or who have electerm sync configured (gist/WebDAV). The attacker can inject exec* fields or global config to cause remote code to run when a bookmark is opened or when sync is applied."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.4,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-94"},{"lang":"en","value":"CWE-345"},{"lang":"en","value":"CWE-494"},{"lang":"en","value":"CWE-915"}]}],"references":[{"url":"https://github.com/electerm/electerm/security/advisories/GHSA-jgg9-rw32-44pj","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-45296","sourceIdentifier":"security-advisories@github.com","published":"2026-05-28T18:16:34.507","lastModified":"2026-05-28T18:40:37.990","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"OpenReplay is a self-hosted session replay suite. Prior to 1.26.0, OpenReplay's Python API exposes several app_apikey routes that trust a caller-provided projectKey after validating only that the API key itself is valid and that the target projectKey exists. The authorization flow does not verify that the authenticated API key and the requested project belong to the same tenant. Because the public tracker design exposes projectKey to browser-side code, an attacker who owns any valid API key for their own tenant can target another tenant's project by reusing that public projectKey. The vulnerable routes allow the attacker to enumerate victim user sessions and then retrieve sensitive session event data across the tenant boundary. This vulnerability is fixed in 1.26.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.0}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://github.com/openreplay/openreplay/security/advisories/GHSA-8wmc-vpmf-cjf5","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-45297","sourceIdentifier":"security-advisories@github.com","published":"2026-05-28T18:16:34.643","lastModified":"2026-05-28T18:40:37.990","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"OpenReplay is a self-hosted session replay suite. Prior to 1.26.0, there is a cross-tenant IDOR on feature-flag and assist-stats routes via {project_id} case mismatch. ProjectAuthorizer.__call__ (OSS api/auth/auth_project.py:14-38 and EE ee/api/auth/auth_project.py:14-46) only runs projects.is_authorized(project_id, tenant_id, user_id) + projects.get_project(tenant_id, project_id) when self.project_identifier == \"projectId\" (camelCase). For EE multi-tenant, feature-flag queries only filter on project_id, never tenant_id. Any authenticated user in tenant A can read/update/delete feature-flag rows belonging to tenant B by iterating the sequential integer project_id + feature_flag_id. OSS is single-tenant by design ({\"errors\":[\"tenants already registered\"]} on second signup) so there's no cross-tenant impact This vulnerability is fixed in 1.26.0."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-285"},{"lang":"en","value":"CWE-639"},{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/openreplay/openreplay/security/advisories/GHSA-5m23-rcj4-cgjx","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-45307","sourceIdentifier":"security-advisories@github.com","published":"2026-05-28T18:16:34.907","lastModified":"2026-05-28T20:16:24.753","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"Speakr is a personal, self-hosted web application designed for transcribing audio recordings. Prior to 0.8.20-alpha, the is_safe_url() helper used to validate post-login redirect targets applied urljoin(request.host_url, target) before parsing, while the controller passed the raw target to redirect(). A scheme-relative input such as ////evil.com resolved to a same-host URL during validation but was emitted verbatim in the Location header, where the browser interpreted it as a network-path-relative redirect to an attacker-controlled host. This vulnerability is fixed in 0.8.20-alpha."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-601"}]}],"references":[{"url":"https://github.com/murtaza-nasir/speakr/security/advisories/GHSA-5cpp-mqgh-4c38","source":"security-advisories@github.com"},{"url":"https://github.com/murtaza-nasir/speakr/security/advisories/GHSA-5cpp-mqgh-4c38","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-45311","sourceIdentifier":"security-advisories@github.com","published":"2026-05-28T18:16:35.170","lastModified":"2026-05-28T18:40:37.990","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"CodeWhale is a DeepSeek + MiMo coding agent in terminal. From 0.3.0 to 0.8.23, the run_tests tool executes cargo test in the workspace with ApprovalRequirement::Auto, meaning it runs without any user approval prompt. cargo test compiles and executes arbitrary code: test binaries, build.rs build scripts, and proc macros. While auto-approving test execution is a deliberate design choice, it creates an inconsistency in the security boundary. However, in a malicious repository, test code can execute arbitrary shell commands, exfiltrate credentials, or establish persistence with zero approval. The attack is amplified by AGENTS.md (auto-loaded into the system prompt), which can instruct the model to run tests proactively at session start. This vulnerability is fixed in 0.8.23."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":6.0}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://github.com/Hmbown/CodeWhale/security/advisories/GHSA-wx44-2q6h-j6p8","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-43979","sourceIdentifier":"security-advisories@github.com","published":"2026-05-28T19:16:38.067","lastModified":"2026-05-28T20:16:23.927","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"Local Deep Research is an AI-powered research assistant for deep, iterative research. Prior to 1.6.0, PDFService._markdown_to_html() constructs an HTML document by interpolating user-controlled values — specifically title (sourced from research.title or research.query) and metadata key-value pairs — directly into an f-string without any HTML escaping. An authenticated attacker can craft a research query containing HTML special characters to inject arbitrary HTML tags into the document processed by WeasyPrint during PDF export. This injection can be chained to trigger a Server-Side Request Forgery (SSRF), bypassing the application's existing SSRF defenses in ssrf_validator.py. This vulnerability is fixed in 1.6.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N","baseScore":5.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/LearningCircuit/local-deep-research/pull/3082","source":"security-advisories@github.com"},{"url":"https://github.com/LearningCircuit/local-deep-research/pull/3613","source":"security-advisories@github.com"},{"url":"https://github.com/LearningCircuit/local-deep-research/security/advisories/GHSA-fj2m-qvh9-jq4q","source":"security-advisories@github.com"},{"url":"https://github.com/LearningCircuit/local-deep-research/security/advisories/GHSA-fj2m-qvh9-jq4q","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-46509","sourceIdentifier":"security-advisories@github.com","published":"2026-05-28T19:16:39.280","lastModified":"2026-05-28T19:16:39.280","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"deepobj provides get, set, delete deep objects in javascript. Prior to 1.0.3, prototype pollution is possible when property paths contain __proto__/constructor/prototype. The property path must not be exposed as user input. This vulnerability is fixed in 1.0.3."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":4.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-1321"}]}],"references":[{"url":"https://github.com/ranfdev/deepobj/security/advisories/GHSA-x7q7-fchv-8h2j","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-47326","sourceIdentifier":"security@ubuntu.com","published":"2026-05-28T19:16:40.110","lastModified":"2026-05-29T02:45:36.283","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a memory leak in the handling of big responses to AppArmor notifications. The bug can be triggered by an unprivileged local user. The memory leak could lead to resource exhaustion."}],"metrics":{"cvssMetricV31":[{"source":"security@ubuntu.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"security@ubuntu.com","type":"Secondary","description":[{"lang":"en","value":"CWE-401"}]}],"references":[{"url":"https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/noble/commit/?id=8d858ecb7e2e216ca2987302a04c266f2355fefe","source":"security@ubuntu.com"}]}},{"cve":{"id":"CVE-2026-47327","sourceIdentifier":"security@ubuntu.com","published":"2026-05-28T19:16:40.420","lastModified":"2026-05-29T02:45:36.283","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a possible NULL pointer dereference in the handling of AppArmor notifications. The bug can be triggered by an unprivileged local user. This can lead to a kernel oops."}],"metrics":{"cvssMetricV31":[{"source":"security@ubuntu.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":1.4}]},"weaknesses":[{"source":"security@ubuntu.com","type":"Secondary","description":[{"lang":"en","value":"CWE-476"}]}],"references":[{"url":"https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/noble/commit/?id=7f3c4902c39432ce7ea0d384cb70eba282247fac","source":"security@ubuntu.com"}]}},{"cve":{"id":"CVE-2026-47328","sourceIdentifier":"security@ubuntu.com","published":"2026-05-28T19:16:40.687","lastModified":"2026-05-29T02:45:36.283","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly attempt to free a pointer which was not previously kmalloc()d, while at the same time leaking allocated memory. The bug can be triggered by an unprivileged local user and can result in the corruption of slab metadata and could lead to resource exhaustion."}],"metrics":{"cvssMetricV31":[{"source":"security@ubuntu.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":4.2}]},"weaknesses":[{"source":"security@ubuntu.com","type":"Secondary","description":[{"lang":"en","value":"CWE-590"}]}],"references":[{"url":"https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/noble/commit/?id=7f3c4902c39432ce7ea0d384cb70eba282247fac","source":"security@ubuntu.com"}]}},{"cve":{"id":"CVE-2026-47329","sourceIdentifier":"security@ubuntu.com","published":"2026-05-28T19:16:41.020","lastModified":"2026-05-29T02:45:36.283","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches which fail to validate invalid sizes of the name field in AppAmor notification responses. The bug can be triggered by an unprivileged local user and could result in handling of crafted responses."}],"metrics":{"cvssMetricV31":[{"source":"security@ubuntu.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":1.4}]},"weaknesses":[{"source":"security@ubuntu.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1284"}]}],"references":[{"url":"https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/noble/commit/?id=9ea8b64b3ad27d0501cf711efa98077998a33b14","source":"security@ubuntu.com"}]}},{"cve":{"id":"CVE-2026-47330","sourceIdentifier":"security@ubuntu.com","published":"2026-05-28T19:16:41.530","lastModified":"2026-05-29T02:45:36.283","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Ubuntu Linux 6.8, 7.17 and 7.0 contain AppArmor SAUCE patches which can, under certain circumstances, use an uninitialized variable in notification handling code. The bug can be triggered by an unprivileged local user and can result in the incorrect caching of AppArmor notification responses."}],"metrics":{"cvssMetricV31":[{"source":"security@ubuntu.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":1.4}]},"weaknesses":[{"source":"security@ubuntu.com","type":"Secondary","description":[{"lang":"en","value":"CWE-457"}]}],"references":[{"url":"https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/noble/commit/?id=9b2c6eded493fa50e7c8cd3618d7ebe1358abaab","source":"security@ubuntu.com"}]}},{"cve":{"id":"CVE-2026-47331","sourceIdentifier":"security@ubuntu.com","published":"2026-05-28T19:16:41.757","lastModified":"2026-05-29T02:45:36.283","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Ubuntu Linux 6.8 contains AppArmor SAUCE patches which fail to acquire a lock when modifying a linked list. An unprivileged local user could trigger the race condition that can lead to a use-after-free (UAF) and, theoretically, arbitrary code execution."}],"metrics":{"cvssMetricV31":[{"source":"security@ubuntu.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"security@ubuntu.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"references":[{"url":"https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/noble/commit/?id=5e5cd4759b63363373faf1ce15d1cab3606d6ec8","source":"security@ubuntu.com"}]}},{"cve":{"id":"CVE-2026-47332","sourceIdentifier":"security@ubuntu.com","published":"2026-05-28T19:16:41.960","lastModified":"2026-05-29T02:45:36.283","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly validate the size of an internal structure, leading to an out-of-bounds read in notification handling code. The bug can be triggered by an unprivileged local user and can result in information disclosure from adjacent slab objects."}],"metrics":{"cvssMetricV31":[{"source":"security@ubuntu.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"security@ubuntu.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"references":[{"url":"https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/noble/commit/?id=0418e5f61b55465f19245705bce6590c807fc9f2","source":"security@ubuntu.com"}]}},{"cve":{"id":"CVE-2026-47333","sourceIdentifier":"security@ubuntu.com","published":"2026-05-28T19:16:42.073","lastModified":"2026-05-29T02:45:36.283","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which can potentially incorrectly compute the size of an internal buffer, leading to a heap memory out-of-bounds read in notification handling code. The bug can be triggered by an unprivileged local user and can result in invalid data being processed by the AppArmor DFA policy engine."}],"metrics":{"cvssMetricV31":[{"source":"security@ubuntu.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"security@ubuntu.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"references":[{"url":"https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/noble/commit/?id=635fa30ed9e944bdb7e811fb8a8906286b4b4f06","source":"security@ubuntu.com"}]}},{"cve":{"id":"CVE-2026-47334","sourceIdentifier":"security@ubuntu.com","published":"2026-05-28T19:16:42.203","lastModified":"2026-05-29T02:45:36.283","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly sleep while holding a spinlock in notification handling code. The bug can be triggered by an unprivileged local user and can result in kernel panic or deadlock."}],"metrics":{"cvssMetricV31":[{"source":"security@ubuntu.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"security@ubuntu.com","type":"Secondary","description":[{"lang":"en","value":"CWE-833"}]}],"references":[{"url":"https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/noble/commit/?id=f0e73aec23d13a9877fba096b1c2fd19f66e5313","source":"security@ubuntu.com"}]}},{"cve":{"id":"CVE-2026-45288","sourceIdentifier":"security-advisories@github.com","published":"2026-05-28T21:16:31.220","lastModified":"2026-05-28T21:16:31.220","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"Marten is a .NET Transactional Document DB and Event Store on PostgreSQL. Prior to 8.36.1, Marten's full-text search APIs interpolated the user-supplied regConfig parameter directly into the generated SQL without parameterization or validation, making every code path that exposes regConfig to untrusted input a SQL injection sink. This vulnerability is fixed in 8.36.1."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://github.com/JasperFx/marten/commit/626249656829860b9c55895b5b6046b61a2a695f","source":"security-advisories@github.com"},{"url":"https://github.com/JasperFx/marten/pull/4343","source":"security-advisories@github.com"},{"url":"https://github.com/JasperFx/marten/security/advisories/GHSA-vmw2-qwm8-x84c","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-46833","sourceIdentifier":"secalert_us@oracle.com","published":"2026-05-28T21:16:33.200","lastModified":"2026-05-29T02:47:03.023","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Net Service component of Oracle Database Server.  Supported versions that are affected are 23.4.0-23.26.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Net Service.  While the vulnerability is in Net Service, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in takeover of Net Service. CVSS 3.1 Base Score 9.0 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)."}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":9.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":6.0}]},"references":[{"url":"https://www.oracle.com/security-alerts/cspumay2026.html","source":"secalert_us@oracle.com"}]}},{"cve":{"id":"CVE-2026-9645","sourceIdentifier":"vulnreport@tenable.com","published":"2026-05-28T21:16:34.950","lastModified":"2026-05-28T21:16:34.950","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"Exposed methods allow authenticated users to create and execute arbitrary JavaScript code on the server. The scripts execute with full access, enabling complete system compromise as commands are executed as root."}],"metrics":{"cvssMetricV31":[{"source":"vulnreport@tenable.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}]},"weaknesses":[{"source":"vulnreport@tenable.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://www.tenable.com/security/research/tra-2026-46","source":"vulnreport@tenable.com"}]}},{"cve":{"id":"CVE-2026-9646","sourceIdentifier":"vulnreport@tenable.com","published":"2026-05-28T21:16:35.087","lastModified":"2026-05-28T21:16:35.087","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"A reflected cross-site scripting issue exists in URL handling."}],"metrics":{"cvssMetricV31":[{"source":"vulnreport@tenable.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"vulnreport@tenable.com","type":"Secondary","description":[{"lang":"en","value":"CWE-80"}]}],"references":[{"url":"https://www.tenable.com/security/research/tra-2026-46","source":"vulnreport@tenable.com"}]}},{"cve":{"id":"CVE-2026-39929","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-28T22:16:58.693","lastModified":"2026-05-28T22:16:58.693","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"Lakeside SysTrack Agent versions prior to 11.2.1.28, 11.3.0.38, 11.4.0.24, 11.5.0.15 contain an out-of-bounds read vulnerability in the Command ID 30 UDP packet handler that allows remote attackers to crash the application by sending a specially crafted UDP packet. Attackers can send a malformed packet with an invalid memory address at offset 0x4 in the payload to trigger an access violation and cause a denial of service."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-125"},{"lang":"en","value":"CWE-754"}]}],"references":[{"url":"https://documentation.lakesidesoftware.com/docs/112128-hotfix-agent-release-notes","source":"disclosure@vulncheck.com"},{"url":"https://documentation.lakesidesoftware.com/docs/1130xxx-hotfix-agent-release-notes","source":"disclosure@vulncheck.com"},{"url":"https://documentation.lakesidesoftware.com/docs/1140xxx-hotfix-agent-release-notes","source":"disclosure@vulncheck.com"},{"url":"https://documentation.lakesidesoftware.com/docs/1150xxx-hotfix-agent-release-notes","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/lakeside-systrack-agent-lsiagent-exe-out-of-bounds-read-via-udp","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-45344","sourceIdentifier":"security-advisories@github.com","published":"2026-05-28T22:17:00.497","lastModified":"2026-05-29T02:44:14.130","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, the setup database configuration flow on uninitialized LinkAce instances accepts attacker-controlled database credential fields and writes them back into .env without escaping. A remote attacker who can reach the setup endpoints and supply a database they control can inject mail configuration variables and achieve command execution when the application later sends mail. This vulnerability is fixed in 2.5.6."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-74"}]}],"references":[{"url":"https://github.com/Kovah/LinkAce/security/advisories/GHSA-37m5-936h-w455","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-45364","sourceIdentifier":"security-advisories@github.com","published":"2026-05-28T22:17:00.633","lastModified":"2026-05-28T22:17:00.633","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"Better Auth is an authentication and authorization library for TypeScript. Prior to 1.4.17 and 1.5.0-beta.9, Better Auth's HTTP rate limiter keyed each request by the exact textual IP address it received in x-forwarded-for (or the configured IP-bearing header). IPv6 clients controlling a typical /64 allocation could rotate through 2^64 distinct source addresses without exhausting the per-address counter, defeating rate limiting on /sign-in/email, /sign-up/email, /forget-password, and every other path the limiter protects. The same bug allowed a single client to vary the textual encoding of one IPv6 address (uppercase, compression, IPv4-mapped, hex-encoded IPv4-in-IPv6) and produce multiple distinct keys. This vulnerability is fixed in 1.4.17 and 1.5.0-beta.9."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-307"}]}],"references":[{"url":"https://github.com/better-auth/better-auth/commit/43e719bcc0c223c7079fa0c611a9cf7ea1188254","source":"security-advisories@github.com"},{"url":"https://github.com/better-auth/better-auth/commit/57af0f7b910dcf7b1a5c0615d10b9bd56bb69bef","source":"security-advisories@github.com"},{"url":"https://github.com/better-auth/better-auth/pull/7470","source":"security-advisories@github.com"},{"url":"https://github.com/better-auth/better-auth/pull/7509","source":"security-advisories@github.com"},{"url":"https://github.com/better-auth/better-auth/security/advisories/GHSA-p6v2-xcpg-h6xw","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-45366","sourceIdentifier":"security-advisories@github.com","published":"2026-05-28T22:17:00.773","lastModified":"2026-05-28T22:17:00.773","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"typescript-utcp is a typescript implementation of UTCP. Prior to 1.1.2, the @utcp/http package is vulnerable to a blind Server-Side Request Forgery (SSRF) caused by a trust-boundary inconsistency between manual discovery and tool invocation. registerManual() validates the discovery URL against an HTTPS / loopback allowlist, but callTool() reuses the resolved toolCallTemplate.url directly without revalidating, and the OpenApiConverter blindly trusts whatever servers[0].url an attacker-hosted spec declares. An attacker who hosts a malicious OpenAPI spec on a legitimate HTTPS endpoint can declare e.g. servers: [{ url: \"http://127.0.0.1:9090\" }] or servers: [{ url: \"http://169.254.169.254\" }]; the converter then produces tools whose URL points at internal services on the agent host. This vulnerability is fixed in 1.1.2."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/universal-tool-calling-protocol/typescript-utcp/security/advisories/GHSA-r8j5-8747-88cm","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-10028","sourceIdentifier":"secalert@redhat.com","published":"2026-05-28T23:16:44.213","lastModified":"2026-05-29T02:47:03.023","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in glib-networking. A remote attacker can exploit this vulnerability by presenting a specially crafted certificate chain to an application that uses glib-networking with the GnuTLS backend enabled and performs certificate verification. This crafted chain, which contains circular issuer relationships, can cause an infinite loop during certificate verification. The unbounded traversal consumes excessive CPU resources, leading to a denial of service for the affected process or worker."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Primary","description":[{"lang":"en","value":"CWE-835"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-10028","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2465152","source":"secalert@redhat.com"},{"url":"https://gitlab.gnome.org/GNOME/glib-networking/-/work_items/231","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-8809","sourceIdentifier":"security@wordfence.com","published":"2026-05-28T23:16:44.760","lastModified":"2026-05-29T02:40:08.093","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privilege Escalation via Validation Bypass in all versions up to and including 0.9.2.5. The vulnerability exists due to the after_validate_save_post() function unconditionally trusting the attacker-controlled _acf_post_id POST parameter — with no authentication or integrity verification — to select a cleanup branch that silently discards all validation errors not prefixed with acfe:. This makes it possible for unauthenticated attackers to suppress both the role allow-list validation error added by acfe_field_user_roles::validate_front_value() and the administrator-role capability guard error added by acfe_module_form_action_user::validate_action(), causing wp_insert_user() to execute with an attacker-supplied administrator role argument and resulting in the creation of a new administrator-level user account. Exploitation requires the target site to expose a public ACFE frontend form configured with a Create User action that maps a role field."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-269"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/acf-extended/tags/0.9.2.4/includes/hooks.php#L636","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/acf-extended/tags/0.9.2.4/includes/module-acf.php#L141","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/acf-extended/tags/0.9.2.4/includes/modules/form/module-form-action-user.php#L715","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/acf-extended/tags/0.9.2.4/includes/modules/form/module-form-front.php#L94","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3551665/acf-extended","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/bd332f49-5aa9-4207-89db-84692a6430e0?source=cve","source":"security@wordfence.com"}]}}]}