Vulnerabilites related to Siemens - SINEMA Remote Connect
CVE-2025-30174 (GCVE-0-2025-30174)
Vulnerability from cvelistv5
Published
2025-05-13 09:38
Modified
2025-07-08 10:34
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read
Summary
A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA Remote Connect (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions), Totally Integrated Automation Portal (TIA Portal) V20 (All versions), User Management Component (UMC) (All versions < V2.15.1.1). Affected products contain a out of bound read buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to cause a denial of service condition.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | SIMATIC PCS neo V4.1 |
Version: 0 < * |
|||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30174",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T15:36:18.663369Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T15:36:38.414Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC PCS neo V4.1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC PCS neo V5.0",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINEC NMS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINEMA Remote Connect",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Totally Integrated Automation Portal (TIA Portal) V17",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Totally Integrated Automation Portal (TIA Portal) V18",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Totally Integrated Automation Portal (TIA Portal) V19",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Totally Integrated Automation Portal (TIA Portal) V20",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "User Management Component (UMC)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.15.1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions \u003c V4.0), SINEMA Remote Connect (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions), Totally Integrated Automation Portal (TIA Portal) V20 (All versions), User Management Component (UMC) (All versions \u003c V2.15.1.1). Affected products contain a out of bound read buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to cause a denial of service condition."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T10:34:32.889Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-614723.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2025-30174",
"datePublished": "2025-05-13T09:38:37.040Z",
"dateReserved": "2025-03-17T13:17:40.963Z",
"dateUpdated": "2025-07-08T10:34:32.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-30175 (GCVE-0-2025-30175)
Vulnerability from cvelistv5
Published
2025-05-13 09:38
Modified
2025-07-08 10:34
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write
Summary
A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA Remote Connect (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions), Totally Integrated Automation Portal (TIA Portal) V20 (All versions), User Management Component (UMC) (All versions < V2.15.1.1). Affected products contain a out of bound write buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to cause a denial of service condition.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | SIMATIC PCS neo V4.1 |
Version: 0 < * |
|||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30175",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T15:35:16.677975Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T15:35:40.466Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC PCS neo V4.1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC PCS neo V5.0",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINEC NMS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINEMA Remote Connect",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Totally Integrated Automation Portal (TIA Portal) V17",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Totally Integrated Automation Portal (TIA Portal) V18",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Totally Integrated Automation Portal (TIA Portal) V19",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Totally Integrated Automation Portal (TIA Portal) V20",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "User Management Component (UMC)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.15.1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions \u003c V4.0), SINEMA Remote Connect (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions), Totally Integrated Automation Portal (TIA Portal) V20 (All versions), User Management Component (UMC) (All versions \u003c V2.15.1.1). Affected products contain a out of bound write buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to cause a denial of service condition."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T10:34:34.185Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-614723.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2025-30175",
"datePublished": "2025-05-13T09:38:38.404Z",
"dateReserved": "2025-03-17T13:17:40.964Z",
"dateUpdated": "2025-07-08T10:34:34.185Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-30176 (GCVE-0-2025-30176)
Vulnerability from cvelistv5
Published
2025-05-13 09:38
Modified
2025-07-08 10:34
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read
Summary
A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA Remote Connect (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions), Totally Integrated Automation Portal (TIA Portal) V20 (All versions), User Management Component (UMC) (All versions < V2.15.1.1). Affected products contain a out of bound read buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to cause a denial of service condition.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | SIMATIC PCS neo V4.1 |
Version: 0 < * |
|||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30176",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T15:26:49.916543Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T15:33:46.069Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC PCS neo V4.1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC PCS neo V5.0",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINEC NMS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINEMA Remote Connect",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Totally Integrated Automation Portal (TIA Portal) V17",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Totally Integrated Automation Portal (TIA Portal) V18",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Totally Integrated Automation Portal (TIA Portal) V19",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Totally Integrated Automation Portal (TIA Portal) V20",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "User Management Component (UMC)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.15.1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions \u003c V4.0), SINEMA Remote Connect (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions), Totally Integrated Automation Portal (TIA Portal) V20 (All versions), User Management Component (UMC) (All versions \u003c V2.15.1.1). Affected products contain a out of bound read buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to cause a denial of service condition."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T10:34:35.475Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-614723.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2025-30176",
"datePublished": "2025-05-13T09:38:39.738Z",
"dateReserved": "2025-03-17T13:17:40.964Z",
"dateUpdated": "2025-07-08T10:34:35.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-201805-0963
Vulnerability from variot
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. CPU hardware utilizing speculative execution may be vulnerable to cache timing side-channel analysis. Two vulnerabilities are identified, known as "Variant 3a" and "Variant 4". CPUhardware is firmware that runs in the central processor for managing and controlling the CPU. Multiple CPUHardware information disclosure vulnerabilities. The vulnerability is caused by a race condition in the CPU cache processing. Local attackers can exploit vulnerabilities to obtain sensitive information through side channel analysis. AMD, ARM, and Intel CPUs are all CPU (central processing unit) products from different manufacturers. AMD, ARM, and Intel CPUs have security vulnerabilities. 7) - aarch64, noarch, ppc64le
-
(CVE-2018-3639, aarch64)
-
A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. (CVE-2018-5390)
-
A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391)
Space precludes documenting all of the security fixes in this advisory. See the descriptions of the remaining security fixes in the related Knowledge Article:
https://access.redhat.com/articles/3658021
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 1623067 - CVE-2018-9363 kernel: Buffer overflow in hidp_process_report 1629636 - CVE-2018-14641 kernel: a bug in ip_frag_reasm() can cause a crash in ip_do_fragment()
-
(CVE-2018-3639, PowerPC)
-
kernel: net/packet: overflow in check for priv area size (CVE-2017-7308)
-
kernel: AIO interface didn't use rw_verify_area() for checking mandatory locking on files and size of access (CVE-2012-6701)
-
kernel: AIO write triggers integer overflow in some protocols (CVE-2015-8830)
-
kernel: Null pointer dereference via keyctl (CVE-2016-8650)
-
kernel: ping socket / AF_LLC connect() sin_family race (CVE-2017-2671)
-
kernel: Race condition between multiple sys_perf_event_open() calls (CVE-2017-6001)
-
kernel: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c (CVE-2017-7616)
-
kernel: mm subsystem does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism (CVE-2017-7889)
-
kernel: Double free in the inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c (CVE-2017-8890)
-
kernel: net: sctp_v6_create_accept_sk function mishandles inheritance (CVE-2017-9075)
-
kernel: net: IPv6 DCCP implementation mishandles inheritance (CVE-2017-9076)
-
kernel: net: tcp_v6_syn_recv_sock function mishandles inheritance (CVE-2017-9077)
-
kernel: memory leak when merging buffers in SCSI IO vectors (CVE-2017-12190)
-
kernel: vfs: BUG in truncate_inode_pages_range() and fuse client (CVE-2017-15121)
-
kernel: Race condition in drivers/md/dm.c:dm_get_from_kobject() allows local users to cause a denial of service (CVE-2017-18203)
-
kernel: a null pointer dereference in net/dccp/output.c:dccp_write_xmit() leads to a system crash (CVE-2018-1130)
-
kernel: Missing length check of payload in net/sctp/sm_make_chunk.c:_sctp_make_chunk() function allows denial of service (CVE-2018-5803)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):
869942 - Kernel crashes on reading an ACL containing 190 ACEs over NFSv4 1314275 - CVE-2015-8830 kernel: AIO write triggers integer overflow in some protocols 1314288 - CVE-2012-6701 kernel: AIO interface didn't use rw_verify_area() for checking mandatory locking on files and size of access 1395187 - CVE-2016-8650 kernel: Null pointer dereference via keyctl 1422825 - CVE-2017-6001 kernel: Race condition between multiple sys_perf_event_open() calls 1436649 - CVE-2017-2671 kernel: ping socket / AF_LLC connect() sin_family race 1437404 - CVE-2017-7308 kernel: net/packet: overflow in check for priv area size 1441088 - CVE-2017-7616 kernel: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c 1444493 - CVE-2017-7889 kernel: mm subsystem does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism 1448170 - RHEL6.9: sunrpc reconnect logic now may trigger a SYN storm when a TCP connection drops and a burst of RPC commands hit the transport 1450972 - CVE-2017-8890 kernel: Double free in the inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c 1452688 - CVE-2017-9076 kernel: net: IPv6 DCCP implementation mishandles inheritance 1452691 - CVE-2017-9075 kernel: net: sctp_v6_create_accept_sk function mishandles inheritance 1452744 - CVE-2017-9077 kernel: net: tcp_v6_syn_recv_sock function mishandles inheritance 1495089 - CVE-2017-12190 kernel: memory leak when merging buffers in SCSI IO vectors 1497152 - systool causes panic on 2.6.32-696.6.3.el6.x86_64 using be2iscsi 1520893 - CVE-2017-15121 kernel: vfs: BUG in truncate_inode_pages_range() and fuse client 1550811 - CVE-2017-18203 kernel: Race condition in drivers/md/dm.c:dm_get_from_kobject() allows local users to cause a denial of service 1551051 - CVE-2018-5803 kernel: Missing length check of payload in net/sctp/sm_make_chunk.c:_sctp_make_chunk() function allows denial of service 1560494 - i686: Using invpcid_flush_all_nonglobals() can cause user-space panic on .i686 1566890 - CVE-2018-3639 hw: cpu: speculative store bypass 1576419 - CVE-2018-1130 kernel: a null pointer dereference in net/dccp/output.c:dccp_write_xmit() leads to a system crash
-
7) - aarch64, noarch, ppc64le, s390x
-
Description:
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. (CVE-2018-3639)
Note: This is the OpenJDK side of the CVE-2018-3639 mitigation.
The following packages have been upgraded to a later upstream version: rhevm-setup-plugins (3.6.7). Description:
KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.
Bug Fix(es):
-
Previously, using device passthrough for a SCSI-2 device failed and returned an "Illegal Request" error. With this update, the QEMU emulator checks the SCSI version of the device when performing passthrough. (BZ#1571370)
-
Under certain circumstances, resuming a paused guest generated redundant "VIR_DOMAIN_PAUSED_UNKNOWN" error messages in the libvirt log. This update corrects the event sending order when resuming guests, which prevents the errors being logged. (BZ#1588001)
-
Once all virtual machines have shut down, start them again for this update to take effect. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2018:2161-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:2161 Issue date: 2018-07-10 CVE Names: CVE-2018-3639 ==================================================================== 1. Summary:
An update for kernel is now available for Red Hat Enterprise Linux 7.3 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux ComputeNode EUS (v. 7.3) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.3) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.3) - ppc64, ppc64le, x86_64
- Description:
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
- An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639, x86 AMD)
Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue.
Bug Fix(es):
-
When a Nonvolatile Memory Express (NVMe) namespace was created, changed, or deleted, an occasional deadlock occurred. With this update, namespace scanning and removal does not hold a mutual exclusion (mutex) program object. As a result, a deadlock no longer occurs in the described scenario. (BZ#1566886)
-
Previously, a live migration of a virtual machine from one host with updated firmware to another host without updated firmware resulted in incorrect kernel settings for Meltdown mitigations, which could leave the kernel vulnerable to Meltdown. With this fix, the firmware on the new physical host is re-scanned for updates after a live migration. As a result, the kernel uses the correct mitigation in the described scenario. (BZ#1570507)
-
Previously, microcode updates on 32 and 64-bit AMD and Intel architectures were not synchronized. As a consequence, it was not possible to apply the microcode updates. This fix adds the synchronization to the microcode updates so that processors of the stated architectures receive updates at the same time. As a result, microcode updates are now synchronized. (BZ#1578044)
-
When switching from the indirect branch speculation (IBRS) feature to the retpolines feature, the IBRS state of some CPUs was sometimes not handled correctly. Consequently, some CPUs were left with the IBRS Model-Specific Register (MSR) bit set to 1, which could lead to performance issues. With this update, the underlying source code has been fixed to clear the IBRS MSR bits correctly, thus fixing the bug. (BZ#1586146)
Users of kernel are advised to upgrade to these updated packages, which fix these bugs.
The system must be rebooted for this update to take effect.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1566890 - CVE-2018-3639 hw: cpu: speculative store bypass
- Package List:
Red Hat Enterprise Linux ComputeNode EUS (v. 7.3):
Source: kernel-3.10.0-514.53.1.el7.src.rpm
noarch: kernel-abi-whitelists-3.10.0-514.53.1.el7.noarch.rpm kernel-doc-3.10.0-514.53.1.el7.noarch.rpm
x86_64: kernel-3.10.0-514.53.1.el7.x86_64.rpm kernel-debug-3.10.0-514.53.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-514.53.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-514.53.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.53.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.53.1.el7.x86_64.rpm kernel-devel-3.10.0-514.53.1.el7.x86_64.rpm kernel-headers-3.10.0-514.53.1.el7.x86_64.rpm kernel-tools-3.10.0-514.53.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.53.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-514.53.1.el7.x86_64.rpm perf-3.10.0-514.53.1.el7.x86_64.rpm perf-debuginfo-3.10.0-514.53.1.el7.x86_64.rpm python-perf-3.10.0-514.53.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.53.1.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3):
x86_64: kernel-debug-debuginfo-3.10.0-514.53.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.53.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.53.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.53.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-514.53.1.el7.x86_64.rpm perf-debuginfo-3.10.0-514.53.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.53.1.el7.x86_64.rpm
Red Hat Enterprise Linux Server EUS (v. 7.3):
Source: kernel-3.10.0-514.53.1.el7.src.rpm
noarch: kernel-abi-whitelists-3.10.0-514.53.1.el7.noarch.rpm kernel-doc-3.10.0-514.53.1.el7.noarch.rpm
ppc64: kernel-3.10.0-514.53.1.el7.ppc64.rpm kernel-bootwrapper-3.10.0-514.53.1.el7.ppc64.rpm kernel-debug-3.10.0-514.53.1.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-514.53.1.el7.ppc64.rpm kernel-debug-devel-3.10.0-514.53.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-514.53.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-514.53.1.el7.ppc64.rpm kernel-devel-3.10.0-514.53.1.el7.ppc64.rpm kernel-headers-3.10.0-514.53.1.el7.ppc64.rpm kernel-tools-3.10.0-514.53.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-514.53.1.el7.ppc64.rpm kernel-tools-libs-3.10.0-514.53.1.el7.ppc64.rpm perf-3.10.0-514.53.1.el7.ppc64.rpm perf-debuginfo-3.10.0-514.53.1.el7.ppc64.rpm python-perf-3.10.0-514.53.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-514.53.1.el7.ppc64.rpm
ppc64le: kernel-3.10.0-514.53.1.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-514.53.1.el7.ppc64le.rpm kernel-debug-3.10.0-514.53.1.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-514.53.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-514.53.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-514.53.1.el7.ppc64le.rpm kernel-devel-3.10.0-514.53.1.el7.ppc64le.rpm kernel-headers-3.10.0-514.53.1.el7.ppc64le.rpm kernel-tools-3.10.0-514.53.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-514.53.1.el7.ppc64le.rpm kernel-tools-libs-3.10.0-514.53.1.el7.ppc64le.rpm perf-3.10.0-514.53.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-514.53.1.el7.ppc64le.rpm python-perf-3.10.0-514.53.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-514.53.1.el7.ppc64le.rpm
s390x: kernel-3.10.0-514.53.1.el7.s390x.rpm kernel-debug-3.10.0-514.53.1.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-514.53.1.el7.s390x.rpm kernel-debug-devel-3.10.0-514.53.1.el7.s390x.rpm kernel-debuginfo-3.10.0-514.53.1.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-514.53.1.el7.s390x.rpm kernel-devel-3.10.0-514.53.1.el7.s390x.rpm kernel-headers-3.10.0-514.53.1.el7.s390x.rpm kernel-kdump-3.10.0-514.53.1.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-514.53.1.el7.s390x.rpm kernel-kdump-devel-3.10.0-514.53.1.el7.s390x.rpm perf-3.10.0-514.53.1.el7.s390x.rpm perf-debuginfo-3.10.0-514.53.1.el7.s390x.rpm python-perf-3.10.0-514.53.1.el7.s390x.rpm python-perf-debuginfo-3.10.0-514.53.1.el7.s390x.rpm
x86_64: kernel-3.10.0-514.53.1.el7.x86_64.rpm kernel-debug-3.10.0-514.53.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-514.53.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-514.53.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.53.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.53.1.el7.x86_64.rpm kernel-devel-3.10.0-514.53.1.el7.x86_64.rpm kernel-headers-3.10.0-514.53.1.el7.x86_64.rpm kernel-tools-3.10.0-514.53.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.53.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-514.53.1.el7.x86_64.rpm perf-3.10.0-514.53.1.el7.x86_64.rpm perf-debuginfo-3.10.0-514.53.1.el7.x86_64.rpm python-perf-3.10.0-514.53.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.53.1.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional EUS (v. 7.3):
ppc64: kernel-debug-debuginfo-3.10.0-514.53.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-514.53.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-514.53.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-514.53.1.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-514.53.1.el7.ppc64.rpm perf-debuginfo-3.10.0-514.53.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-514.53.1.el7.ppc64.rpm
ppc64le: kernel-debug-debuginfo-3.10.0-514.53.1.el7.ppc64le.rpm kernel-debug-devel-3.10.0-514.53.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-514.53.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-514.53.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-514.53.1.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-514.53.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-514.53.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-514.53.1.el7.ppc64le.rpm
x86_64: kernel-debug-debuginfo-3.10.0-514.53.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.53.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.53.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.53.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-514.53.1.el7.x86_64.rpm perf-debuginfo-3.10.0-514.53.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.53.1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2018-3639 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBW0Tt1NzjgjWX9erEAQjWjRAAqEnkLg83IXcDh/QVNDhAoM5gAh+OkfHJ LiuDz6CIHgDiv9K3BiG/dLNgL5caK11pxryqk/9kmtgoy6ClyqcrA2FNRIJMwugr PXTjAXNxekyn6gTX0I+8hSOulCZtkCRXmlUu79apvVT/eqQM6PfqjK02OjEL9uc8 59jO7ZoWcv7GVJhu+06QoHaWAqGHBOYL9ufCVAXZH6dY3aS2dPM4UUcZpVxsP8X/ HqXR/ciyXNPSQoGcR/waf/iZgx1pDIV6JXmdl/qlJXthohwa1ZwxD2qqEV3cM9uO XzXXVu9SD2D8cU4jClzIZ+XfM9J9dNl8j2YbZHaUs5IADNwqAIjPTb5leNhe6jqv omnbgOwkJ0mEOLeWBSpQhGxoq4rk4eUJLai1kcpw8MRa6RzOzTs+GHOxTpDfL681 S7F8GjN6J4l0gbW+fOkley3gdMi/74cZcWA6jX/GcjJrtzhlFhRsUDZqd8Eb+F/g quqdBLQ9Vc81FRlMoCATOhuqHM1/eJUcySbY3r1A6bU9oUQShN+prvIV4z5/ag6o WIPN2ImSDaSBACJoCSEby8e2jXs689JLHgPPS0QVvuMQK7wdYGu8/7W++L7+5/It IkS2XQFetG9urfkgM/OMVzeybOiGVsai+JAJOTxFnTWPeyIFF5MJ2E31Q11Amdlp YF80GD/Rvjo=ltf/ -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Relevant releases/architectures:
RHV-M 4.3 - noarch
- It includes the configuration of the Red Hat Support plugin, copying downstream-only artifacts to the ISO domain, and links to the knowledgebase and other support material. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. Note: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue. (CVE-2017-5754)
Bug Fix(es):
-
[CVE-2017-5754] Variant3: POWER {qemu-kvm-rhev} Add machine type variants (BZ#1559948)
-
add POWER 9 to the 4.2 cluster level (BZ#1574494)
-
6.6) - x86_64
-
Description:
The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-0963",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "atom c",
"scope": "eq",
"trust": 1.6,
"vendor": "intel",
"version": "c3808"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.6,
"vendor": "intel",
"version": "c3508"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.6,
"vendor": "intel",
"version": "c3538"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.6,
"vendor": "intel",
"version": "c3558"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.6,
"vendor": "intel",
"version": "c3708"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.6,
"vendor": "intel",
"version": "c3750"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.6,
"vendor": "intel",
"version": "c3758"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.6,
"vendor": "intel",
"version": "c2308"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.6,
"vendor": "intel",
"version": "c3308"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.6,
"vendor": "intel",
"version": "c3338"
},
{
"model": "xeon e5 2650l v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4610_v4"
},
{
"model": "xeon e3 1240l v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4627_v4"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4660_v3"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.6"
},
{
"model": "xeon e5 2430l",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1240 v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8860_v3"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3736g"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8893_v3"
},
{
"model": "xeon e3 1225 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4860_v2"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "45nm"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3775"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1809"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86130t"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3850"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86126t"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1545m_v5"
},
{
"model": "xeon e5 2637",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4807"
},
{
"model": "cortex-a",
"scope": "eq",
"trust": 1.0,
"vendor": "arm",
"version": "15"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3480"
},
{
"model": "simatic ipc827d",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "19.02.11"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3745"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3580"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x3480"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8870_v3"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e5504"
},
{
"model": "xeon e3 1278l v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4830"
},
{
"model": "simatic ipc427e",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "21.01.09"
},
{
"model": "windows 7",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8880l_v2"
},
{
"model": "jetson tx2",
"scope": "lt",
"trust": 1.0,
"vendor": "nvidia",
"version": "r28.3"
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8160"
},
{
"model": "xeon e3 1265l v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2430 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1280 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon silver",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4109t"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4667_v3"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8860_v4"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8891_v2"
},
{
"model": "xeon e5 2603 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "cortex-a",
"scope": "eq",
"trust": 1.0,
"vendor": "arm",
"version": "57"
},
{
"model": "xeon e5 2620 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e5507"
},
{
"model": "xeon e3 1281 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2660"
},
{
"model": "xeon e5 2450l v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8893_v2"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "17.10"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2699_v3"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4820"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3735d"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8867l"
},
{
"model": "xeon e5 2630 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "windows server 2012",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8180"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2650l_v4"
},
{
"model": "xeon e3 1225 v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2420",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2690_v2"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "xeon e5 2648l",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4850_v3"
},
{
"model": "celeron j",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "j3455"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "w5580"
},
{
"model": "mivoice border gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "mitel",
"version": null
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86134m"
},
{
"model": "surface",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "mivoic mx-one",
"scope": "eq",
"trust": 1.0,
"vendor": "mitel",
"version": null
},
{
"model": "xeon e5 2438l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z2480"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86144"
},
{
"model": "xeon e5 2470 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom x5-e3930",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "simatic ipc547e",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "r1.30.0"
},
{
"model": "windows server 2016",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1803"
},
{
"model": "xeon e5 2407 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2450 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2609 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "windows server 2008",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "sp2"
},
{
"model": "xeon e5 2609 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4650_v3"
},
{
"model": "simatic ipc647c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.01.14"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2690_v3"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "l5508_"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1515m_v5"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86126"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86132"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4640"
},
{
"model": "xeon e3 1245",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2418l v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2643 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86142m"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4620"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2660_v2"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1535m_v5"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2687w_v2"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "85120"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3600"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86134"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "85120t"
},
{
"model": "pentium silver",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n5000"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3785"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x5550"
},
{
"model": "xeon silver",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4114"
},
{
"model": "atom e",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e3827"
},
{
"model": "simatic ipc827c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.02.15"
},
{
"model": "xeon e5 1428l",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2670_v3"
},
{
"model": "xeon e5 2430",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8870_v2"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4890_v2"
},
{
"model": "xeon e5 2428l",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2640 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2667"
},
{
"model": "xeon e5 2618l v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2643 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4850"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4603_v2"
},
{
"model": "celeron j",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "j4105"
},
{
"model": "simatic ipc427d",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "17.0x.14"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.7"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4880_v2"
},
{
"model": "itc1500 pro",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8176f"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1565l_v5"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4648_v3"
},
{
"model": "xeon e5 1660 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "ruggedcom ape",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8857_v2"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8837"
},
{
"model": "xeon e5 2620",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1505l v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4628l_v4"
},
{
"model": "xeon e5 2618l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "85115"
},
{
"model": "solaris",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4603"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2665"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "32nm"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2687w_v4"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8880_v2"
},
{
"model": "xeon e5 2630 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4830_v4"
},
{
"model": "xeon e3 1265l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 1650",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4650_v2"
},
{
"model": "pentium silver",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "j5005"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3570"
},
{
"model": "xeon e5 1680 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3560"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2850"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "sonicosv",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8890_v2"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e5520"
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8160f"
},
{
"model": "email security",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8891_v4"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4624l_v2"
},
{
"model": "xeon e5 1650 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1268l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4650_v4"
},
{
"model": "openstack",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "9"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z2520"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "85119t"
},
{
"model": "xeon e5 2608l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "itc2200",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2803"
},
{
"model": "xeon e5 2643 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4607_v2"
},
{
"model": "xeon e5 1620 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "secure mobile access",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": null
},
{
"model": "xeon e5 2637 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2630l",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3770"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4607"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3955"
},
{
"model": "xeon e3 1270 v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3530"
},
{
"model": "xeon e5 2630l v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z2460"
},
{
"model": "xeon e3 1220 v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1230 v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86146"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e5506"
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8158"
},
{
"model": "simatic ipc677d",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "19.02.11"
},
{
"model": "cloud global management system",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4820_v2"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "32nm"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1585l_v5"
},
{
"model": "xeon e5 2408l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon silver",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4116t"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.7"
},
{
"model": "xeon e5 1650 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "surface pro with lte advanced",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1807"
},
{
"model": "windows server 2016",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "simatic ipc477e",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "21.01.09"
},
{
"model": "xeon e3 1275 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2680_v2"
},
{
"model": "xeon e3 1240 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4655_v4"
},
{
"model": "simatic ipc847c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.01.14"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x5560"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2667_v2"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.5"
},
{
"model": "atom e",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e3845"
},
{
"model": "xeon e3 1280 v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4650"
},
{
"model": "xeon e5 2637 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4627_v2"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2667_v4"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2820"
},
{
"model": "mivoice business",
"scope": "eq",
"trust": 1.0,
"vendor": "mitel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4870_v2"
},
{
"model": "xeon e5 2630l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8168"
},
{
"model": "xeon e3 1241 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86142"
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8160m"
},
{
"model": "xeon e3 1230l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1260l v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "virtualization manager",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "4.3"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4655_v3"
},
{
"model": "xeon e3 1225",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "windows 10",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1709"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4830_v3"
},
{
"model": "xeon e3 1271 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1260l",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "itc2200 pro",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "xeon e3 1245 v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "l5506"
},
{
"model": "xeon e5 1650 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z2760"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "l3406"
},
{
"model": "xeon e3 1245 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1275 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1230",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "jetson tx1",
"scope": "lt",
"trust": 1.0,
"vendor": "nvidia",
"version": "r28.3"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "l3403"
},
{
"model": "xeon e5 2623 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2650",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4620_v2"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2695_v2"
},
{
"model": "xeon e3 1240 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2658"
},
{
"model": "xeon e3 1285 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x3440"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2687w_v3"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x3460"
},
{
"model": "xeon e5 2628l v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2698_v3"
},
{
"model": "xeon e5 2630 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86128"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86148f"
},
{
"model": "local service management system",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "pentium",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n4000"
},
{
"model": "core m",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "45nm"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3590"
},
{
"model": "xeon e5 1428l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "micloud management portal",
"scope": "eq",
"trust": 1.0,
"vendor": "mitel",
"version": "*"
},
{
"model": "surface pro",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1796"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8890_v3"
},
{
"model": "xeon e5 2448l",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2428l v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3745d"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "struxureware data center expert",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "7.6.0"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z2560"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2860"
},
{
"model": "xeon e5 2637 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2697_v3"
},
{
"model": "xeon e3 1285l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3958"
},
{
"model": "simatic ipc547g",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "r1.23.0"
},
{
"model": "xeon e5 2418l",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom e",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e3805"
},
{
"model": "atom e",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e3825"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3770d"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1607"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2850_v2"
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8153"
},
{
"model": "xeon e5 2603 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.6"
},
{
"model": "micollab",
"scope": "eq",
"trust": 1.0,
"vendor": "mitel",
"version": null
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8170"
},
{
"model": "xeon e3 1286l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 1660 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "pentium",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n4100"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5115"
},
{
"model": "xeon e3 12201 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1280",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2640 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2643",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2620 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "windows server 2008",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "r2"
},
{
"model": "virtualization",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "4.0"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8893_v4"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e5503"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4830_v2"
},
{
"model": "xeon e3 1285 v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "celeron j",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "j4005"
},
{
"model": "atom e",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e3826"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2658_v4"
},
{
"model": "xeon e3 1225 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "windows 10",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1703"
},
{
"model": "xeon e3 1240l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3460"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2670"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2695_v3"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4809_v2"
},
{
"model": "atom x7-e3950",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2430l v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2667_v3"
},
{
"model": "openstack",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "12"
},
{
"model": "xeon e5 2448l v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2407",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4820_v3"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4640_v2"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x3430"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8867_v3"
},
{
"model": "xeon e3 1270 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1268l v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86138f"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4620_v3"
},
{
"model": "xeon e3 1501m v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2618l v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2670_v2"
},
{
"model": "xeon e3 1220 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x3470"
},
{
"model": "xeon e5 2603 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "simatic ipc477e pro",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "21.01.09"
},
{
"model": "xeon e3 1245 v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2450l",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4860"
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8160t"
},
{
"model": "xeon e3 1225 v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 1620 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon silver",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4112"
},
{
"model": "xeon e3 1276 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1558l_v5"
},
{
"model": "xeon e3 1505m v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon silver",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4108"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "12.04"
},
{
"model": "web application firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": null
},
{
"model": "xeon e5 2650l",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2699r_v4"
},
{
"model": "atom e",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e3815"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2698_v4"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "l5518_"
},
{
"model": "xeon e5 1620",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "w5590"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4610"
},
{
"model": "xeon e3 1220l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1230 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2660_v3"
},
{
"model": "xeon e3 1235l v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1578l_v5"
},
{
"model": "xeon e3 1226 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1535m_v6"
},
{
"model": "xeon e5 1428l v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.4"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3740d"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "45nm"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2687w"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2697_v4"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "125c_"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86142f"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86154"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8870_v4"
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8164"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2658a_v3"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2690"
},
{
"model": "xeon e5 2648l v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2603",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1275 v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4640_v3"
},
{
"model": "sinema remote connect",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86140"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.7"
},
{
"model": "xeon e5 2628l v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon silver",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4116"
},
{
"model": "xeon e3 1285 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4669_v4"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86138"
},
{
"model": "openstack",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8"
},
{
"model": "xeon e3 12201",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2660_v4"
},
{
"model": "xeon e5 2418l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "simatic field pg m5",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "22.01.06"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2680_v3"
},
{
"model": "simatic ipc677c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.02.15"
},
{
"model": "surface pro",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "3"
},
{
"model": "xeon e5 1630 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "45nm"
},
{
"model": "xeon e5 2450",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86136"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2699a_v4"
},
{
"model": "xeon e5 2403",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "openstack",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "13"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e6550"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "windows server 2016",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1709"
},
{
"model": "xeon e3 1270 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1585_v5"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3735g"
},
{
"model": "xeon e5 2403 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1501l v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2440",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4610_v2"
},
{
"model": "pentium j",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "j4205"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z2580"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3735e"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8830"
},
{
"model": "surface book",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1220_"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8880_v4"
},
{
"model": "surface studio",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3950"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2697a_v4"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2870_v2"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4870"
},
{
"model": "simatic ipc847d",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "19.01.14"
},
{
"model": "xeon e3 1245 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2658_v3"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7500"
},
{
"model": "xeon e5 1630 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3736f"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4667_v4"
},
{
"model": "itc1900 pro",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "xeon e5 2470",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "openstack",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "10"
},
{
"model": "surface pro",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "4"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4809_v3"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4640_v4"
},
{
"model": "xeon e5 2648l v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "sinumerik pcu 50.5",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.02.15"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2683_v3"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "l5530"
},
{
"model": "xeon e3 1220 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e-1105c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "sinumerik 840 d sl",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "xeon e3 1258l v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4620_v4"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4669_v3"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3740"
},
{
"model": "simatic itp1000",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "23.01.04"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3858"
},
{
"model": "xeon e3 1235",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2650l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4650l"
},
{
"model": "xeon e3 1270 v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "simotion p320-4e",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "17.0x.14"
},
{
"model": "xeon e5 2640 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1575m_v5"
},
{
"model": "xeon e3 1220 v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8890_v4"
},
{
"model": "xeon e5 2609 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x3450"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8860"
},
{
"model": "simatic ipc477c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "l3426"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86152"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.9"
},
{
"model": "xeon e5 1620 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2630l v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1275_"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e5540"
},
{
"model": "xeon silver",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4110"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2890_v2"
},
{
"model": "xeon e5 1660 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2699_v4"
},
{
"model": "open integration gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "mitel",
"version": null
},
{
"model": "xeon e3 1240 v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "simatic ipc477d",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "17.0x.14"
},
{
"model": "simatic et 200 sp",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.6"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8891_v3"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "xeon e5 2420 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86130"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1803"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8850_v2"
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8176m"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86140m"
},
{
"model": "xeon e3 1265l v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3775d"
},
{
"model": "xeon e3 1246 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "virtualization manager",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "4.2"
},
{
"model": "local service management system",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "xeon e3 1275l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2650 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86148"
},
{
"model": "xeon e5 2623 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4809_v4"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4657l_v2"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2690_v4"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z2420"
},
{
"model": "openstack",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8880l_v3"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8850"
},
{
"model": "xeon e3 1275 v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom x5-e3940",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1285l v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8867_v4"
},
{
"model": "xeon e3 1280 v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86138t"
},
{
"model": "simatic ipc427c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "32nm"
},
{
"model": "simatic ipc347e",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.5"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e6510"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3830"
},
{
"model": "xeon e5 1660",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2428l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "sinumerik tcu 30.3",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "mivoice connect",
"scope": "eq",
"trust": 1.0,
"vendor": "mitel",
"version": null
},
{
"model": "windows 8.1",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "xeon e5 2630",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "simatic ipc627d",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "19.02.11"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8880_v3"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4850_v4"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "windows server 2012",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "r2"
},
{
"model": "xeon e3 1230 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2650 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "simatic s7-1500",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.6"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2695_v4"
},
{
"model": "xeon e5 2440 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4850_v2"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2680_v4"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.5"
},
{
"model": "mivoice 5000",
"scope": "eq",
"trust": 1.0,
"vendor": "mitel",
"version": null
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1505m_v6"
},
{
"model": "itc1500",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "xeon e5 2648l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "85122"
},
{
"model": "xeon e3 1290 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 1680 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1125c v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8170m"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4820_v4"
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8156"
},
{
"model": "xeon e3 1231 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8176"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2830"
},
{
"model": "xeon e3 1505l v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2628l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8870"
},
{
"model": "cortex-a",
"scope": "eq",
"trust": 1.0,
"vendor": "arm",
"version": "72"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8894_v4"
},
{
"model": "xeon e3 1230 v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2609",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2650 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2870"
},
{
"model": "simatic ipc3000 smart",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.5"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2680"
},
{
"model": "xeon e5 2640",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e5502"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4617"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e6540"
},
{
"model": "simatic ipc647d",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "19.01.14"
},
{
"model": "xeon e3 1280 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1270",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "pentium",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n4200"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e5530"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4610_v3"
},
{
"model": "xeon e3 1105c v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon silver",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4114t"
},
{
"model": "simatic field pg m4",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "18.01.09"
},
{
"model": "itc1900",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "simatic ipc627c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "15.02.15"
},
{
"model": "core m",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "32nm"
},
{
"model": "global management system",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": null
},
{
"model": "xeon e3 1286 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1290",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "celeron n",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n3450"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2658_v2"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4660_v4"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x5570"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86150"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "l5520"
},
{
"model": "mrg realtime",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "2.0"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2880_v2"
},
{
"model": "windows 10",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2697_v2"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4627_v3"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5600"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3795"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.7"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2683_v4"
},
{
"model": "xeon e3 1240",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2620 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "surface book",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "2"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86130f"
},
{
"model": "xeon e5 2608l v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3735f"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "86126f"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "85118"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "amd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "arm",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "dell",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "dell emc",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hp",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "qualcomm incorporated",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "suse linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "synology",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ubuntu",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "vmware",
"version": null
},
{
"model": "cortex a57",
"scope": null,
"trust": 0.6,
"vendor": "arm",
"version": null
},
{
"model": "5th generation core processors",
"scope": null,
"trust": 0.6,
"vendor": "intel",
"version": null
},
{
"model": "cortex a72",
"scope": null,
"trust": 0.6,
"vendor": "arm",
"version": null
},
{
"model": "6th generation core processors",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "0"
},
{
"model": "5th generation core processors",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "0"
},
{
"model": "4th generation core processors",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "0"
},
{
"model": "3rd generation core processors",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "0"
},
{
"model": "2nd generation core processors",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "0"
},
{
"model": "8th generation core processors",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "0"
},
{
"model": "7th generation core processors",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "0"
},
{
"model": "atom processor a series",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "0"
},
{
"model": "atom processor c series",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "0"
},
{
"model": "atom processor e series",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "0"
},
{
"model": "atom processor t series",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "0"
},
{
"model": "atom processor series",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "x0"
},
{
"model": "atom processor z series",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "0"
},
{
"model": "core x-series processor family for intel platforms",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "x990"
},
{
"model": "celeron processor j series",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "0"
},
{
"model": "celeron processor n series",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "0"
},
{
"model": "core m processor family",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "0"
},
{
"model": "core x-series processor family for intel platforms",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "x2990"
},
{
"model": "pentium processor n series",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "0"
},
{
"model": "pentium processor silver series",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "0"
},
{
"model": "xeon processor series",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "34000"
},
{
"model": "xeon processor series",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "36000"
},
{
"model": "xeon processor series",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "55000"
},
{
"model": "xeon processor series",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "56000"
},
{
"model": "xeon processor series",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "75000"
},
{
"model": "xeon processor series",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "65000"
},
{
"model": "pentium processor j series",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "0"
},
{
"model": "xeon processor e3 family",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "0"
},
{
"model": "xeon processor e3 family",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "v20"
},
{
"model": "xeon processor e3 family",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "v3"
},
{
"model": "xeon processor e3 family",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "v40"
},
{
"model": "xeon processor e3 family",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "v50"
},
{
"model": "xeon processor e3 family",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "v60"
},
{
"model": "xeon processor e5 family",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "0"
},
{
"model": "xeon processor e5 family",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "v20"
},
{
"model": "xeon processor e5 family",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "v3"
},
{
"model": "xeon processor e5 family",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "v40"
},
{
"model": "xeon processor e7 family",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "0"
},
{
"model": "xeon processor e7 family",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "v20"
},
{
"model": "xeon processor e7 family",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "v3"
},
{
"model": "xeon processor e7 family",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "v40"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#180049"
},
{
"db": "CNVD",
"id": "CNVD-2018-13391"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-749"
},
{
"db": "NVD",
"id": "CVE-2018-3639"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "147778"
},
{
"db": "PACKETSTORM",
"id": "150070"
},
{
"db": "PACKETSTORM",
"id": "148244"
},
{
"db": "PACKETSTORM",
"id": "151288"
},
{
"db": "PACKETSTORM",
"id": "150075"
},
{
"db": "PACKETSTORM",
"id": "147738"
},
{
"db": "PACKETSTORM",
"id": "147758"
},
{
"db": "PACKETSTORM",
"id": "148330"
},
{
"db": "PACKETSTORM",
"id": "148484"
},
{
"db": "PACKETSTORM",
"id": "152767"
},
{
"db": "PACKETSTORM",
"id": "150077"
},
{
"db": "PACKETSTORM",
"id": "147748"
}
],
"trust": 1.2
},
"cve": "CVE-2018-3639",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2018-3639",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2018-13391",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-133670",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "VHN-133671",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2018-3639",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-3639",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-13391",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201805-749",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-133670",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-133671",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13391"
},
{
"db": "VULHUB",
"id": "VHN-133670"
},
{
"db": "VULHUB",
"id": "VHN-133671"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-749"
},
{
"db": "NVD",
"id": "CVE-2018-3639"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. CPU hardware utilizing speculative execution may be vulnerable to cache timing side-channel analysis. Two vulnerabilities are identified, known as \"Variant 3a\" and \"Variant 4\". CPUhardware is firmware that runs in the central processor for managing and controlling the CPU. Multiple CPUHardware information disclosure vulnerabilities. The vulnerability is caused by a race condition in the CPU cache processing. Local attackers can exploit vulnerabilities to obtain sensitive information through side channel analysis. AMD, ARM, and Intel CPUs are all CPU (central processing unit) products from different manufacturers. AMD, ARM, and Intel CPUs have security vulnerabilities. 7) - aarch64, noarch, ppc64le\n\n3. (CVE-2018-3639, aarch64)\n\n* A flaw named SegmentSmack was found in the way the Linux kernel handled\nspecially crafted TCP packets. A remote attacker could use this flaw to\ntrigger time and calculation expensive calls to tcp_collapse_ofo_queue()\nand tcp_prune_ofo_queue() functions by sending specially modified packets\nwithin ongoing TCP sessions which could lead to a CPU saturation and hence\na denial of service on the system. Maintaining the denial of service\ncondition requires continuous two-way TCP sessions to a reachable open\nport, thus the attacks cannot be performed using spoofed IP addresses. \n(CVE-2018-5390)\n\n* A flaw named FragmentSmack was found in the way the Linux kernel handled\nreassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use\nthis flaw to trigger time and calculation expensive fragment reassembly\nalgorithm by sending specially crafted packets which could lead to a CPU\nsaturation and hence a denial of service on the system. (CVE-2018-5391)\n\nSpace precludes documenting all of the security fixes in this advisory. See\nthe descriptions of the remaining security fixes in the related Knowledge\nArticle:\n\nhttps://access.redhat.com/articles/3658021\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n1623067 - CVE-2018-9363 kernel: Buffer overflow in hidp_process_report\n1629636 - CVE-2018-14641 kernel: a bug in ip_frag_reasm() can cause a crash in ip_do_fragment()\n\n6. (CVE-2018-3639, PowerPC)\n\n* kernel: net/packet: overflow in check for priv area size (CVE-2017-7308)\n\n* kernel: AIO interface didn\u0027t use rw_verify_area() for checking mandatory\nlocking on files and size of access (CVE-2012-6701)\n\n* kernel: AIO write triggers integer overflow in some protocols\n(CVE-2015-8830)\n\n* kernel: Null pointer dereference via keyctl (CVE-2016-8650)\n\n* kernel: ping socket / AF_LLC connect() sin_family race (CVE-2017-2671)\n\n* kernel: Race condition between multiple sys_perf_event_open() calls\n(CVE-2017-6001)\n\n* kernel: Incorrect error handling in the set_mempolicy and mbind compat\nsyscalls in mm/mempolicy.c (CVE-2017-7616)\n\n* kernel: mm subsystem does not properly enforce the CONFIG_STRICT_DEVMEM\nprotection mechanism (CVE-2017-7889)\n\n* kernel: Double free in the inet_csk_clone_lock function in\nnet/ipv4/inet_connection_sock.c (CVE-2017-8890)\n\n* kernel: net: sctp_v6_create_accept_sk function mishandles inheritance\n(CVE-2017-9075)\n\n* kernel: net: IPv6 DCCP implementation mishandles inheritance\n(CVE-2017-9076)\n\n* kernel: net: tcp_v6_syn_recv_sock function mishandles inheritance\n(CVE-2017-9077)\n\n* kernel: memory leak when merging buffers in SCSI IO vectors\n(CVE-2017-12190)\n\n* kernel: vfs: BUG in truncate_inode_pages_range() and fuse client\n(CVE-2017-15121)\n\n* kernel: Race condition in drivers/md/dm.c:dm_get_from_kobject() allows\nlocal users to cause a denial of service (CVE-2017-18203)\n\n* kernel: a null pointer dereference in net/dccp/output.c:dccp_write_xmit()\nleads to a system crash (CVE-2018-1130)\n\n* kernel: Missing length check of payload in\nnet/sctp/sm_make_chunk.c:_sctp_make_chunk() function allows denial of\nservice (CVE-2018-5803)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n869942 - Kernel crashes on reading an ACL containing 190 ACEs over NFSv4\n1314275 - CVE-2015-8830 kernel: AIO write triggers integer overflow in some protocols\n1314288 - CVE-2012-6701 kernel: AIO interface didn\u0027t use rw_verify_area() for checking mandatory locking on files and size of access\n1395187 - CVE-2016-8650 kernel: Null pointer dereference via keyctl\n1422825 - CVE-2017-6001 kernel: Race condition between multiple sys_perf_event_open() calls\n1436649 - CVE-2017-2671 kernel: ping socket / AF_LLC connect() sin_family race\n1437404 - CVE-2017-7308 kernel: net/packet: overflow in check for priv area size\n1441088 - CVE-2017-7616 kernel: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c\n1444493 - CVE-2017-7889 kernel: mm subsystem does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism\n1448170 - RHEL6.9: sunrpc reconnect logic now may trigger a SYN storm when a TCP connection drops and a burst of RPC commands hit the transport\n1450972 - CVE-2017-8890 kernel: Double free in the inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c\n1452688 - CVE-2017-9076 kernel: net: IPv6 DCCP implementation mishandles inheritance\n1452691 - CVE-2017-9075 kernel: net: sctp_v6_create_accept_sk function mishandles inheritance\n1452744 - CVE-2017-9077 kernel: net: tcp_v6_syn_recv_sock function mishandles inheritance\n1495089 - CVE-2017-12190 kernel: memory leak when merging buffers in SCSI IO vectors\n1497152 - systool causes panic on 2.6.32-696.6.3.el6.x86_64 using be2iscsi\n1520893 - CVE-2017-15121 kernel: vfs: BUG in truncate_inode_pages_range() and fuse client\n1550811 - CVE-2017-18203 kernel: Race condition in drivers/md/dm.c:dm_get_from_kobject() allows local users to cause a denial of service\n1551051 - CVE-2018-5803 kernel: Missing length check of payload in net/sctp/sm_make_chunk.c:_sctp_make_chunk() function allows denial of service\n1560494 - i686: Using invpcid_flush_all_nonglobals() can cause user-space panic on .i686\n1566890 - CVE-2018-3639 hw: cpu: speculative store bypass\n1576419 - CVE-2018-1130 kernel: a null pointer dereference in net/dccp/output.c:dccp_write_xmit() leads to a system crash\n\n6. 7) - aarch64, noarch, ppc64le, s390x\n\n3. Description:\n\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime\nEnvironment and the OpenJDK 8 Java Software Development Kit. (CVE-2018-3639)\n\nNote: This is the OpenJDK side of the CVE-2018-3639 mitigation. \n\nThe following packages have been upgraded to a later upstream version:\nrhevm-setup-plugins (3.6.7). Description:\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on a variety of architectures. The qemu-kvm-rhev packages provide the\nuser-space component for running virtual machines that use KVM in\nenvironments managed by Red Hat products. \n\nBug Fix(es):\n\n* Previously, using device passthrough for a SCSI-2 device failed and\nreturned an \"Illegal Request\" error. With this update, the QEMU emulator\nchecks the SCSI version of the device when performing passthrough. (BZ#1571370)\n \n* Under certain circumstances, resuming a paused guest generated redundant\n\"VIR_DOMAIN_PAUSED_UNKNOWN\" error messages in the libvirt log. This update\ncorrects the event sending order when resuming guests, which prevents the\nerrors being logged. (BZ#1588001)\n\n4. Once\nall virtual machines have shut down, start them again for this update to\ntake effect. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: kernel security and bug fix update\nAdvisory ID: RHSA-2018:2161-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2018:2161\nIssue date: 2018-07-10\nCVE Names: CVE-2018-3639\n====================================================================\n1. Summary:\n\nAn update for kernel is now available for Red Hat Enterprise Linux 7.3\nExtended Update Support. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux ComputeNode EUS (v. 7.3) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3) - x86_64\nRed Hat Enterprise Linux Server EUS (v. 7.3) - noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional EUS (v. 7.3) - ppc64, ppc64le, x86_64\n\n3. Description:\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system. \n\nSecurity Fix(es):\n\n* An industry-wide issue was found in the way many modern microprocessor\ndesigns have implemented speculative execution of Load \u0026 Store instructions\n(a commonly used performance optimization). It relies on the presence of a\nprecisely-defined instruction sequence in the privileged code as well as\nthe fact that memory read from address to which a recent memory write has\noccurred may see an older value and subsequently cause an update into the\nmicroprocessor\u0027s data cache even for speculatively executed instructions\nthat never actually commit (retire). As a result, an unprivileged attacker\ncould use this flaw to read privileged memory by conducting targeted cache\nside-channel attacks. (CVE-2018-3639, x86 AMD)\n\nRed Hat would like to thank Ken Johnson (Microsoft Security Response\nCenter) and Jann Horn (Google Project Zero) for reporting this issue. \n\nBug Fix(es):\n\n* When a Nonvolatile Memory Express (NVMe) namespace was created, changed,\nor deleted, an occasional deadlock occurred. With this update, namespace\nscanning and removal does not hold a mutual exclusion (mutex) program\nobject. As a result, a deadlock no longer occurs in the described scenario. \n(BZ#1566886)\n\n* Previously, a live migration of a virtual machine from one host with\nupdated firmware to another host without updated firmware resulted in\nincorrect kernel settings for Meltdown mitigations, which could leave the\nkernel vulnerable to Meltdown. With this fix, the firmware on the new\nphysical host is re-scanned for updates after a live migration. As a\nresult, the kernel uses the correct mitigation in the described scenario. \n(BZ#1570507)\n\n* Previously, microcode updates on 32 and 64-bit AMD and Intel\narchitectures were not synchronized. As a consequence, it was not possible\nto apply the microcode updates. This fix adds the synchronization to the\nmicrocode updates so that processors of the stated architectures receive\nupdates at the same time. As a result, microcode updates are now\nsynchronized. (BZ#1578044)\n\n* When switching from the indirect branch speculation (IBRS) feature to the\nretpolines feature, the IBRS state of some CPUs was sometimes not handled\ncorrectly. Consequently, some CPUs were left with the IBRS Model-Specific\nRegister (MSR) bit set to 1, which could lead to performance issues. With\nthis update, the underlying source code has been fixed to clear the IBRS\nMSR bits correctly, thus fixing the bug. (BZ#1586146)\n\nUsers of kernel are advised to upgrade to these updated packages, which fix\nthese bugs. \n\nThe system must be rebooted for this update to take effect. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1566890 - CVE-2018-3639 hw: cpu: speculative store bypass\n\n6. Package List:\n\nRed Hat Enterprise Linux ComputeNode EUS (v. 7.3):\n\nSource:\nkernel-3.10.0-514.53.1.el7.src.rpm\n\nnoarch:\nkernel-abi-whitelists-3.10.0-514.53.1.el7.noarch.rpm\nkernel-doc-3.10.0-514.53.1.el7.noarch.rpm\n\nx86_64:\nkernel-3.10.0-514.53.1.el7.x86_64.rpm\nkernel-debug-3.10.0-514.53.1.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-514.53.1.el7.x86_64.rpm\nkernel-debug-devel-3.10.0-514.53.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-514.53.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-514.53.1.el7.x86_64.rpm\nkernel-devel-3.10.0-514.53.1.el7.x86_64.rpm\nkernel-headers-3.10.0-514.53.1.el7.x86_64.rpm\nkernel-tools-3.10.0-514.53.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-514.53.1.el7.x86_64.rpm\nkernel-tools-libs-3.10.0-514.53.1.el7.x86_64.rpm\nperf-3.10.0-514.53.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-514.53.1.el7.x86_64.rpm\npython-perf-3.10.0-514.53.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-514.53.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3):\n\nx86_64:\nkernel-debug-debuginfo-3.10.0-514.53.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-514.53.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-514.53.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-514.53.1.el7.x86_64.rpm\nkernel-tools-libs-devel-3.10.0-514.53.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-514.53.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-514.53.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server EUS (v. 7.3):\n\nSource:\nkernel-3.10.0-514.53.1.el7.src.rpm\n\nnoarch:\nkernel-abi-whitelists-3.10.0-514.53.1.el7.noarch.rpm\nkernel-doc-3.10.0-514.53.1.el7.noarch.rpm\n\nppc64:\nkernel-3.10.0-514.53.1.el7.ppc64.rpm\nkernel-bootwrapper-3.10.0-514.53.1.el7.ppc64.rpm\nkernel-debug-3.10.0-514.53.1.el7.ppc64.rpm\nkernel-debug-debuginfo-3.10.0-514.53.1.el7.ppc64.rpm\nkernel-debug-devel-3.10.0-514.53.1.el7.ppc64.rpm\nkernel-debuginfo-3.10.0-514.53.1.el7.ppc64.rpm\nkernel-debuginfo-common-ppc64-3.10.0-514.53.1.el7.ppc64.rpm\nkernel-devel-3.10.0-514.53.1.el7.ppc64.rpm\nkernel-headers-3.10.0-514.53.1.el7.ppc64.rpm\nkernel-tools-3.10.0-514.53.1.el7.ppc64.rpm\nkernel-tools-debuginfo-3.10.0-514.53.1.el7.ppc64.rpm\nkernel-tools-libs-3.10.0-514.53.1.el7.ppc64.rpm\nperf-3.10.0-514.53.1.el7.ppc64.rpm\nperf-debuginfo-3.10.0-514.53.1.el7.ppc64.rpm\npython-perf-3.10.0-514.53.1.el7.ppc64.rpm\npython-perf-debuginfo-3.10.0-514.53.1.el7.ppc64.rpm\n\nppc64le:\nkernel-3.10.0-514.53.1.el7.ppc64le.rpm\nkernel-bootwrapper-3.10.0-514.53.1.el7.ppc64le.rpm\nkernel-debug-3.10.0-514.53.1.el7.ppc64le.rpm\nkernel-debug-debuginfo-3.10.0-514.53.1.el7.ppc64le.rpm\nkernel-debuginfo-3.10.0-514.53.1.el7.ppc64le.rpm\nkernel-debuginfo-common-ppc64le-3.10.0-514.53.1.el7.ppc64le.rpm\nkernel-devel-3.10.0-514.53.1.el7.ppc64le.rpm\nkernel-headers-3.10.0-514.53.1.el7.ppc64le.rpm\nkernel-tools-3.10.0-514.53.1.el7.ppc64le.rpm\nkernel-tools-debuginfo-3.10.0-514.53.1.el7.ppc64le.rpm\nkernel-tools-libs-3.10.0-514.53.1.el7.ppc64le.rpm\nperf-3.10.0-514.53.1.el7.ppc64le.rpm\nperf-debuginfo-3.10.0-514.53.1.el7.ppc64le.rpm\npython-perf-3.10.0-514.53.1.el7.ppc64le.rpm\npython-perf-debuginfo-3.10.0-514.53.1.el7.ppc64le.rpm\n\ns390x:\nkernel-3.10.0-514.53.1.el7.s390x.rpm\nkernel-debug-3.10.0-514.53.1.el7.s390x.rpm\nkernel-debug-debuginfo-3.10.0-514.53.1.el7.s390x.rpm\nkernel-debug-devel-3.10.0-514.53.1.el7.s390x.rpm\nkernel-debuginfo-3.10.0-514.53.1.el7.s390x.rpm\nkernel-debuginfo-common-s390x-3.10.0-514.53.1.el7.s390x.rpm\nkernel-devel-3.10.0-514.53.1.el7.s390x.rpm\nkernel-headers-3.10.0-514.53.1.el7.s390x.rpm\nkernel-kdump-3.10.0-514.53.1.el7.s390x.rpm\nkernel-kdump-debuginfo-3.10.0-514.53.1.el7.s390x.rpm\nkernel-kdump-devel-3.10.0-514.53.1.el7.s390x.rpm\nperf-3.10.0-514.53.1.el7.s390x.rpm\nperf-debuginfo-3.10.0-514.53.1.el7.s390x.rpm\npython-perf-3.10.0-514.53.1.el7.s390x.rpm\npython-perf-debuginfo-3.10.0-514.53.1.el7.s390x.rpm\n\nx86_64:\nkernel-3.10.0-514.53.1.el7.x86_64.rpm\nkernel-debug-3.10.0-514.53.1.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-514.53.1.el7.x86_64.rpm\nkernel-debug-devel-3.10.0-514.53.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-514.53.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-514.53.1.el7.x86_64.rpm\nkernel-devel-3.10.0-514.53.1.el7.x86_64.rpm\nkernel-headers-3.10.0-514.53.1.el7.x86_64.rpm\nkernel-tools-3.10.0-514.53.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-514.53.1.el7.x86_64.rpm\nkernel-tools-libs-3.10.0-514.53.1.el7.x86_64.rpm\nperf-3.10.0-514.53.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-514.53.1.el7.x86_64.rpm\npython-perf-3.10.0-514.53.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-514.53.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional EUS (v. 7.3):\n\nppc64:\nkernel-debug-debuginfo-3.10.0-514.53.1.el7.ppc64.rpm\nkernel-debuginfo-3.10.0-514.53.1.el7.ppc64.rpm\nkernel-debuginfo-common-ppc64-3.10.0-514.53.1.el7.ppc64.rpm\nkernel-tools-debuginfo-3.10.0-514.53.1.el7.ppc64.rpm\nkernel-tools-libs-devel-3.10.0-514.53.1.el7.ppc64.rpm\nperf-debuginfo-3.10.0-514.53.1.el7.ppc64.rpm\npython-perf-debuginfo-3.10.0-514.53.1.el7.ppc64.rpm\n\nppc64le:\nkernel-debug-debuginfo-3.10.0-514.53.1.el7.ppc64le.rpm\nkernel-debug-devel-3.10.0-514.53.1.el7.ppc64le.rpm\nkernel-debuginfo-3.10.0-514.53.1.el7.ppc64le.rpm\nkernel-debuginfo-common-ppc64le-3.10.0-514.53.1.el7.ppc64le.rpm\nkernel-tools-debuginfo-3.10.0-514.53.1.el7.ppc64le.rpm\nkernel-tools-libs-devel-3.10.0-514.53.1.el7.ppc64le.rpm\nperf-debuginfo-3.10.0-514.53.1.el7.ppc64le.rpm\npython-perf-debuginfo-3.10.0-514.53.1.el7.ppc64le.rpm\n\nx86_64:\nkernel-debug-debuginfo-3.10.0-514.53.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-514.53.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-514.53.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-514.53.1.el7.x86_64.rpm\nkernel-tools-libs-devel-3.10.0-514.53.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-514.53.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-514.53.1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-3639\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBW0Tt1NzjgjWX9erEAQjWjRAAqEnkLg83IXcDh/QVNDhAoM5gAh+OkfHJ\nLiuDz6CIHgDiv9K3BiG/dLNgL5caK11pxryqk/9kmtgoy6ClyqcrA2FNRIJMwugr\nPXTjAXNxekyn6gTX0I+8hSOulCZtkCRXmlUu79apvVT/eqQM6PfqjK02OjEL9uc8\n59jO7ZoWcv7GVJhu+06QoHaWAqGHBOYL9ufCVAXZH6dY3aS2dPM4UUcZpVxsP8X/\nHqXR/ciyXNPSQoGcR/waf/iZgx1pDIV6JXmdl/qlJXthohwa1ZwxD2qqEV3cM9uO\nXzXXVu9SD2D8cU4jClzIZ+XfM9J9dNl8j2YbZHaUs5IADNwqAIjPTb5leNhe6jqv\nomnbgOwkJ0mEOLeWBSpQhGxoq4rk4eUJLai1kcpw8MRa6RzOzTs+GHOxTpDfL681\nS7F8GjN6J4l0gbW+fOkley3gdMi/74cZcWA6jX/GcjJrtzhlFhRsUDZqd8Eb+F/g\nquqdBLQ9Vc81FRlMoCATOhuqHM1/eJUcySbY3r1A6bU9oUQShN+prvIV4z5/ag6o\nWIPN2ImSDaSBACJoCSEby8e2jXs689JLHgPPS0QVvuMQK7wdYGu8/7W++L7+5/It\nIkS2XQFetG9urfkgM/OMVzeybOiGVsai+JAJOTxFnTWPeyIFF5MJ2E31Q11Amdlp\nYF80GD/Rvjo=ltf/\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Relevant releases/architectures:\n\nRHV-M 4.3 - noarch\n\n3. \nIt includes the configuration of the Red Hat Support plugin, copying\ndownstream-only artifacts to the ISO domain, and links to the knowledgebase\nand other support material. There are three primary variants of the\nissue which differ in the way the speculative execution can be exploited. \nVariant CVE-2017-5754 relies on the fact that, on impacted microprocessors,\nduring speculative execution of instruction permission faults, exception\ngeneration triggered by a faulting access is suppressed until the\nretirement of the whole instruction block. Note: CVE-2017-5754 affects Intel\nx86-64 microprocessors. AMD x86-64 microprocessors are not affected by this\nissue. (CVE-2017-5754)\n\nBug Fix(es):\n\n* [CVE-2017-5754] Variant3: POWER {qemu-kvm-rhev} Add machine type variants\n(BZ#1559948)\n\n* add POWER 9 to the 4.2 cluster level (BZ#1574494)\n\n4. 6.6) - x86_64\n\n3. Description:\n\nThe libvirt library contains a C API for managing and interacting with the\nvirtualization capabilities of Linux and other operating systems. In\naddition, libvirt provides tools for remote management of virtualized\nsystems",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-3639"
},
{
"db": "CERT/CC",
"id": "VU#180049"
},
{
"db": "CNVD",
"id": "CNVD-2018-13391"
},
{
"db": "VULHUB",
"id": "VHN-133670"
},
{
"db": "VULHUB",
"id": "VHN-133671"
},
{
"db": "PACKETSTORM",
"id": "147778"
},
{
"db": "PACKETSTORM",
"id": "150070"
},
{
"db": "PACKETSTORM",
"id": "148244"
},
{
"db": "PACKETSTORM",
"id": "151288"
},
{
"db": "PACKETSTORM",
"id": "147738"
},
{
"db": "PACKETSTORM",
"id": "147758"
},
{
"db": "PACKETSTORM",
"id": "148330"
},
{
"db": "PACKETSTORM",
"id": "148484"
},
{
"db": "PACKETSTORM",
"id": "152767"
},
{
"db": "PACKETSTORM",
"id": "150077"
},
{
"db": "PACKETSTORM",
"id": "147748"
},
{
"db": "PACKETSTORM",
"id": "150075"
}
],
"trust": 3.42
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-133670",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-133670"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-3639",
"trust": 3.6
},
{
"db": "USCERT",
"id": "TA18-141A",
"trust": 2.6
},
{
"db": "CERT/CC",
"id": "VU#180049",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1040949",
"trust": 2.4
},
{
"db": "BID",
"id": "104232",
"trust": 2.3
},
{
"db": "LENOVO",
"id": "LEN-22133",
"trust": 1.8
},
{
"db": "SIEMENS",
"id": "SSA-268644",
"trust": 1.8
},
{
"db": "SIEMENS",
"id": "SSA-608355",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1042004",
"trust": 1.8
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2020/06/10/5",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2020/06/10/1",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2020/06/10/2",
"trust": 1.7
},
{
"db": "EXPLOIT-DB",
"id": "44695",
"trust": 1.7
},
{
"db": "SIEMENS",
"id": "SSA-505225",
"trust": 1.7
},
{
"db": "CERT/CC",
"id": "VU#584653",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "152767",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-13391",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2340",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3058",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2798",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3052",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0077.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1025.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4343",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0854",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4156",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0726",
"trust": 0.6
},
{
"db": "LENOVO",
"id": "LEN-30550",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201805-749",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "148484",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "147748",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "148330",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "150077",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "147738",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "147778",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "147758",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "150075",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "151288",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "148581",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148151",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147743",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148318",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148731",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148817",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150097",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147932",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150076",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147839",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147749",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148324",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147769",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147746",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147765",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147762",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147770",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147754",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147756",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147931",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148323",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147751",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147747",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147764",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147755",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147873",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150073",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148699",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147763",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148656",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147744",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147779",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147734",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147750",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148370",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147767",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147719",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150090",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147737",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147742",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147796",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147720",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "149127",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "149390",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148614",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148818",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147752",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150096",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147745",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147753",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148751",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147780",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148842",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147733",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147866",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147740",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147757",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147741",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150079",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150078",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148853",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147735",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147766",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148695",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147938",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147933",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147721",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147760",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148975",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150095",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150074",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147736",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147761",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148317",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147904",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147759",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147930",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148507",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147739",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147851",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147934",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-133670",
"trust": 0.1
},
{
"db": "BID",
"id": "104228",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-201805-748",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-133671",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150070",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148244",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#180049"
},
{
"db": "CNVD",
"id": "CNVD-2018-13391"
},
{
"db": "VULHUB",
"id": "VHN-133670"
},
{
"db": "VULHUB",
"id": "VHN-133671"
},
{
"db": "PACKETSTORM",
"id": "147778"
},
{
"db": "PACKETSTORM",
"id": "150070"
},
{
"db": "PACKETSTORM",
"id": "148244"
},
{
"db": "PACKETSTORM",
"id": "151288"
},
{
"db": "PACKETSTORM",
"id": "150075"
},
{
"db": "PACKETSTORM",
"id": "147738"
},
{
"db": "PACKETSTORM",
"id": "147758"
},
{
"db": "PACKETSTORM",
"id": "148330"
},
{
"db": "PACKETSTORM",
"id": "148484"
},
{
"db": "PACKETSTORM",
"id": "152767"
},
{
"db": "PACKETSTORM",
"id": "150077"
},
{
"db": "PACKETSTORM",
"id": "147748"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-749"
},
{
"db": "NVD",
"id": "CVE-2018-3639"
}
]
},
"id": "VAR-201805-0963",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13391"
},
{
"db": "VULHUB",
"id": "VHN-133670"
},
{
"db": "VULHUB",
"id": "VHN-133671"
}
],
"trust": 1.4987851138095238
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13391"
}
]
},
"last_update_date": "2024-11-29T22:19:19.544000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patches for multiple CPUHardware information disclosure vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/134555"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13391"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-203",
"trust": 1.2
},
{
"problemtype": "CWE-200",
"trust": 0.2
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-133670"
},
{
"db": "VULHUB",
"id": "VHN-133671"
},
{
"db": "NVD",
"id": "CVE-2018-3639"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
},
{
"trust": 2.6,
"url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
},
{
"trust": 2.6,
"url": "https://www.us-cert.gov/ncas/alerts/ta18-141a"
},
{
"trust": 2.6,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180521-cpusidechannel"
},
{
"trust": 2.5,
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1528"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/104232"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 2.3,
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
},
{
"trust": 2.3,
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"trust": 1.8,
"url": "https://www.kb.cert.org/vuls/id/180049"
},
{
"trust": 1.8,
"url": "http://support.lenovo.com/us/en/solutions/len-22133"
},
{
"trust": 1.8,
"url": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html"
},
{
"trust": 1.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf"
},
{
"trust": 1.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20180521-0001/"
},
{
"trust": 1.8,
"url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006"
},
{
"trust": 1.8,
"url": "https://www.synology.com/support/security/synology_sa_18_23"
},
{
"trust": 1.8,
"url": "https://www.debian.org/security/2018/dsa-4273"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2018:1649"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2018:1653"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2018:1655"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2018:1689"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2018:1854"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2018:2060"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2018:2161"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2018:2948"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2018:3398"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2018:3400"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:0148"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:1046"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1040949"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1042004"
},
{
"trust": 1.8,
"url": "https://usn.ubuntu.com/3756-1/"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/security/vulnerabilities/ssbd"
},
{
"trust": 1.7,
"url": "https://seclists.org/bugtraq/2019/jun/36"
},
{
"trust": 1.7,
"url": "http://xenbits.xen.org/xsa/advisory-263.html"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf"
},
{
"trust": 1.7,
"url": "https://help.ecostruxureit.com/display/public/uadce725/security+fixes+in+struxureware+data+center+expert+v7.6.0"
},
{
"trust": 1.7,
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787"
},
{
"trust": 1.7,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv180012"
},
{
"trust": 1.7,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2018-0004"
},
{
"trust": 1.7,
"url": "https://support.citrix.com/article/ctx235225"
},
{
"trust": 1.7,
"url": "https://support.oracle.com/knowledge/sun%20microsystems/2481872_1.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2018/dsa-4210"
},
{
"trust": 1.7,
"url": "https://www.exploit-db.com/exploits/44695/"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2020/06/10/2"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2020/06/10/5"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2020/06/10/1"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:1629"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:1630"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:1632"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:1633"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:1635"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:1636"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:1637"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:1638"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:1639"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:1640"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:1641"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:1642"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:1643"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:1644"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:1645"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:1646"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:1647"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:1648"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:1650"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:1651"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:1652"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:1654"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:1656"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:1657"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:1658"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:1659"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:1660"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:1661"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:1662"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:1663"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:1664"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:1665"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:1666"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:1667"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:1668"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:1669"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:1674"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:1675"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:1676"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:1686"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:1688"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:1690"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:1696"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:1710"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:1711"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:1737"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:1738"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:1826"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:1965"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:1967"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:1997"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:2001"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:2003"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:2006"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:2162"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:2164"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:2171"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:2172"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:2216"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:2228"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:2246"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:2250"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:2258"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:2289"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:2309"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:2328"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:2363"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:2364"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:2387"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:2394"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:2396"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:3396"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:3397"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:3399"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:3401"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:3402"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:3407"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:3423"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:3424"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:3425"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html"
},
{
"trust": 1.7,
"url": "https://usn.ubuntu.com/3651-1/"
},
{
"trust": 1.7,
"url": "https://usn.ubuntu.com/3652-1/"
},
{
"trust": 1.7,
"url": "https://usn.ubuntu.com/3653-1/"
},
{
"trust": 1.7,
"url": "https://usn.ubuntu.com/3653-2/"
},
{
"trust": 1.7,
"url": "https://usn.ubuntu.com/3654-1/"
},
{
"trust": 1.7,
"url": "https://usn.ubuntu.com/3654-2/"
},
{
"trust": 1.7,
"url": "https://usn.ubuntu.com/3655-1/"
},
{
"trust": 1.7,
"url": "https://usn.ubuntu.com/3655-2/"
},
{
"trust": 1.7,
"url": "https://usn.ubuntu.com/3679-1/"
},
{
"trust": 1.7,
"url": "https://usn.ubuntu.com/3680-1/"
},
{
"trust": 1.7,
"url": "https://usn.ubuntu.com/3777-3/"
},
{
"trust": 1.6,
"url": "https://support.apple.com//ht208394"
},
{
"trust": 1.6,
"url": "http://www.dell.com/support/speculative-store-bypass"
},
{
"trust": 1.6,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03850en_us"
},
{
"trust": 1.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/security/cve/cve-2018-3639"
},
{
"trust": 1.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-3639"
},
{
"trust": 0.8,
"url": "https://vuls.cert.org/confluence/display/wiki/vulnerabilities+associated+with+cpu+speculative+execution"
},
{
"trust": 0.8,
"url": "https://developer.amd.com/wp-content/resources/124441_amd64_speculativestorebypassdisable_whitepaper_final.pdf"
},
{
"trust": 0.8,
"url": "https://www.kb.cert.org/vuls/id/584653"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/208.html"
},
{
"trust": 0.8,
"url": "https://software.intel.com/sites/default/files/managed/c5/63/336996-speculative-execution-side-channel-mitigations.pdf"
},
{
"trust": 0.8,
"url": "https://software.intel.com/sites/default/files/managed/b9/f9/336983-intel-analysis-of-speculative-execution-side-channels-white-paper.pdf"
},
{
"trust": 0.8,
"url": "https://fortiguard.com/psirt/fg-ir-18-002"
},
{
"trust": 0.8,
"url": "https://support.hp.com/us-en/document/c06001626"
},
{
"trust": 0.8,
"url": "http://www.hitachi.com/hirt/publications/hirt-pub18001/"
},
{
"trust": 0.8,
"url": "https://www.ibm.com/blogs/psirt/potential-impact-processors-power-family/"
},
{
"trust": 0.8,
"url": "https://docs.microsoft.com/en-us/cpp/security/developer-guidance-speculative-execution"
},
{
"trust": 0.8,
"url": "https://www.suse.com/support/kb/doc/?id=7022937"
},
{
"trust": 0.8,
"url": "https://www.synology.com/en-global/support/security/synology_sa_18_23"
},
{
"trust": 0.8,
"url": "https://wiki.ubuntu.com/securityteam/knowledgebase/variant4"
},
{
"trust": 0.8,
"url": "https://kb.vmware.com/s/article/54951"
},
{
"trust": 0.8,
"url": "https://aws.amazon.com/security/security-bulletins/aws-2018-015/"
},
{
"trust": 0.6,
"url": "https://securitytracker.com/id/1040949"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190049-1/"
},
{
"trust": 0.6,
"url": "http://www.ibm.com/support/docview.wss"
},
{
"trust": 0.6,
"url": "https://security.business.xerox.com/wp-content/uploads/2019/11/cert_xrx19-029_ffpsv2_win10_securitybulletin_nov2019.pdf"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/77958"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/73854"
},
{
"trust": 0.6,
"url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20180615-01-cpu-cn"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2340/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/76682"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/152767/red-hat-security-advisory-2019-1046-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4343/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2798/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3052/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4156"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3058"
},
{
"trust": 0.6,
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10872470"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/77246"
},
{
"trust": 0.6,
"url": "https://support.lenovo.com/us/en/product_security/len-30550"
},
{
"trust": 0.6,
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10879093"
},
{
"trust": 0.2,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesbhf03850en_us"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-5803"
},
{
"trust": 0.1,
"url": "http://www.securityfocus.com/bid/104228"
},
{
"trust": 0.1,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv180013"
},
{
"trust": 0.1,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2018-0005"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-7566"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1120"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000200"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-16648"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10880"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-10882"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10883"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1065"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10881"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10322"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14619"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.6_release_notes/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10877"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-10878"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-13405"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-10880"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10882"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18208"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-12232"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17805"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000026"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1000200"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-17805"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-10877"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-10879"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-10883"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1000204"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-10322"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-16648"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10879"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1092"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-11506"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-5750"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/3658021"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18075"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-10881"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1095"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13166"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1118"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-17806"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-5390"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-13166"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1000026"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-8781"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-18208"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-9363"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14641"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1065"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1068"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-5344"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1094"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18344"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-10940"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1068"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1092"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/3553061"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-18344"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1094"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-7757"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10940"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-5848"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1118"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-5391"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10878"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1095"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000204"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-18075"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17806"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1120"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/6.10_technical_notes/index.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5803"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2671"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-6701"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-7308"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7889"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-2671"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8890"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-7889"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1130"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-15121"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-8830"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/6.10_release_notes/index.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-12190"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-9077"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-18203"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6001"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2012-6701"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9076"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-9076"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8830"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-9075"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-7616"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9075"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-6001"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9077"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15121"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1130"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-8890"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8650"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7616"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18203"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-8650"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12190"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7308"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/2974891"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#180049"
},
{
"db": "CNVD",
"id": "CNVD-2018-13391"
},
{
"db": "VULHUB",
"id": "VHN-133670"
},
{
"db": "VULHUB",
"id": "VHN-133671"
},
{
"db": "PACKETSTORM",
"id": "147778"
},
{
"db": "PACKETSTORM",
"id": "150070"
},
{
"db": "PACKETSTORM",
"id": "148244"
},
{
"db": "PACKETSTORM",
"id": "151288"
},
{
"db": "PACKETSTORM",
"id": "150075"
},
{
"db": "PACKETSTORM",
"id": "147738"
},
{
"db": "PACKETSTORM",
"id": "147758"
},
{
"db": "PACKETSTORM",
"id": "148330"
},
{
"db": "PACKETSTORM",
"id": "148484"
},
{
"db": "PACKETSTORM",
"id": "152767"
},
{
"db": "PACKETSTORM",
"id": "150077"
},
{
"db": "PACKETSTORM",
"id": "147748"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-749"
},
{
"db": "NVD",
"id": "CVE-2018-3639"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#180049"
},
{
"db": "CNVD",
"id": "CNVD-2018-13391"
},
{
"db": "VULHUB",
"id": "VHN-133670"
},
{
"db": "VULHUB",
"id": "VHN-133671"
},
{
"db": "PACKETSTORM",
"id": "147778"
},
{
"db": "PACKETSTORM",
"id": "150070"
},
{
"db": "PACKETSTORM",
"id": "148244"
},
{
"db": "PACKETSTORM",
"id": "151288"
},
{
"db": "PACKETSTORM",
"id": "150075"
},
{
"db": "PACKETSTORM",
"id": "147738"
},
{
"db": "PACKETSTORM",
"id": "147758"
},
{
"db": "PACKETSTORM",
"id": "148330"
},
{
"db": "PACKETSTORM",
"id": "148484"
},
{
"db": "PACKETSTORM",
"id": "152767"
},
{
"db": "PACKETSTORM",
"id": "150077"
},
{
"db": "PACKETSTORM",
"id": "147748"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-749"
},
{
"db": "NVD",
"id": "CVE-2018-3639"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-21T00:00:00",
"db": "CERT/CC",
"id": "VU#180049"
},
{
"date": "2018-07-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-13391"
},
{
"date": "2018-05-22T00:00:00",
"db": "VULHUB",
"id": "VHN-133670"
},
{
"date": "2018-05-22T00:00:00",
"db": "VULHUB",
"id": "VHN-133671"
},
{
"date": "2018-05-23T07:09:25",
"db": "PACKETSTORM",
"id": "147778"
},
{
"date": "2018-10-31T01:11:59",
"db": "PACKETSTORM",
"id": "150070"
},
{
"date": "2018-06-19T22:22:22",
"db": "PACKETSTORM",
"id": "148244"
},
{
"date": "2019-01-23T21:29:07",
"db": "PACKETSTORM",
"id": "151288"
},
{
"date": "2018-10-31T01:13:27",
"db": "PACKETSTORM",
"id": "150075"
},
{
"date": "2018-05-23T06:55:26",
"db": "PACKETSTORM",
"id": "147738"
},
{
"date": "2018-05-23T07:01:56",
"db": "PACKETSTORM",
"id": "147758"
},
{
"date": "2018-06-27T13:56:46",
"db": "PACKETSTORM",
"id": "148330"
},
{
"date": "2018-07-11T02:45:29",
"db": "PACKETSTORM",
"id": "148484"
},
{
"date": "2019-05-08T17:46:11",
"db": "PACKETSTORM",
"id": "152767"
},
{
"date": "2018-10-31T01:13:43",
"db": "PACKETSTORM",
"id": "150077"
},
{
"date": "2018-05-23T06:59:09",
"db": "PACKETSTORM",
"id": "147748"
},
{
"date": "2018-05-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-749"
},
{
"date": "2018-05-22T12:29:00.250000",
"db": "NVD",
"id": "CVE-2018-3639"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-19T00:00:00",
"db": "CERT/CC",
"id": "VU#180049"
},
{
"date": "2018-07-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-13391"
},
{
"date": "2020-09-02T00:00:00",
"db": "VULHUB",
"id": "VHN-133670"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-133671"
},
{
"date": "2021-12-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-749"
},
{
"date": "2024-11-21T04:05:48.867000",
"db": "NVD",
"id": "CVE-2018-3639"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-749"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CPU hardware utilizing speculative execution may be vulnerable to cache side-channel attacks",
"sources": [
{
"db": "CERT/CC",
"id": "VU#180049"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "bypass",
"sources": [
{
"db": "PACKETSTORM",
"id": "147778"
},
{
"db": "PACKETSTORM",
"id": "151288"
},
{
"db": "PACKETSTORM",
"id": "150075"
},
{
"db": "PACKETSTORM",
"id": "147738"
},
{
"db": "PACKETSTORM",
"id": "147758"
},
{
"db": "PACKETSTORM",
"id": "148330"
},
{
"db": "PACKETSTORM",
"id": "148484"
},
{
"db": "PACKETSTORM",
"id": "150077"
},
{
"db": "PACKETSTORM",
"id": "147748"
}
],
"trust": 0.9
}
}
var-202108-2222
Vulnerability from variot
libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths case insensitively,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate. A security issue has been found in curl before version 7.78.0. The comparison also didn't include the 'issuer cert' which a transfer can set to qualify how to verify the server certificate. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: rh-dotnet31-curl security update Advisory ID: RHSA-2022:1354-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:1354 Issue date: 2022-04-13 CVE Names: CVE-2021-22876 CVE-2021-22924 CVE-2021-22946 CVE-2021-22947 ==================================================================== 1. Summary:
An update for rh-dotnet31-curl is now available for .NET Core on Red Hat Enterprise Linux.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
Security Fix(es):
-
curl: Leak of authentication credentials in URL via automatic Referer (CVE-2021-22876)
-
curl: Bad connection reuse due to flawed path name checks (CVE-2021-22924)
-
curl: Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocols (CVE-2021-22946)
-
curl: Server responses received before STARTTLS processed after TLS handshake (CVE-2021-22947)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1941964 - CVE-2021-22876 curl: Leak of authentication credentials in URL via automatic Referer 1981460 - CVE-2021-22924 curl: Bad connection reuse due to flawed path name checks 2003175 - CVE-2021-22946 curl: Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocols 2003191 - CVE-2021-22947 curl: Server responses received before STARTTLS processed after TLS handshake
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet31-curl-7.61.1-22.el7_9.src.rpm
x86_64: rh-dotnet31-curl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-curl-debuginfo-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-devel-7.61.1-22.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet31-curl-7.61.1-22.el7_9.src.rpm
x86_64: rh-dotnet31-curl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-curl-debuginfo-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-devel-7.61.1-22.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet31-curl-7.61.1-22.el7_9.src.rpm
x86_64: rh-dotnet31-curl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-curl-debuginfo-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-devel-7.61.1-22.el7_9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-22876 https://access.redhat.com/security/cve/CVE-2021-22924 https://access.redhat.com/security/cve/CVE-2021-22946 https://access.redhat.com/security/cve/CVE-2021-22947 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYlb3SNzjgjWX9erEAQgpXg/5AT2Nh6ff5mqlZ7dY4dfRgIFgwWOFbvsL 7SHL2ScZJGC2ArXHw9ZpL6XqOZlNm6LGy3V9py4CTEt3lSOl1i3NG4LBKjA7tnea C0l327UhJZqwg1NtZzuhfJTjngxY+09PKNF9X9ULfISZAU0LJlA32VsY/Aw3r2Pu tPx+v+xFKHov+lCT9M75Y7gd0O1McWRwnLF+9E8sVYfkkWp/KMEg4BiuiIax+5lD 9Cs7sgYGct1wDMC+aXbcgM06vCY8nKTwyD67yuFjL+wbHnjcO12Kle9AIzPLQpjU LvzQRqE5/KNhH1BC0jLJwRmFuRH4q/JP8+PRK7/9ABLIl10uj37z9XKpqRj5eBKe tof7/1Fq1DIhDQXoU2TB6SdWwAW/GgLb0tQf1F9KUfgJ+PUQGZED7JzB/jjBZqEy Rh2zDbM8hpCyTBA1bZb/34NyuGG2fypXYkbAda61bWAmn/oV4+P7tV+rGVdQP9GA rlvFPm3sEvT5qHe2pI0du5+Y0yB1PjPMmwYKBlNmhuNFbKgH6dLv8KlKMcbJvu4T dA7yKkZyyxux8W1Reyp0Wzh2wJE5aQfbZm9rzVDJ896AIlO+UzqHXH4XWoFQV1Rz Foj7yKfAJAS/fumVMGd5Z2rpzf8bVjiPltQi+qXFgdyfqpkLxzSKj1tFtWxFW8P4 04zDwrF/odg=o6o+ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . These flaws may allow remote attackers to obtain sensitive information, leak authentication or cookie header data or facilitate a denial of service attack.
For the stable distribution (bullseye), these problems have been fixed in version 7.74.0-1.3+deb11u2.
We recommend that you upgrade your curl packages.
For the detailed security status of curl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/curl
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmLoBaNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeTf9A//VWkco2gxCMMe8JDcL9sLD0B5L8KGRxbPBYmpE1l2kCpiW9QGVwCN3q2K i8xo0jmRxSwSXDmAE17aTtGT66vU8vQSHewty031TcvWKBoAJpKRTbazfdOy/vDD waofTEaUClFt3NNiR3gigRU6OFV/9MWlUWwCJ/Wgd5osJTQCyWV/iHz3FJluc1Gp rXamYLnWGUJbIZgMFEo7TqIyb91P0PrX4hpnCcnhvY4ci5NWOj2qaoWGhgF+f9gz Uao91GTOnuTyoY3apKzifdO5dih9zJttnRKUgHkn9YCGxanljoPjHRYOavWdN6bE yIpT/Xw2dy05Fzydb73bDurQP+mkyWGZA+S8gxtbY7S7OylRS9iHSfyUpAVEM/Ab SPkGQl6vBKr7dmyHkdIlbViste6kcmhQQete9E3tM18MkyK0NbBiUj+pShNPC+SF REStal14ZE+DSwFKp5UA8izEh0G5RC5VUVhB/jtoxym2rvmIamk5YqCS1rupGP9R 1Y+Jm8CywBrKHl5EzAVUswC5xDAArWdXRvrgHCeElnkwuCwRC8AgRiYFFRulWKwt TV5qveehnzSc2z5IDc/tdiPWNJhJu/blNN8BauG8zmJV4ZhZP9EO1FCLE7DpqQ38 EPtUTMXaMQR1W15He51auBQwJgSiX1II+5jh6PeZTKBKnJgLYNA= =3E71 -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-5021-1 July 22, 2021
curl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.04
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in curl.
Software Description: - curl: HTTP, HTTPS, and FTP client and client libraries
Details:
Harry Sintonen and Tomas Hoger discovered that curl incorrectly handled TELNET connections when the -t option was used on the command line. Uninitialized data possibly containing sensitive information could be sent to the remote server, contrary to expectations. (CVE-2021-22898, CVE-2021-22925)
Harry Sintonen discovered that curl incorrectly reused connections in the connection pool. This could result in curl reusing the wrong connections. (CVE-2021-22924)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.04: curl 7.74.0-1ubuntu2.1 libcurl3-gnutls 7.74.0-1ubuntu2.1 libcurl3-nss 7.74.0-1ubuntu2.1 libcurl4 7.74.0-1ubuntu2.1
Ubuntu 20.04 LTS: curl 7.68.0-1ubuntu2.6 libcurl3-gnutls 7.68.0-1ubuntu2.6 libcurl3-nss 7.68.0-1ubuntu2.6 libcurl4 7.68.0-1ubuntu2.6
Ubuntu 18.04 LTS: curl 7.58.0-2ubuntu3.14 libcurl3-gnutls 7.58.0-2ubuntu3.14 libcurl3-nss 7.58.0-2ubuntu3.14 libcurl4 7.58.0-2ubuntu3.14
In general, a standard system update will make all the necessary changes. Bugs fixed (https://bugzilla.redhat.com/):
2007489 - RHACM 2.1.12 images 2010991 - CVE-2021-32687 redis: Integer overflow issue with intsets 2011000 - CVE-2021-32675 redis: Denial of service via Redis Standard Protocol (RESP) request 2011001 - CVE-2021-32672 redis: Out of bounds read in lua debugger protocol parser 2011004 - CVE-2021-32628 redis: Integer overflow bug in the ziplist data structure 2011010 - CVE-2021-32627 redis: Integer overflow issue with Streams 2011017 - CVE-2021-32626 redis: Lua scripts can overflow the heap-based Lua stack 2011020 - CVE-2021-41099 redis: Integer overflow issue with strings
-
8) - aarch64, ppc64le, s390x, x86_64
-
Description:
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Summary:
The Migration Toolkit for Containers (MTC) 1.6.0 is now available. Description:
The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Bugs fixed (https://bugzilla.redhat.com/):
1878824 - Web console is not accessible when deployed on OpenShift cluster on IBM Cloud 1887526 - "Stage" pods fail when migrating from classic OpenShift source cluster on IBM Cloud with block storage 1899562 - MigMigration custom resource does not display an error message when a migration fails because of volume mount error 1936886 - Service account token of existing remote cluster cannot be updated by using the web console 1936894 - "Ready" status of MigHook and MigPlan custom resources is not synchronized automatically 1949117 - "Migration plan resources" page displays a permanent error message when a migration plan is deleted from the backend 1951869 - MigPlan custom resource does not detect invalid source cluster reference 1968621 - Paused deployment config causes a migration to hang 1970338 - Parallel migrations fail because the initial backup is missing 1974737 - Migration plan name length in the "Migration plan" wizard is not validated 1975369 - "Debug view" link text on "Migration plans" page can be improved 1975372 - Destination namespace in MigPlan custom resource is not validated 1976895 - Namespace mapping cannot be changed using the Migration Plan wizard 1981810 - "Excluded" resources are not excluded from the migration 1982026 - Direct image migration fails if the source URI contains a double slash ("//") 1994985 - Web console crashes when a MigPlan custom resource is created with an empty namespaces list 1996169 - When "None" is selected as the target storage class in the web console, the setting is ignored and the default storage class is used 1996627 - MigPlan custom resource displays a "PvUsageAnalysisFailed" warning after a successful PVC migration 1996784 - "Migration resources" tree on the "Migration details" page is not displayed 1996902 - "Select all" checkbox on the "Namespaces" page of the "Migration plan" wizard remains selected after a namespace is unselected 1996904 - "Migration" dialogs on the "Migration plans" page display inconsistent capitalization 1996906 - "Migration details" page link is displayed for a migration plan with no associated migrations 1996938 - Search function on "Migration plans" page displays no results 1997051 - Indirect migration from MTC 1.5.1 to 1.6.0 fails during "StageBackup" phase 1997127 - Direct volume migration "retry" feature does not work correctly after a network failure 1997173 - Migration of custom resource definitions to OpenShift Container Platform 4.9 fails because of API version incompatibility 1997180 - "migration-log-reader" pod does not log invalid Rsync options 1997665 - Selected PVCs in the "State migration" dialog are reset because of background polling 1997694 - "Update operator" link on the "Clusters" page is incorrect 1997827 - "Migration plan" wizard displays PVC names incorrectly formatted after running state migration 1998062 - Rsync pod uses upstream image 1998283 - "Migration step details" link on the "Migrations" page does not work 1998550 - "Migration plan" wizard does not support certain screen resolutions 1998581 - "Migration details" link on "Migration plans" page displays "latestIsFailed" error 1999113 - "oc describe" and "oc log" commands on "Migration resources" tree cannot be copied after failed migration 1999381 - MigPlan custom resource displays "Stage completed with warnings" status after successful migration 1999528 - Position of the "Add migration plan" button is different from the other "Add" buttons 1999765 - "Migrate" button on "State migration" dialog is enabled when no PVCs are selected 1999784 - CVE-2021-3749 nodejs-axios: Regular expression denial of service in trim function 2000205 - "Options" menu on the "Migration details" page displays incorrect items 2000218 - Validation incorrectly blocks namespace mapping if a source cluster namespace is the same as the destination namespace 2000243 - "Migration plan" wizard does not allow a migration within the same cluster 2000644 - Invalid migration plan causes "controller" pod to crash 2000875 - State migration status on "Migrations" page displays "Stage succeeded" message 2000979 - "clusterIPs" parameter of "service" object can cause Velero errors 2001089 - Direct volume migration fails because of missing CA path configuration 2001173 - Migration plan requires two clusters 2001786 - Migration fails during "Stage Backup" step because volume path on host not found 2001829 - Migration does not complete when the namespace contains a cron job with a PVC 2001941 - Fixing PVC conflicts in state migration plan using the web console causes the migration to run twice 2002420 - "Stage" pod not created for completed application pod, causing the "mig-controller" to stall 2002608 - Migration of unmounted PVC fails during "StageBackup" phase 2002897 - Rollback migration does not complete when the namespace contains a cron job 2003603 - "View logs" dialog displays the "--selector" option, which does not print all logs 2004601 - Migration plan status on "Migration plans" page is "Ready" after migration completed with warnings 2004923 - Web console displays "New operator version available" notification for incorrect operator 2005143 - Combining Rsync and Stunnel in a single pod can degrade performance 2006316 - Web console cannot create migration plan in a proxy environment 2007175 - Web console cannot be launched in a proxy environment
- JIRA issues fixed (https://issues.jboss.org/):
MIG-785 - Search for "Crane" in the Operator Hub should display the Migration Toolkit for Containers
- Summary:
Red Hat Advanced Cluster Management for Kubernetes 2.1.11 General Availability release images, which provide a security fix and update the container images. Description:
Red Hat Advanced Cluster Management for Kubernetes 2.1.11 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in.
This advisory contains updates to one or more container images for Red Hat Advanced Cluster Management for Kubernetes.
Container updates:
-
RHACM 2.1.11 images (BZ# 1999375)
-
Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. To apply this upgrade, you must upgrade your OpenShift Container Platform version to 4.6, or later. Bugs fixed (https://bugzilla.redhat.com/):
1963121 - CVE-2021-23017 nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name 1999375 - RHACM 2.1.11 images
- Description:
Quay 3.6.0 release
Security Fix(es):
-
nodejs-url-parse: incorrect hostname in url parsing (CVE-2018-3774)
-
python-pillow: insufficent fix for CVE-2020-35654 due to incorrect error checking in TiffDecode.c (CVE-2021-25289)
-
nodejs-urijs: mishandling certain uses of backslash may lead to confidentiality compromise (CVE-2021-27516)
-
nodejs-debug: Regular expression Denial of Service (CVE-2017-16137)
-
nodejs-mime: Regular expression Denial of Service (CVE-2017-16138)
-
nodejs-is-my-json-valid: ReDoS when validating JSON fields with email format (CVE-2018-1107)
-
nodejs-extend: Prototype pollution can allow attackers to modify object properties (CVE-2018-16492)
-
nodejs-stringstream: out-of-bounds read leading to uninitialized memory exposure (CVE-2018-21270)
-
nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution (CVE-2019-20920)
-
nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS (CVE-2019-20922)
-
nodejs-lodash: prototype pollution in zipObjectDeep function (CVE-2020-8203)
-
nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function (CVE-2020-15366)
-
nodejs-highlight-js: prototype pollution via a crafted HTML code block (CVE-2020-26237)
-
urijs: Hostname spoofing via backslashes in URL (CVE-2020-26291)
-
python-pillow: decoding crafted YCbCr files could result in heap-based buffer overflow (CVE-2020-35654)
-
browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS) (CVE-2021-23364)
-
nodejs-postcss: Regular expression denial of service during source map parsing (CVE-2021-23368)
-
nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js (CVE-2021-23382)
-
python-pillow: negative-offset memcpy with an invalid size in TiffDecode.c (CVE-2021-25290)
-
python-pillow: out-of-bounds read in TiffReadRGBATile in TiffDecode.c (CVE-2021-25291)
-
python-pillow: backtracking regex in PDF parser could be used as a DOS attack (CVE-2021-25292)
-
python-pillow: out-of-bounds read in SGIRleDecode.c (CVE-2021-25293)
-
nodejs-url-parse: mishandling certain uses of backslash may lead to confidentiality compromise (CVE-2021-27515)
-
python-pillow: reported size of a contained image is not properly checked for a BLP container (CVE-2021-27921)
-
python-pillow: reported size of a contained image is not properly checked for an ICNS container (CVE-2021-27922)
-
python-pillow: reported size of a contained image is not properly checked for an ICO container (CVE-2021-27923)
-
python-pillow: buffer overflow in Convert.c because it allow an attacker to pass controlled parameters directly into a convert function (CVE-2021-34552)
-
nodejs-braces: Regular Expression Denial of Service (ReDoS) in lib/parsers.js (CVE-2018-1109)
-
lodash: Prototype pollution in utilities function (CVE-2018-3721)
-
hoek: Prototype pollution in utilities function (CVE-2018-3728)
-
lodash: uncontrolled resource consumption in Data handler causing denial of service (CVE-2019-1010266)
-
nodejs-yargs-parser: prototype pollution vulnerability (CVE-2020-7608)
-
python-pillow: decoding a crafted PCX file could result in buffer over-read (CVE-2020-35653)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):
1500700 - CVE-2017-16138 nodejs-mime: Regular expression Denial of Service 1500705 - CVE-2017-16137 nodejs-debug: Regular expression Denial of Service 1545884 - CVE-2018-3721 lodash: Prototype pollution in utilities function 1545893 - CVE-2018-3728 hoek: Prototype pollution in utilities function 1546357 - CVE-2018-1107 nodejs-is-my-json-valid: ReDoS when validating JSON fields with email format 1547272 - CVE-2018-1109 nodejs-braces: Regular Expression Denial of Service (ReDoS) in lib/parsers.js 1608140 - CVE-2018-16492 nodejs-extend: Prototype pollution can allow attackers to modify object properties 1743096 - CVE-2019-1010266 lodash: uncontrolled resource consumption in Data handler causing denial of service 1840004 - CVE-2020-7608 nodejs-yargs-parser: prototype pollution vulnerability 1857412 - CVE-2020-8203 nodejs-lodash: prototype pollution in zipObjectDeep function 1857977 - CVE-2020-15366 nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function 1882256 - CVE-2019-20922 nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS 1882260 - CVE-2019-20920 nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution 1901662 - CVE-2020-26237 nodejs-highlight-js: prototype pollution via a crafted HTML code block 1915257 - CVE-2020-26291 urijs: Hostname spoofing via backslashes in URL 1915420 - CVE-2020-35653 python-pillow: decoding a crafted PCX file could result in buffer over-read 1915424 - CVE-2020-35654 python-pillow: decoding crafted YCbCr files could result in heap-based buffer overflow 1927293 - CVE-2018-21270 nodejs-stringstream: out-of-bounds read leading to uninitialized memory exposure 1934470 - CVE-2021-27516 nodejs-urijs: mishandling certain uses of backslash may lead to confidentiality compromise 1934474 - CVE-2021-27515 nodejs-url-parse: mishandling certain uses of backslash may lead to confidentiality compromise 1934680 - CVE-2021-25289 python-pillow: insufficent fix for CVE-2020-35654 due to incorrect error checking in TiffDecode.c 1934685 - CVE-2021-25290 python-pillow: negative-offset memcpy with an invalid size in TiffDecode.c 1934692 - CVE-2021-25291 python-pillow: out-of-bounds read in TiffReadRGBATile in TiffDecode.c 1934699 - CVE-2021-25292 python-pillow: backtracking regex in PDF parser could be used as a DOS attack 1934705 - CVE-2021-25293 python-pillow: out-of-bounds read in SGIRleDecode.c 1935384 - CVE-2021-27921 python-pillow: reported size of a contained image is not properly checked for a BLP container 1935396 - CVE-2021-27922 python-pillow: reported size of a contained image is not properly checked for an ICNS container 1935401 - CVE-2021-27923 python-pillow: reported size of a contained image is not properly checked for an ICO container 1940759 - CVE-2018-3774 nodejs-url-parse: incorrect hostname in url parsing 1948763 - CVE-2021-23368 nodejs-postcss: Regular expression denial of service during source map parsing 1954150 - CVE-2021-23382 nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js 1955619 - CVE-2021-23364 browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS) 1982378 - CVE-2021-34552 python-pillow: buffer overflow in Convert.c because it allow an attacker to pass controlled parameters directly into a convert function
- JIRA issues fixed (https://issues.jboss.org/):
PROJQUAY-1417 - zstd compressed layers PROJQUAY-1449 - As a Quay admin I want to rely on the Operator to auto-scale all stateless parts of Quay PROJQUAY-1535 - As a user I can create and use nested repository name structures PROJQUAY-1583 - add "disconnected" annotation to operators PROJQUAY-1609 - Operator communicates status per managed component PROJQUAY-1610 - Operator does not make Quay deployment wait on Clair deployment PROJQUAY-1791 - v1beta CRD EOL PROJQUAY-1883 - Support OCP Re-encrypt routes PROJQUAY-1887 - allow either sha or tag in related images PROJQUAY-1926 - As an admin, I want an API to create first user, so I can automate deployment. PROJQUAY-1998 - note database deprecations in 3.6 Config Tool PROJQUAY-2050 - Support OCP Edge-Termination PROJQUAY-2100 - A customer can update the Operator from 3.3 to 3.6 directly PROJQUAY-2102 - add clair-4.2 enrichment data to quay UI PROJQUAY-672 - MutatingAdmissionWebhook Created Automatically for QBO During Install
- Bugs fixed (https://bugzilla.redhat.com/):
1858777 - Alert for VM with 'evictionStrategy: LiveMigrate' for local PVs set 1891921 - virt-launcher is missing /usr/share/zoneinfo directory, making it impossible to set clock offset of timezone type for the guest RTC 1896469 - In cluster with OVN Kubernetes networking - a node doesn't recover when configuring linux-bridge over its default NIC 1903687 - [scale] 1K DV creation failed 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1933043 - Delete VM just after it turns into "running" is very likely to hit grace period end 1935219 - [CNV-2.5] Set memory and CPU request on hco-operator and hco-webhook deployments 1942726 - test automatic bug creation for a new release 1943164 - Node drain: Sometimes source virt-launcher pod status is Failed and not Completed 1945589 - Live migration with virtiofs is possible 1953481 - New OCP priority classes are not used - Deploy 1953483 - New OCP priority classes are not used - SSP 1953484 - New OCP priority classes are not used - Storage 1955129 - Failed to bindmount hotplug-disk for hostpath-provisioner 1957852 - Could not start VM as restore snapshot was still not Complete 1958341 - CVE-2021-31525 golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header 1963963 - hco.kubevirt.io:config-reader role and rolebinding are not strictly reconciled 1965050 - RoleBinding and ClusterRoleBinding brought in by kubevirt does not get reconciled when kind is ServiceAccount 1973852 - Introduce VM crashloop backoff 1976604 - [CNV-5786] IP connectivity is lost after migration (masquerade) 1976730 - Disk is not usable due to incorrect size for proper alignment 1979631 - virt-chroot: container disk validation crash prevents VMI from starting/migrating 1979659 - 4.9.0 containers 1981345 - 4.9.0 rpms 1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic 1985083 - VMI Pod fails to terminate due to a zombie qemu process 1985649 - virt-handler Pod is missing xorrisofs command 1985670 - virt-launcher fails to create v1 controller cpu for group: Read-only file system 1985719 - Unprivileged client fails to get guest agent data 1989176 - kube-cni-linux-bridge-plugin Pod is missing bridge CNI plugin 1989263 - VM Snapshot may freeze guest indefinitely 1989269 - Online VM Snapshot storing incorrect VM spec 1989564 - CVE-2021-33195 golang: net: lookup functions may return invalid host names 1989570 - CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty 1989575 - CVE-2021-33198 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents 1991691 - Enable DownwardMetrics FeatureGate via HCO CR 1992608 - kubevirt doesn't respect useEmulation: true 1993121 - Rhel9 templates - provider-url should be updated to https://www.redhat.com/ 1994389 - Some of the cdi resources missing app labels 1995295 - SCC annotation of ssp-operator was changed to privileged 1996407 - [cdi-functional-tests] cdi-docker-registry-host Pod fails to start 1997014 - Common templates - dataVolumeTemplates API version should be updated 1998054 - RHEL9 template - update template description. 1998656 - no "name" label in ssp-operator pod 1999571 - NFS clone not progressing when clone sizes mismatch (target > source) 1999617 - Unable to create a VM with nonroot VirtLauncher Pods 1999835 - ConsoleCLIDownload | wrong path in virtctl archive URL 2000052 - NNCP creation failures after nmstate-handler pod deletion 2000204 - [4.9.0] [RFE] volumeSnapshotStatuses reason does not check for volume type that do not support snapshots 2001041 - [4.9.0] Importer attempts to shrink an image in certain situations 2001047 - Automatic size detection may not request a PVC that is large enough for an import 2003473 - Failed to Migrate Windows VM with CDROM (readonly) 2005695 - With descheduler during multiple VMIs migrations, some VMs are restarted 2006418 - Clone Strategy does not work as described 2008900 - Eviction of not live migratable VMs due to virt-launcher upgrade can happen outside the upgrade window 2010742 - [CNV-4.9] VMI is in LiveMigrate loop when Upgrading Cluster from 2.6.7/4.7.32 to OCP 4.8.13 2011179 - Cluster-wide live migration limits and timeouts are not suitable 2017394 - After upgrade, live migration is Pending 2018521 - [Storage] Failed to restore VirtualMachineSnapshot after CNV upgrade
- Bugs fixed (https://bugzilla.redhat.com/):
1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic 1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet 1998844 - virt-handler Pod is missing xorrisofs command 2008522 - "unable to execute QEMU agent command 'guest-get-users'" logs in virt-launcher pod every 10 seconds 2010334 - VM is not able to be migrated after failed migration 2012328 - 2.6.8 containers 2013494 - [CNV-2.6.8] VMI is in LiveMigrate loop when Upgrading Cluster from 2.6.7/4.7.32 to OCP 4.8.13
5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202108-2222",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "scalance m804pb",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "universal forwarder",
"scope": "eq",
"trust": 1.0,
"vendor": "splunk",
"version": "9.1.0"
},
{
"model": "simatic rtu3030c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.0.14"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "solidfire \\\u0026 hci management node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "sinema remote connect server",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "scalance m816-1",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "simatic cp 1543-1",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0.22"
},
{
"model": "simatic rtu 3041c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.0.14"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "universal forwarder",
"scope": "lt",
"trust": 1.0,
"vendor": "splunk",
"version": "9.0.6"
},
{
"model": "sinec infrastructure network services",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0.1.1"
},
{
"model": "universal forwarder",
"scope": "gte",
"trust": 1.0,
"vendor": "splunk",
"version": "9.0.0"
},
{
"model": "mysql server",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.26"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "mysql server",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.7.0"
},
{
"model": "sinema remote connect",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "universal forwarder",
"scope": "gte",
"trust": 1.0,
"vendor": "splunk",
"version": "8.2.0"
},
{
"model": "simatic rtu3010c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.0.14"
},
{
"model": "logo\\! cmr2040",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "ruggedcomrm 1224 lte",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "simatic cp 1545-1",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.1"
},
{
"model": "scalance m876-3",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "scalance s615",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "scalance m812-1",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "mysql server",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "logo\\! cmr2020",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance mum856-1",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "simatic rtu3031c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.0.14"
},
{
"model": "scalance m876-4",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.58"
},
{
"model": "libcurl",
"scope": "gte",
"trust": 1.0,
"vendor": "haxx",
"version": "7.10.4"
},
{
"model": "scalance m874-2",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "siplus net cp 1543-1",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0.22"
},
{
"model": "universal forwarder",
"scope": "lt",
"trust": 1.0,
"vendor": "splunk",
"version": "8.2.12"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.57"
},
{
"model": "scalance m874-3",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "libcurl",
"scope": "lt",
"trust": 1.0,
"vendor": "haxx",
"version": "7.77.0"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.59"
},
{
"model": "mysql server",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.7.36"
},
{
"model": "scalance m826-2",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "solidfire baseboard management controller",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "cloud backup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "clustered data ontap",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22924"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "166714"
},
{
"db": "PACKETSTORM",
"id": "164583"
},
{
"db": "PACKETSTORM",
"id": "164221"
},
{
"db": "PACKETSTORM",
"id": "164342"
},
{
"db": "PACKETSTORM",
"id": "164282"
},
{
"db": "PACKETSTORM",
"id": "164555"
},
{
"db": "PACKETSTORM",
"id": "164755"
},
{
"db": "PACKETSTORM",
"id": "165008"
}
],
"trust": 0.8
},
"cve": "CVE-2021-22924",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-22924",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-381398",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.2,
"id": "CVE-2021-22924",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-22924",
"trust": 1.0,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-381398",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381398"
},
{
"db": "NVD",
"id": "CVE-2021-22924"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take \u0027issuercert\u0027 into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn\u0027t include the \u0027issuer cert\u0027 which a transfer can setto qualify how to verify the server certificate. A security issue has been found in curl before version 7.78.0. The comparison also didn\u0027t include the \u0027issuer cert\u0027 which a transfer can set to qualify how to verify the server certificate. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: rh-dotnet31-curl security update\nAdvisory ID: RHSA-2022:1354-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:1354\nIssue date: 2022-04-13\nCVE Names: CVE-2021-22876 CVE-2021-22924 CVE-2021-22946\n CVE-2021-22947\n====================================================================\n1. Summary:\n\nAn update for rh-dotnet31-curl is now available for .NET Core on Red Hat\nEnterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\n.NET Core is a managed-software framework. It implements a subset of the\n.NET framework APIs and several new APIs, and it includes a CLR\nimplementation. \n\nSecurity Fix(es):\n\n* curl: Leak of authentication credentials in URL via automatic Referer\n(CVE-2021-22876)\n\n* curl: Bad connection reuse due to flawed path name checks\n(CVE-2021-22924)\n\n* curl: Requirement to use TLS not properly enforced for IMAP, POP3, and\nFTP protocols (CVE-2021-22946)\n\n* curl: Server responses received before STARTTLS processed after TLS\nhandshake (CVE-2021-22947)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1941964 - CVE-2021-22876 curl: Leak of authentication credentials in URL via automatic Referer\n1981460 - CVE-2021-22924 curl: Bad connection reuse due to flawed path name checks\n2003175 - CVE-2021-22946 curl: Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocols\n2003191 - CVE-2021-22947 curl: Server responses received before STARTTLS processed after TLS handshake\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet31-curl-7.61.1-22.el7_9.src.rpm\n\nx86_64:\nrh-dotnet31-curl-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-curl-debuginfo-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-libcurl-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-libcurl-devel-7.61.1-22.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet31-curl-7.61.1-22.el7_9.src.rpm\n\nx86_64:\nrh-dotnet31-curl-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-curl-debuginfo-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-libcurl-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-libcurl-devel-7.61.1-22.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet31-curl-7.61.1-22.el7_9.src.rpm\n\nx86_64:\nrh-dotnet31-curl-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-curl-debuginfo-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-libcurl-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-libcurl-devel-7.61.1-22.el7_9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-22876\nhttps://access.redhat.com/security/cve/CVE-2021-22924\nhttps://access.redhat.com/security/cve/CVE-2021-22946\nhttps://access.redhat.com/security/cve/CVE-2021-22947\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYlb3SNzjgjWX9erEAQgpXg/5AT2Nh6ff5mqlZ7dY4dfRgIFgwWOFbvsL\n7SHL2ScZJGC2ArXHw9ZpL6XqOZlNm6LGy3V9py4CTEt3lSOl1i3NG4LBKjA7tnea\nC0l327UhJZqwg1NtZzuhfJTjngxY+09PKNF9X9ULfISZAU0LJlA32VsY/Aw3r2Pu\ntPx+v+xFKHov+lCT9M75Y7gd0O1McWRwnLF+9E8sVYfkkWp/KMEg4BiuiIax+5lD\n9Cs7sgYGct1wDMC+aXbcgM06vCY8nKTwyD67yuFjL+wbHnjcO12Kle9AIzPLQpjU\nLvzQRqE5/KNhH1BC0jLJwRmFuRH4q/JP8+PRK7/9ABLIl10uj37z9XKpqRj5eBKe\ntof7/1Fq1DIhDQXoU2TB6SdWwAW/GgLb0tQf1F9KUfgJ+PUQGZED7JzB/jjBZqEy\nRh2zDbM8hpCyTBA1bZb/34NyuGG2fypXYkbAda61bWAmn/oV4+P7tV+rGVdQP9GA\nrlvFPm3sEvT5qHe2pI0du5+Y0yB1PjPMmwYKBlNmhuNFbKgH6dLv8KlKMcbJvu4T\ndA7yKkZyyxux8W1Reyp0Wzh2wJE5aQfbZm9rzVDJ896AIlO+UzqHXH4XWoFQV1Rz\nFoj7yKfAJAS/fumVMGd5Z2rpzf8bVjiPltQi+qXFgdyfqpkLxzSKj1tFtWxFW8P4\n04zDwrF/odg=o6o+\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. These flaws may allow remote attackers to obtain sensitive\ninformation, leak authentication or cookie header data or facilitate a\ndenial of service attack. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 7.74.0-1.3+deb11u2. \n\nWe recommend that you upgrade your curl packages. \n\nFor the detailed security status of curl please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/curl\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmLoBaNfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD\nRjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7\nUeTf9A//VWkco2gxCMMe8JDcL9sLD0B5L8KGRxbPBYmpE1l2kCpiW9QGVwCN3q2K\ni8xo0jmRxSwSXDmAE17aTtGT66vU8vQSHewty031TcvWKBoAJpKRTbazfdOy/vDD\nwaofTEaUClFt3NNiR3gigRU6OFV/9MWlUWwCJ/Wgd5osJTQCyWV/iHz3FJluc1Gp\nrXamYLnWGUJbIZgMFEo7TqIyb91P0PrX4hpnCcnhvY4ci5NWOj2qaoWGhgF+f9gz\nUao91GTOnuTyoY3apKzifdO5dih9zJttnRKUgHkn9YCGxanljoPjHRYOavWdN6bE\nyIpT/Xw2dy05Fzydb73bDurQP+mkyWGZA+S8gxtbY7S7OylRS9iHSfyUpAVEM/Ab\nSPkGQl6vBKr7dmyHkdIlbViste6kcmhQQete9E3tM18MkyK0NbBiUj+pShNPC+SF\nREStal14ZE+DSwFKp5UA8izEh0G5RC5VUVhB/jtoxym2rvmIamk5YqCS1rupGP9R\n1Y+Jm8CywBrKHl5EzAVUswC5xDAArWdXRvrgHCeElnkwuCwRC8AgRiYFFRulWKwt\nTV5qveehnzSc2z5IDc/tdiPWNJhJu/blNN8BauG8zmJV4ZhZP9EO1FCLE7DpqQ38\nEPtUTMXaMQR1W15He51auBQwJgSiX1II+5jh6PeZTKBKnJgLYNA=\n=3E71\n-----END PGP SIGNATURE-----\n. ==========================================================================\nUbuntu Security Notice USN-5021-1\nJuly 22, 2021\n\ncurl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 21.04\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in curl. \n\nSoftware Description:\n- curl: HTTP, HTTPS, and FTP client and client libraries\n\nDetails:\n\nHarry Sintonen and Tomas Hoger discovered that curl incorrectly handled\nTELNET connections when the -t option was used on the command line. \nUninitialized data possibly containing sensitive information could be sent\nto the remote server, contrary to expectations. (CVE-2021-22898,\nCVE-2021-22925)\n\nHarry Sintonen discovered that curl incorrectly reused connections in the\nconnection pool. This could result in curl reusing the wrong connections. \n(CVE-2021-22924)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 21.04:\n curl 7.74.0-1ubuntu2.1\n libcurl3-gnutls 7.74.0-1ubuntu2.1\n libcurl3-nss 7.74.0-1ubuntu2.1\n libcurl4 7.74.0-1ubuntu2.1\n\nUbuntu 20.04 LTS:\n curl 7.68.0-1ubuntu2.6\n libcurl3-gnutls 7.68.0-1ubuntu2.6\n libcurl3-nss 7.68.0-1ubuntu2.6\n libcurl4 7.68.0-1ubuntu2.6\n\nUbuntu 18.04 LTS:\n curl 7.58.0-2ubuntu3.14\n libcurl3-gnutls 7.58.0-2ubuntu3.14\n libcurl3-nss 7.58.0-2ubuntu3.14\n libcurl4 7.58.0-2ubuntu3.14\n\nIn general, a standard system update will make all the necessary changes. Bugs fixed (https://bugzilla.redhat.com/):\n\n2007489 - RHACM 2.1.12 images\n2010991 - CVE-2021-32687 redis: Integer overflow issue with intsets\n2011000 - CVE-2021-32675 redis: Denial of service via Redis Standard Protocol (RESP) request\n2011001 - CVE-2021-32672 redis: Out of bounds read in lua debugger protocol parser\n2011004 - CVE-2021-32628 redis: Integer overflow bug in the ziplist data structure\n2011010 - CVE-2021-32627 redis: Integer overflow issue with Streams\n2011017 - CVE-2021-32626 redis: Lua scripts can overflow the heap-based Lua stack\n2011020 - CVE-2021-41099 redis: Integer overflow issue with strings\n\n5. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including HTTP,\nFTP, and LDAP. Summary:\n\nThe Migration Toolkit for Containers (MTC) 1.6.0 is now available. Description:\n\nThe Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or\nthe Kubernetes API. Bugs fixed (https://bugzilla.redhat.com/):\n\n1878824 - Web console is not accessible when deployed on OpenShift cluster on IBM Cloud\n1887526 - \"Stage\" pods fail when migrating from classic OpenShift source cluster on IBM Cloud with block storage\n1899562 - MigMigration custom resource does not display an error message when a migration fails because of volume mount error\n1936886 - Service account token of existing remote cluster cannot be updated by using the web console\n1936894 - \"Ready\" status of MigHook and MigPlan custom resources is not synchronized automatically\n1949117 - \"Migration plan resources\" page displays a permanent error message when a migration plan is deleted from the backend\n1951869 - MigPlan custom resource does not detect invalid source cluster reference\n1968621 - Paused deployment config causes a migration to hang\n1970338 - Parallel migrations fail because the initial backup is missing\n1974737 - Migration plan name length in the \"Migration plan\" wizard is not validated\n1975369 - \"Debug view\" link text on \"Migration plans\" page can be improved\n1975372 - Destination namespace in MigPlan custom resource is not validated\n1976895 - Namespace mapping cannot be changed using the Migration Plan wizard\n1981810 - \"Excluded\" resources are not excluded from the migration\n1982026 - Direct image migration fails if the source URI contains a double slash (\"//\")\n1994985 - Web console crashes when a MigPlan custom resource is created with an empty namespaces list\n1996169 - When \"None\" is selected as the target storage class in the web console, the setting is ignored and the default storage class is used\n1996627 - MigPlan custom resource displays a \"PvUsageAnalysisFailed\" warning after a successful PVC migration\n1996784 - \"Migration resources\" tree on the \"Migration details\" page is not displayed\n1996902 - \"Select all\" checkbox on the \"Namespaces\" page of the \"Migration plan\" wizard remains selected after a namespace is unselected\n1996904 - \"Migration\" dialogs on the \"Migration plans\" page display inconsistent capitalization\n1996906 - \"Migration details\" page link is displayed for a migration plan with no associated migrations\n1996938 - Search function on \"Migration plans\" page displays no results\n1997051 - Indirect migration from MTC 1.5.1 to 1.6.0 fails during \"StageBackup\" phase\n1997127 - Direct volume migration \"retry\" feature does not work correctly after a network failure\n1997173 - Migration of custom resource definitions to OpenShift Container Platform 4.9 fails because of API version incompatibility\n1997180 - \"migration-log-reader\" pod does not log invalid Rsync options\n1997665 - Selected PVCs in the \"State migration\" dialog are reset because of background polling\n1997694 - \"Update operator\" link on the \"Clusters\" page is incorrect\n1997827 - \"Migration plan\" wizard displays PVC names incorrectly formatted after running state migration\n1998062 - Rsync pod uses upstream image\n1998283 - \"Migration step details\" link on the \"Migrations\" page does not work\n1998550 - \"Migration plan\" wizard does not support certain screen resolutions\n1998581 - \"Migration details\" link on \"Migration plans\" page displays \"latestIsFailed\" error\n1999113 - \"oc describe\" and \"oc log\" commands on \"Migration resources\" tree cannot be copied after failed migration\n1999381 - MigPlan custom resource displays \"Stage completed with warnings\" status after successful migration\n1999528 - Position of the \"Add migration plan\" button is different from the other \"Add\" buttons\n1999765 - \"Migrate\" button on \"State migration\" dialog is enabled when no PVCs are selected\n1999784 - CVE-2021-3749 nodejs-axios: Regular expression denial of service in trim function\n2000205 - \"Options\" menu on the \"Migration details\" page displays incorrect items\n2000218 - Validation incorrectly blocks namespace mapping if a source cluster namespace is the same as the destination namespace\n2000243 - \"Migration plan\" wizard does not allow a migration within the same cluster\n2000644 - Invalid migration plan causes \"controller\" pod to crash\n2000875 - State migration status on \"Migrations\" page displays \"Stage succeeded\" message\n2000979 - \"clusterIPs\" parameter of \"service\" object can cause Velero errors\n2001089 - Direct volume migration fails because of missing CA path configuration\n2001173 - Migration plan requires two clusters\n2001786 - Migration fails during \"Stage Backup\" step because volume path on host not found\n2001829 - Migration does not complete when the namespace contains a cron job with a PVC\n2001941 - Fixing PVC conflicts in state migration plan using the web console causes the migration to run twice\n2002420 - \"Stage\" pod not created for completed application pod, causing the \"mig-controller\" to stall\n2002608 - Migration of unmounted PVC fails during \"StageBackup\" phase\n2002897 - Rollback migration does not complete when the namespace contains a cron job\n2003603 - \"View logs\" dialog displays the \"--selector\" option, which does not print all logs\n2004601 - Migration plan status on \"Migration plans\" page is \"Ready\" after migration completed with warnings\n2004923 - Web console displays \"New operator version available\" notification for incorrect operator\n2005143 - Combining Rsync and Stunnel in a single pod can degrade performance\n2006316 - Web console cannot create migration plan in a proxy environment\n2007175 - Web console cannot be launched in a proxy environment\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nMIG-785 - Search for \"Crane\" in the Operator Hub should display the Migration Toolkit for Containers\n\n6. Summary:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.1.11 General\nAvailability release images, which provide a security fix and update the\ncontainer images. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.1.11 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. \n\nThis advisory contains updates to one or more container images for Red Hat\nAdvanced Cluster Management for Kubernetes. \n\nContainer updates:\n\n* RHACM 2.1.11 images (BZ# 1999375)\n\n3. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. To apply this upgrade,\nyou \nmust upgrade your OpenShift Container Platform version to 4.6, or later. Bugs fixed (https://bugzilla.redhat.com/):\n\n1963121 - CVE-2021-23017 nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name\n1999375 - RHACM 2.1.11 images\n\n5. Description:\n\nQuay 3.6.0 release\n\nSecurity Fix(es):\n\n* nodejs-url-parse: incorrect hostname in url parsing (CVE-2018-3774)\n\n* python-pillow: insufficent fix for CVE-2020-35654 due to incorrect error\nchecking in TiffDecode.c (CVE-2021-25289)\n\n* nodejs-urijs: mishandling certain uses of backslash may lead to\nconfidentiality compromise (CVE-2021-27516)\n\n* nodejs-debug: Regular expression Denial of Service (CVE-2017-16137)\n\n* nodejs-mime: Regular expression Denial of Service (CVE-2017-16138)\n\n* nodejs-is-my-json-valid: ReDoS when validating JSON fields with email\nformat (CVE-2018-1107)\n\n* nodejs-extend: Prototype pollution can allow attackers to modify object\nproperties (CVE-2018-16492)\n\n* nodejs-stringstream: out-of-bounds read leading to uninitialized memory\nexposure (CVE-2018-21270)\n\n* nodejs-handlebars: lookup helper fails to properly validate templates\nallowing for arbitrary JavaScript execution (CVE-2019-20920)\n\n* nodejs-handlebars: an endless loop while processing specially-crafted\ntemplates leads to DoS (CVE-2019-20922)\n\n* nodejs-lodash: prototype pollution in zipObjectDeep function\n(CVE-2020-8203)\n\n* nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate\nfunction (CVE-2020-15366)\n\n* nodejs-highlight-js: prototype pollution via a crafted HTML code block\n(CVE-2020-26237)\n\n* urijs: Hostname spoofing via backslashes in URL (CVE-2020-26291)\n\n* python-pillow: decoding crafted YCbCr files could result in heap-based\nbuffer overflow (CVE-2020-35654)\n\n* browserslist: parsing of invalid queries could result in Regular\nExpression Denial of Service (ReDoS) (CVE-2021-23364)\n\n* nodejs-postcss: Regular expression denial of service during source map\nparsing (CVE-2021-23368)\n\n* nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in\nlib/previous-map.js (CVE-2021-23382)\n\n* python-pillow: negative-offset memcpy with an invalid size in\nTiffDecode.c (CVE-2021-25290)\n\n* python-pillow: out-of-bounds read in TiffReadRGBATile in TiffDecode.c\n(CVE-2021-25291)\n\n* python-pillow: backtracking regex in PDF parser could be used as a DOS\nattack (CVE-2021-25292)\n\n* python-pillow: out-of-bounds read in SGIRleDecode.c (CVE-2021-25293)\n\n* nodejs-url-parse: mishandling certain uses of backslash may lead to\nconfidentiality compromise (CVE-2021-27515)\n\n* python-pillow: reported size of a contained image is not properly checked\nfor a BLP container (CVE-2021-27921)\n\n* python-pillow: reported size of a contained image is not properly checked\nfor an ICNS container (CVE-2021-27922)\n\n* python-pillow: reported size of a contained image is not properly checked\nfor an ICO container (CVE-2021-27923)\n\n* python-pillow: buffer overflow in Convert.c because it allow an attacker\nto pass controlled parameters directly into a convert function\n(CVE-2021-34552)\n\n* nodejs-braces: Regular Expression Denial of Service (ReDoS) in\nlib/parsers.js (CVE-2018-1109)\n\n* lodash: Prototype pollution in utilities function (CVE-2018-3721)\n\n* hoek: Prototype pollution in utilities function (CVE-2018-3728)\n\n* lodash: uncontrolled resource consumption in Data handler causing denial\nof service (CVE-2019-1010266)\n\n* nodejs-yargs-parser: prototype pollution vulnerability (CVE-2020-7608)\n\n* python-pillow: decoding a crafted PCX file could result in buffer\nover-read (CVE-2020-35653)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n1500700 - CVE-2017-16138 nodejs-mime: Regular expression Denial of Service\n1500705 - CVE-2017-16137 nodejs-debug: Regular expression Denial of Service\n1545884 - CVE-2018-3721 lodash: Prototype pollution in utilities function\n1545893 - CVE-2018-3728 hoek: Prototype pollution in utilities function\n1546357 - CVE-2018-1107 nodejs-is-my-json-valid: ReDoS when validating JSON fields with email format\n1547272 - CVE-2018-1109 nodejs-braces: Regular Expression Denial of Service (ReDoS) in lib/parsers.js\n1608140 - CVE-2018-16492 nodejs-extend: Prototype pollution can allow attackers to modify object properties\n1743096 - CVE-2019-1010266 lodash: uncontrolled resource consumption in Data handler causing denial of service\n1840004 - CVE-2020-7608 nodejs-yargs-parser: prototype pollution vulnerability\n1857412 - CVE-2020-8203 nodejs-lodash: prototype pollution in zipObjectDeep function\n1857977 - CVE-2020-15366 nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function\n1882256 - CVE-2019-20922 nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS\n1882260 - CVE-2019-20920 nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution\n1901662 - CVE-2020-26237 nodejs-highlight-js: prototype pollution via a crafted HTML code block\n1915257 - CVE-2020-26291 urijs: Hostname spoofing via backslashes in URL\n1915420 - CVE-2020-35653 python-pillow: decoding a crafted PCX file could result in buffer over-read\n1915424 - CVE-2020-35654 python-pillow: decoding crafted YCbCr files could result in heap-based buffer overflow\n1927293 - CVE-2018-21270 nodejs-stringstream: out-of-bounds read leading to uninitialized memory exposure\n1934470 - CVE-2021-27516 nodejs-urijs: mishandling certain uses of backslash may lead to confidentiality compromise\n1934474 - CVE-2021-27515 nodejs-url-parse: mishandling certain uses of backslash may lead to confidentiality compromise\n1934680 - CVE-2021-25289 python-pillow: insufficent fix for CVE-2020-35654 due to incorrect error checking in TiffDecode.c\n1934685 - CVE-2021-25290 python-pillow: negative-offset memcpy with an invalid size in TiffDecode.c\n1934692 - CVE-2021-25291 python-pillow: out-of-bounds read in TiffReadRGBATile in TiffDecode.c\n1934699 - CVE-2021-25292 python-pillow: backtracking regex in PDF parser could be used as a DOS attack\n1934705 - CVE-2021-25293 python-pillow: out-of-bounds read in SGIRleDecode.c\n1935384 - CVE-2021-27921 python-pillow: reported size of a contained image is not properly checked for a BLP container\n1935396 - CVE-2021-27922 python-pillow: reported size of a contained image is not properly checked for an ICNS container\n1935401 - CVE-2021-27923 python-pillow: reported size of a contained image is not properly checked for an ICO container\n1940759 - CVE-2018-3774 nodejs-url-parse: incorrect hostname in url parsing\n1948763 - CVE-2021-23368 nodejs-postcss: Regular expression denial of service during source map parsing\n1954150 - CVE-2021-23382 nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js\n1955619 - CVE-2021-23364 browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS)\n1982378 - CVE-2021-34552 python-pillow: buffer overflow in Convert.c because it allow an attacker to pass controlled parameters directly into a convert function\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nPROJQUAY-1417 - zstd compressed layers\nPROJQUAY-1449 - As a Quay admin I want to rely on the Operator to auto-scale all stateless parts of Quay\nPROJQUAY-1535 - As a user I can create and use nested repository name structures\nPROJQUAY-1583 - add \"disconnected\" annotation to operators\nPROJQUAY-1609 - Operator communicates status per managed component\nPROJQUAY-1610 - Operator does not make Quay deployment wait on Clair deployment\nPROJQUAY-1791 - v1beta CRD EOL\nPROJQUAY-1883 - Support OCP Re-encrypt routes\nPROJQUAY-1887 - allow either sha or tag in related images\nPROJQUAY-1926 - As an admin, I want an API to create first user, so I can automate deployment. \nPROJQUAY-1998 - note database deprecations in 3.6 Config Tool\nPROJQUAY-2050 - Support OCP Edge-Termination\nPROJQUAY-2100 - A customer can update the Operator from 3.3 to 3.6 directly\nPROJQUAY-2102 - add clair-4.2 enrichment data to quay UI\nPROJQUAY-672 - MutatingAdmissionWebhook Created Automatically for QBO During Install\n\n6. Bugs fixed (https://bugzilla.redhat.com/):\n\n1858777 - Alert for VM with \u0027evictionStrategy: LiveMigrate\u0027 for local PVs set\n1891921 - virt-launcher is missing /usr/share/zoneinfo directory, making it impossible to set clock offset of timezone type for the guest RTC\n1896469 - In cluster with OVN Kubernetes networking - a node doesn\u0027t recover when configuring linux-bridge over its default NIC\n1903687 - [scale] 1K DV creation failed\n1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation\n1933043 - Delete VM just after it turns into \"running\" is very likely to hit grace period end\n1935219 - [CNV-2.5] Set memory and CPU request on hco-operator and hco-webhook deployments\n1942726 - test automatic bug creation for a new release\n1943164 - Node drain: Sometimes source virt-launcher pod status is Failed and not Completed\n1945589 - Live migration with virtiofs is possible\n1953481 - New OCP priority classes are not used - Deploy\n1953483 - New OCP priority classes are not used - SSP\n1953484 - New OCP priority classes are not used - Storage\n1955129 - Failed to bindmount hotplug-disk for hostpath-provisioner\n1957852 - Could not start VM as restore snapshot was still not Complete\n1958341 - CVE-2021-31525 golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header\n1963963 - hco.kubevirt.io:config-reader role and rolebinding are not strictly reconciled\n1965050 - RoleBinding and ClusterRoleBinding brought in by kubevirt does not get reconciled when kind is ServiceAccount\n1973852 - Introduce VM crashloop backoff\n1976604 - [CNV-5786] IP connectivity is lost after migration (masquerade)\n1976730 - Disk is not usable due to incorrect size for proper alignment\n1979631 - virt-chroot: container disk validation crash prevents VMI from starting/migrating\n1979659 - 4.9.0 containers\n1981345 - 4.9.0 rpms\n1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic\n1985083 - VMI Pod fails to terminate due to a zombie qemu process\n1985649 - virt-handler Pod is missing xorrisofs command\n1985670 - virt-launcher fails to create v1 controller cpu for group: Read-only file system\n1985719 - Unprivileged client fails to get guest agent data\n1989176 - kube-cni-linux-bridge-plugin Pod is missing bridge CNI plugin\n1989263 - VM Snapshot may freeze guest indefinitely\n1989269 - Online VM Snapshot storing incorrect VM spec\n1989564 - CVE-2021-33195 golang: net: lookup functions may return invalid host names\n1989570 - CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty\n1989575 - CVE-2021-33198 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents\n1991691 - Enable DownwardMetrics FeatureGate via HCO CR\n1992608 - kubevirt doesn\u0027t respect useEmulation: true\n1993121 - Rhel9 templates - provider-url should be updated to https://www.redhat.com/\n1994389 - Some of the cdi resources missing app labels\n1995295 - SCC annotation of ssp-operator was changed to privileged\n1996407 - [cdi-functional-tests] cdi-docker-registry-host Pod fails to start\n1997014 - Common templates - dataVolumeTemplates API version should be updated\n1998054 - RHEL9 template - update template description. \n1998656 - no \"name\" label in ssp-operator pod\n1999571 - NFS clone not progressing when clone sizes mismatch (target \u003e source)\n1999617 - Unable to create a VM with nonroot VirtLauncher Pods\n1999835 - ConsoleCLIDownload | wrong path in virtctl archive URL\n2000052 - NNCP creation failures after nmstate-handler pod deletion\n2000204 - [4.9.0] [RFE] volumeSnapshotStatuses reason does not check for volume type that do not support snapshots\n2001041 - [4.9.0] Importer attempts to shrink an image in certain situations\n2001047 - Automatic size detection may not request a PVC that is large enough for an import\n2003473 - Failed to Migrate Windows VM with CDROM (readonly)\n2005695 - With descheduler during multiple VMIs migrations, some VMs are restarted\n2006418 - Clone Strategy does not work as described\n2008900 - Eviction of not live migratable VMs due to virt-launcher upgrade can happen outside the upgrade window\n2010742 - [CNV-4.9] VMI is in LiveMigrate loop when Upgrading Cluster from 2.6.7/4.7.32 to OCP 4.8.13\n2011179 - Cluster-wide live migration limits and timeouts are not suitable\n2017394 - After upgrade, live migration is Pending\n2018521 - [Storage] Failed to restore VirtualMachineSnapshot after CNV upgrade\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic\n1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet\n1998844 - virt-handler Pod is missing xorrisofs command\n2008522 - \"unable to execute QEMU agent command \u0027guest-get-users\u0027\" logs in virt-launcher pod every 10 seconds\n2010334 - VM is not able to be migrated after failed migration\n2012328 - 2.6.8 containers\n2013494 - [CNV-2.6.8] VMI is in LiveMigrate loop when Upgrading Cluster from 2.6.7/4.7.32 to OCP 4.8.13\n\n5",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22924"
},
{
"db": "VULHUB",
"id": "VHN-381398"
},
{
"db": "VULMON",
"id": "CVE-2021-22924"
},
{
"db": "PACKETSTORM",
"id": "166714"
},
{
"db": "PACKETSTORM",
"id": "169318"
},
{
"db": "PACKETSTORM",
"id": "163637"
},
{
"db": "PACKETSTORM",
"id": "164583"
},
{
"db": "PACKETSTORM",
"id": "164221"
},
{
"db": "PACKETSTORM",
"id": "164342"
},
{
"db": "PACKETSTORM",
"id": "164282"
},
{
"db": "PACKETSTORM",
"id": "164555"
},
{
"db": "PACKETSTORM",
"id": "164755"
},
{
"db": "PACKETSTORM",
"id": "165008"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-22924",
"trust": 2.2
},
{
"db": "SIEMENS",
"id": "SSA-732250",
"trust": 1.1
},
{
"db": "SIEMENS",
"id": "SSA-484086",
"trust": 1.1
},
{
"db": "SIEMENS",
"id": "SSA-389290",
"trust": 1.1
},
{
"db": "HACKERONE",
"id": "1223565",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "165008",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "164755",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "164583",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "164948",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-381398",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-22924",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166714",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169318",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163637",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164221",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164342",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164282",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164555",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381398"
},
{
"db": "VULMON",
"id": "CVE-2021-22924"
},
{
"db": "PACKETSTORM",
"id": "166714"
},
{
"db": "PACKETSTORM",
"id": "169318"
},
{
"db": "PACKETSTORM",
"id": "163637"
},
{
"db": "PACKETSTORM",
"id": "164583"
},
{
"db": "PACKETSTORM",
"id": "164221"
},
{
"db": "PACKETSTORM",
"id": "164342"
},
{
"db": "PACKETSTORM",
"id": "164282"
},
{
"db": "PACKETSTORM",
"id": "164555"
},
{
"db": "PACKETSTORM",
"id": "164755"
},
{
"db": "PACKETSTORM",
"id": "165008"
},
{
"db": "NVD",
"id": "CVE-2021-22924"
}
]
},
"id": "VAR-202108-2222",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-381398"
}
],
"trust": 0.7410993499999999
},
"last_update_date": "2024-11-29T22:22:49.365000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-22924 log"
},
{
"title": "Arch Linux Advisories: [ASA-202107-61] libcurl-compat: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202107-61"
},
{
"title": "Arch Linux Advisories: [ASA-202107-60] lib32-curl: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202107-60"
},
{
"title": "Arch Linux Advisories: [ASA-202107-64] lib32-libcurl-gnutls: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202107-64"
},
{
"title": "Arch Linux Advisories: [ASA-202107-62] lib32-libcurl-compat: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202107-62"
},
{
"title": "Arch Linux Advisories: [ASA-202107-63] libcurl-gnutls: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202107-63"
},
{
"title": "Arch Linux Advisories: [ASA-202107-59] curl: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202107-59"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-22924"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-706",
"trust": 1.1
},
{
"problemtype": "CWE-20",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381398"
},
{
"db": "NVD",
"id": "CVE-2021-22924"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.1,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"trust": 1.1,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
},
{
"trust": 1.1,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20210902-0003/"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2022/dsa-5197"
},
{
"trust": 1.1,
"url": "https://hackerone.com/reports/1223565"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22924"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3cdev.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3cusers.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3cdev.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3cusers.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/frucw2uvnyudzf72dqlfqr4pjec6cf7v/"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2021-22924"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.8,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22922"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2021-22922"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2021-22923"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22923"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2021-37750"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2021-36222"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-37750"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36222"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3653"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-3653"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-25648"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25648"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22946"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22947"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22898"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-37576"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-37576"
},
{
"trust": 0.2,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-34558"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-34558"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/frucw2uvnyudzf72dqlfqr4pjec6cf7v/"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3cdev.kafka.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3cdev.kafka.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3cusers.kafka.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3cusers.kafka.apache.org%3e"
},
{
"trust": 0.1,
"url": "http://seclists.org/oss-sec/2021/q3/26"
},
{
"trust": 0.1,
"url": "https://security.archlinux.org/cve-2021-22924"
},
{
"trust": 0.1,
"url": "https://security.archlinux.org/asa-202107-61"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22947"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22876"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1354"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22876"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27782"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32205"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27775"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32206"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27774"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32207"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27781"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27776"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/curl"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22576"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22945"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.74.0-1ubuntu2.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.14"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5021-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.6"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22543"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-32626"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32675"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22543"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3656"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-32675"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3949"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23841"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41099"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-41099"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3656"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23840"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-32672"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-32627"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23841"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32627"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23840"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-32628"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32626"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32672"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32687"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4658"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4658"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-32687"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32628"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3582"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.8/migration_toolkit_for_con"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-38201"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-38201"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3694"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3749"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3749"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27777"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29154"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31535"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3653"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32399"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23017"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-29650"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27777"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-29154"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-32399"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29650"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22555"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23017"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-31535"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22555"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27922"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1109"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7608"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26237"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-21270"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-25292"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26237"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-25289"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20920"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-3728"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-34552"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35653"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-25289"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35654"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1109"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-3721"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23368"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8203"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1107"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-3774"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7608"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-16137"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8203"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-21270"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23382"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26291"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15366"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-25291"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-16492"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27921"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-3774"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20920"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27515"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20922"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-1010266"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35654"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27923"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-25290"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23364"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16492"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1010266"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20922"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1107"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3917"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26291"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35653"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23382"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-16138"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-3728"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-3721"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15366"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27516"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-16138"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-16137"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-25293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23364"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23368"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33195"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3121"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33197"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:4104"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33195"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3121"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33198"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33198"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-31525"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33197"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31525"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3733"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3733"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:4725"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29923"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-29923"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381398"
},
{
"db": "VULMON",
"id": "CVE-2021-22924"
},
{
"db": "PACKETSTORM",
"id": "166714"
},
{
"db": "PACKETSTORM",
"id": "169318"
},
{
"db": "PACKETSTORM",
"id": "163637"
},
{
"db": "PACKETSTORM",
"id": "164583"
},
{
"db": "PACKETSTORM",
"id": "164221"
},
{
"db": "PACKETSTORM",
"id": "164342"
},
{
"db": "PACKETSTORM",
"id": "164282"
},
{
"db": "PACKETSTORM",
"id": "164555"
},
{
"db": "PACKETSTORM",
"id": "164755"
},
{
"db": "PACKETSTORM",
"id": "165008"
},
{
"db": "NVD",
"id": "CVE-2021-22924"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-381398"
},
{
"db": "VULMON",
"id": "CVE-2021-22924"
},
{
"db": "PACKETSTORM",
"id": "166714"
},
{
"db": "PACKETSTORM",
"id": "169318"
},
{
"db": "PACKETSTORM",
"id": "163637"
},
{
"db": "PACKETSTORM",
"id": "164583"
},
{
"db": "PACKETSTORM",
"id": "164221"
},
{
"db": "PACKETSTORM",
"id": "164342"
},
{
"db": "PACKETSTORM",
"id": "164282"
},
{
"db": "PACKETSTORM",
"id": "164555"
},
{
"db": "PACKETSTORM",
"id": "164755"
},
{
"db": "PACKETSTORM",
"id": "165008"
},
{
"db": "NVD",
"id": "CVE-2021-22924"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-05T00:00:00",
"db": "VULHUB",
"id": "VHN-381398"
},
{
"date": "2022-04-13T22:20:44",
"db": "PACKETSTORM",
"id": "166714"
},
{
"date": "2022-08-28T19:12:00",
"db": "PACKETSTORM",
"id": "169318"
},
{
"date": "2021-07-22T23:15:11",
"db": "PACKETSTORM",
"id": "163637"
},
{
"date": "2021-10-21T15:31:47",
"db": "PACKETSTORM",
"id": "164583"
},
{
"date": "2021-09-21T15:40:44",
"db": "PACKETSTORM",
"id": "164221"
},
{
"date": "2021-09-30T16:27:16",
"db": "PACKETSTORM",
"id": "164342"
},
{
"date": "2021-09-24T15:49:04",
"db": "PACKETSTORM",
"id": "164282"
},
{
"date": "2021-10-19T15:32:20",
"db": "PACKETSTORM",
"id": "164555"
},
{
"date": "2021-11-03T17:47:45",
"db": "PACKETSTORM",
"id": "164755"
},
{
"date": "2021-11-18T17:07:15",
"db": "PACKETSTORM",
"id": "165008"
},
{
"date": "2021-08-05T21:15:11.380000",
"db": "NVD",
"id": "CVE-2021-22924"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-28T00:00:00",
"db": "VULHUB",
"id": "VHN-381398"
},
{
"date": "2024-03-27T15:11:45.923000",
"db": "NVD",
"id": "CVE-2021-22924"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "169318"
},
{
"db": "PACKETSTORM",
"id": "163637"
}
],
"trust": 0.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat Security Advisory 2022-1354-01",
"sources": [
{
"db": "PACKETSTORM",
"id": "166714"
}
],
"trust": 0.1
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "overflow",
"sources": [
{
"db": "PACKETSTORM",
"id": "164583"
}
],
"trust": 0.1
}
}
var-202009-0304
Vulnerability from variot
This vulnerability allows an attacker to use the internal WebSockets API for CodeMeter (All versions prior to 7.00 are affected, including Version 7.0 or newer with the affected WebSockets API still enabled. This is especially relevant for systems or devices where a web browser is used to access a web server) via a specifically crafted Java Script payload, which may allow alteration or creation of license files for when combined with CVE-2020-14515. CodeMeter Exists in a vulnerability related to same-origin policy violations.Information may be tampered with. Siemens SIMATIC WinCC OA (Open Architecture) is a set of SCADA system of Siemens (Siemens), Germany, and it is also an integral part of HMI series. The system is mainly suitable for industries such as rail transit, building automation and public power supply. Information Server is used to report and visualize the process data stored in the Process Historian. SINEC INS is a web-based application that combines various network services in one tool.
Many Siemens products have security vulnerabilities. Attackers can use vulnerabilities to change or create license files
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202009-0304",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "codemeter",
"scope": "lt",
"trust": 1.0,
"vendor": "wibu",
"version": "7.00"
},
{
"model": "codemeter",
"scope": null,
"trust": 0.8,
"vendor": "wibu",
"version": null
},
{
"model": "codemeter",
"scope": "eq",
"trust": 0.8,
"vendor": "wibu",
"version": "7.00"
},
{
"model": "codemeter",
"scope": "eq",
"trust": 0.8,
"vendor": "wibu",
"version": null
},
{
"model": "sinec ins",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "sinema remote connect",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51241"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011223"
},
{
"db": "NVD",
"id": "CVE-2020-14519"
}
]
},
"cve": "CVE-2020-14519",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-14519",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-51241",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-14519",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-14519",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-14519",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-14519",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-51241",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202009-486",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51241"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011223"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-486"
},
{
"db": "NVD",
"id": "CVE-2020-14519"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This vulnerability allows an attacker to use the internal WebSockets API for CodeMeter (All versions prior to 7.00 are affected, including Version 7.0 or newer with the affected WebSockets API still enabled. This is especially relevant for systems or devices where a web browser is used to access a web server) via a specifically crafted Java Script payload, which may allow alteration or creation of license files for when combined with CVE-2020-14515. CodeMeter Exists in a vulnerability related to same-origin policy violations.Information may be tampered with. Siemens SIMATIC WinCC OA (Open Architecture) is a set of SCADA system of Siemens (Siemens), Germany, and it is also an integral part of HMI series. The system is mainly suitable for industries such as rail transit, building automation and public power supply. Information Server is used to report and visualize the process data stored in the Process Historian. SINEC INS is a web-based application that combines various network services in one tool. \n\r\n\r\nMany Siemens products have security vulnerabilities. Attackers can use vulnerabilities to change or create license files",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-14519"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011223"
},
{
"db": "CNVD",
"id": "CNVD-2020-51241"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-14519",
"trust": 3.8
},
{
"db": "ICS CERT",
"id": "ICSA-20-203-01",
"trust": 2.4
},
{
"db": "JVN",
"id": "JVNVU90770748",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU94568336",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011223",
"trust": 0.8
},
{
"db": "SIEMENS",
"id": "SSA-455843",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2020-51241",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3076.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3076.3",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3076",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022021806",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202009-486",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51241"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011223"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-486"
},
{
"db": "NVD",
"id": "CVE-2020-14519"
}
]
},
"id": "VAR-202009-0304",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51241"
}
],
"trust": 1.0737775833333334
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51241"
}
]
},
"last_update_date": "2024-11-23T20:54:05.760000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CodeMeter",
"trust": 0.8,
"url": "https://www.wibu.com/products/codemeter.html"
},
{
"title": "Patch for Multiple Siemens products verification error vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/233347"
},
{
"title": "Wibu-Systems AG CodeMeter Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=127907"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51241"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011223"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-486"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-346",
"trust": 1.0
},
{
"problemtype": "Same-origin policy violation (CWE-346) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-011223"
},
{
"db": "NVD",
"id": "CVE-2020-14519"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14519"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu94568336/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90770748/"
},
{
"trust": 0.6,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-455843.pdf"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/siemens-simatic-six-vulnerabilities-via-wibu-systems-codemeter-runtime-33282"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022021806"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3076.2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3076.3/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3076/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51241"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011223"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-486"
},
{
"db": "NVD",
"id": "CVE-2020-14519"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-51241"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011223"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-486"
},
{
"db": "NVD",
"id": "CVE-2020-14519"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-51241"
},
{
"date": "2021-03-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-011223"
},
{
"date": "2020-09-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-486"
},
{
"date": "2020-09-16T20:15:13.723000",
"db": "NVD",
"id": "CVE-2020-14519"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-51241"
},
{
"date": "2022-03-15T05:12:00",
"db": "JVNDB",
"id": "JVNDB-2020-011223"
},
{
"date": "2022-02-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-486"
},
{
"date": "2024-11-21T05:03:26.710000",
"db": "NVD",
"id": "CVE-2020-14519"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-486"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CodeMeter\u00a0 Vulnerability regarding same-origin policy violation in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-011223"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-486"
}
],
"trust": 0.6
}
}
var-201611-0180
Vulnerability from variot
A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC IT Production Suite (All versions < V7.0 SP1 HFX 2), SIMATIC NET PC-Software (All versions < V14), SIMATIC PCS 7 V7.1 (All versions), SIMATIC PCS 7 V8.0 (All versions), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2), SIMATIC STEP 7 V5.X (All versions < V5.5 SP4 HF11), SIMATIC WinCC (TIA Portal) Basic, Comfort, Advanced (All versions < V14), SIMATIC WinCC (TIA Portal) Professional V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) Professional V14 (All versions < V14 SP1), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1), SIMATIC WinCC V7.0 SP2 and earlier versions (All versions < V7.0 SP2 Upd 12), SIMATIC WinCC V7.0 SP3 (All versions < V7.0 SP3 Upd 8), SIMATIC WinCC V7.2 (All versions < V7.2 Upd 14), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 11), SIMATIC WinCC V7.4 (All versions < V7.4 SP1), SIMIT V9.0 (All versions < V9.0 SP1), SINEMA Remote Connect Client (All versions < V1.0 SP3), SINEMA Server (All versions < V13 SP2), SOFTNET Security Client V5.0 (All versions), Security Configuration Tool (SCT) (All versions < V4.3 HF1), TeleControl Server Basic (All versions < V3.0 SP2), WinAC RTX 2010 SP2 (All versions), WinAC RTX F 2010 SP2 (All versions). Unquoted service paths could allow local Microsoft Windows operating system users to escalate their privileges if the affected products are not installed under their default path ("C:\Program Files*" or the localized equivalent). plural Siemens The product has an installation %PROGRAMFILES% If not using a directory, it is not enclosed in quotes Windows There are vulnerabilities whose privileges are obtained by the search path. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) ,and CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. https://cwe.mitre.org/data/definitions/254.html https://cwe.mitre.org/data/definitions/284.htmlA local user may be able to gain privileges through the Trojan executable. Founded in 1847, Siemens AG of Germany focuses on the fields of electrification, automation and digitization. Siemens is a leader in offshore wind turbine construction, gas turbine and steam turbine power generation, transmission solutions, infrastructure solutions, industrial automation, drive and software solutions, and medical imaging equipment and laboratory diagnostics. There are privilege escalation vulnerabilities in many Siemens products. Siemens SIMATIC WinCC, etc. Siemens SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system; SIMATIC PCS 7 is a distributed process control system using WinCC
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201611-0180",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simit",
"scope": "eq",
"trust": 3.3,
"vendor": "siemens",
"version": "9.0"
},
{
"model": "softnet security client",
"scope": "eq",
"trust": 1.7,
"vendor": "siemens",
"version": "5.0"
},
{
"model": "simatic wincc runtime",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc \\",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": null
},
{
"model": "sinema remote connect",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 1.3,
"vendor": "siemens",
"version": "7.4"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 1.3,
"vendor": "siemens",
"version": "7.3"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 1.3,
"vendor": "siemens",
"version": "7.2"
},
{
"model": "simatic step 7 \\",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "14.0"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "simatic wincc \\",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "14.0"
},
{
"model": "simatic step 7",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "5.5"
},
{
"model": "sinema server",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "13.0"
},
{
"model": "simatic winac rtx 2010",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "telecontrol basic",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "softnet security client",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "5.0"
},
{
"model": "simatic winac rtx f 2010",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "primary setup tool",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "simatic pcs7",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "8.1"
},
{
"model": "simatic it production suite",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "simatic net pc software",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "14.0"
},
{
"model": "simatic wincc",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "simatic pcs 7",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "simatic pcs7",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "8.2"
},
{
"model": "simatic pcs7",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "8.0"
},
{
"model": "security configuration tool",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "simatic pcs",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "78.0"
},
{
"model": "simatic pcs",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "78.1"
},
{
"model": "simatic pcs",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "78.2"
},
{
"model": "security configuration tool",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic winac rtx f 2010",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "sp2"
},
{
"model": "simatic it production suite",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "7.0 sp3"
},
{
"model": "simatic winac rtx 2010",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "sp2"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "professional"
},
{
"model": "simatic pcs 7",
"scope": "lte",
"trust": 0.8,
"vendor": "siemens",
"version": "8.2 until"
},
{
"model": "simatic wincc runtime professional",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "7.2 to 7.4"
},
{
"model": "sinema remote connect client",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "7.0 sp3 upd 8"
},
{
"model": "simatic step 7",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "5.x"
},
{
"model": "primary setup tool",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "simatic wincc tia portal",
"version": "*"
},
{
"model": "simatic step",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "75.x"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7.3x"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7.4x"
},
{
"model": "sinema server",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7.2x"
},
{
"model": "simatic wincc sp2 sp2 upd",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7.0\u003c7.012"
},
{
"model": "simatic wincc sp3 sp3 upd",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7.0\u003c7.08"
},
{
"model": "simatic net pc-software",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "14"
},
{
"model": "simatic wincc runtime professional all",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic step",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7\u003c14"
},
{
"model": "simatic wincc basic",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "14"
},
{
"model": "simatic wincc comfort",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "14"
},
{
"model": "simatic wincc advanced",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "14"
},
{
"model": "simatic wincc professional all",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "sinema remote connect client all",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic winac rtx sp2 all",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "2010"
},
{
"model": "simatic winac rtx f sp2 all",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "2010"
},
{
"model": "simatic it production suite all",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "telecontrol server basic sp2",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "softnet security client all",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v5.0"
},
{
"model": "security configuration tool all",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "primary setup tool all",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc \\",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "14.0"
},
{
"model": "telecontrol basic",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "sinema server",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "13.0"
},
{
"model": "telecontrol server basic",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "sinema server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "v12"
},
{
"model": "sinema server",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "v12"
},
{
"model": "sinema server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "12.0"
},
{
"model": "sinema server",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "12.0-"
},
{
"model": "sinema remote connect client",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic wincc runtime professional",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic wincc professional",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic wincc comfort",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic wincc basic",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic wincc advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic wincc update",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.41"
},
{
"model": "simatic wincc update",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.32"
},
{
"model": "simatic wincc update",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.310"
},
{
"model": "simatic wincc update",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.31"
},
{
"model": "simatic wincc upd4",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.3"
},
{
"model": "simatic wincc update",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.29"
},
{
"model": "simatic wincc update",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.28"
},
{
"model": "simatic wincc update",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.21"
},
{
"model": "simatic wincc upd4",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.2"
},
{
"model": "simatic wincc upd11",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.2"
},
{
"model": "simatic wincc sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "simatic wincc sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "simatic winac rtx f sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2010"
},
{
"model": "simatic winac rtx sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2010"
},
{
"model": "simatic step tia portal sp1 upd1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7v13"
},
{
"model": "simatic step tia portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7v13"
},
{
"model": "simatic step tia portal",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7v13"
},
{
"model": "simatic step tia portal",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7v12"
},
{
"model": "simatic step sp4 hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "75.5"
},
{
"model": "simatic step sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "75.5"
},
{
"model": "simatic step sp3 hf10",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "75.5"
},
{
"model": "simatic step sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "75.5"
},
{
"model": "simatic step sp2 hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "75.5"
},
{
"model": "simatic step sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "75.5"
},
{
"model": "simatic step sp1 hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "75.5"
},
{
"model": "simatic step sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "75.5"
},
{
"model": "simatic step",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "75.5"
},
{
"model": "simatic pcs sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "78.1"
},
{
"model": "simatic pcs",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "78"
},
{
"model": "simatic pcs",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "77.1"
},
{
"model": "simatic pcs",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "77"
},
{
"model": "simatic net pc-software sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "13"
},
{
"model": "simatic net pc-software hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "13"
},
{
"model": "simatic net pc-software",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "13"
},
{
"model": "simatic net pc-software sp2 hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "12"
},
{
"model": "simatic net pc-software",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "12"
},
{
"model": "simatic it production suite",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "security configuration tool",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "primary setup tool",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "telecontrol server basic sp2",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "sinema server sp2",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "13"
},
{
"model": "simatic wincc comfort",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "14"
},
{
"model": "simatic wincc basic",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "14"
},
{
"model": "simatic wincc advanced",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "14"
},
{
"model": "simatic wincc sp3 upd",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "7.08"
},
{
"model": "simatic wincc sp2 upd",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "7.012"
},
{
"model": "simatic step tia portal",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "7v14"
},
{
"model": "simatic net pc-software",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "14"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "primary setup tool",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "security configuration tool",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic it production suite",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic net pc",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic pcs7",
"version": "8.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic pcs7",
"version": "8.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic pcs7",
"version": "8.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic pcs 7",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic step 7",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic step 7 tia portal",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic winac rtx 2010",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic winac rtx f 2010",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic wincc",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic wincc",
"version": "7.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic wincc",
"version": "7.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic wincc",
"version": "7.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic wincc",
"version": "7.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic wincc tia portal",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic wincc runtime",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simit",
"version": "9.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinema remote connect",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinema server",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "softnet security client",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "telecontrol basic",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "b4d8ef0b-eef6-4e09-9b80-86c9b1224d88"
},
{
"db": "CNVD",
"id": "CNVD-2016-10732"
},
{
"db": "BID",
"id": "94158"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005899"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-301"
},
{
"db": "NVD",
"id": "CVE-2016-7165"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:siemens:primary_setup_tool",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:security_configuration_tool",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_it_production_suite",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_net_pc-software",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_pcs_7",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_step_7",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_step_7_%28tia_portal%29",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_winac_rtx_2010",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_winac_rtx_f_2010",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_wincc",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_wincc_%28tia_portal%29",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_wincc_runtime_professional",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simit",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:sinema_remote_connect",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:sinema_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:softnet_security_client",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:telecontrol_basic",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005899"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WATERSURE and KIANDRA IT",
"sources": [
{
"db": "BID",
"id": "94158"
}
],
"trust": 0.3
},
"cve": "CVE-2016-7165",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "CVE-2016-7165",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "MULTIPLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 5.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.2,
"id": "CNVD-2016-10732",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:H/Au:M/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "MULTIPLE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 5.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.2,
"id": "b4d8ef0b-eef6-4e09-9b80-86c9b1224d88",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:H/Au:M/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "VHN-95985",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.5,
"id": "CVE-2016-7165",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-7165",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-7165",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2016-10732",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201611-301",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "b4d8ef0b-eef6-4e09-9b80-86c9b1224d88",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-95985",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "b4d8ef0b-eef6-4e09-9b80-86c9b1224d88"
},
{
"db": "CNVD",
"id": "CNVD-2016-10732"
},
{
"db": "VULHUB",
"id": "VHN-95985"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005899"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-301"
},
{
"db": "NVD",
"id": "CVE-2016-7165"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in Primary Setup Tool (PST) (All versions \u003c V4.2 HF1), SIMATIC IT Production Suite (All versions \u003c V7.0 SP1 HFX 2), SIMATIC NET PC-Software (All versions \u003c V14), SIMATIC PCS 7 V7.1 (All versions), SIMATIC PCS 7 V8.0 (All versions), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions \u003c V8.2 SP1), SIMATIC STEP 7 (TIA Portal) V13 (All versions \u003c V13 SP2), SIMATIC STEP 7 V5.X (All versions \u003c V5.5 SP4 HF11), SIMATIC WinCC (TIA Portal) Basic, Comfort, Advanced (All versions \u003c V14), SIMATIC WinCC (TIA Portal) Professional V13 (All versions \u003c V13 SP2), SIMATIC WinCC (TIA Portal) Professional V14 (All versions \u003c V14 SP1), SIMATIC WinCC Runtime Professional V13 (All versions \u003c V13 SP2), SIMATIC WinCC Runtime Professional V14 (All versions \u003c V14 SP1), SIMATIC WinCC V7.0 SP2 and earlier versions (All versions \u003c V7.0 SP2 Upd 12), SIMATIC WinCC V7.0 SP3 (All versions \u003c V7.0 SP3 Upd 8), SIMATIC WinCC V7.2 (All versions \u003c V7.2 Upd 14), SIMATIC WinCC V7.3 (All versions \u003c V7.3 Upd 11), SIMATIC WinCC V7.4 (All versions \u003c V7.4 SP1), SIMIT V9.0 (All versions \u003c V9.0 SP1), SINEMA Remote Connect Client (All versions \u003c V1.0 SP3), SINEMA Server (All versions \u003c V13 SP2), SOFTNET Security Client V5.0 (All versions), Security Configuration Tool (SCT) (All versions \u003c V4.3 HF1), TeleControl Server Basic (All versions \u003c V3.0 SP2), WinAC RTX 2010 SP2 (All versions), WinAC RTX F 2010 SP2 (All versions). Unquoted service paths could allow local Microsoft Windows operating system users to escalate their privileges if the affected products are not installed under their default path (\"C:\\Program Files\\*\" or the localized equivalent). plural Siemens The product has an installation %PROGRAMFILES% If not using a directory, it is not enclosed in quotes Windows There are vulnerabilities whose privileges are obtained by the search path. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) ,and CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. https://cwe.mitre.org/data/definitions/254.html https://cwe.mitre.org/data/definitions/284.htmlA local user may be able to gain privileges through the Trojan executable. Founded in 1847, Siemens AG of Germany focuses on the fields of electrification, automation and digitization. Siemens is a leader in offshore wind turbine construction, gas turbine and steam turbine power generation, transmission solutions, infrastructure solutions, industrial automation, drive and software solutions, and medical imaging equipment and laboratory diagnostics. There are privilege escalation vulnerabilities in many Siemens products. Siemens SIMATIC WinCC, etc. Siemens SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system; SIMATIC PCS 7 is a distributed process control system using WinCC",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7165"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005899"
},
{
"db": "CNVD",
"id": "CNVD-2016-10732"
},
{
"db": "BID",
"id": "94158"
},
{
"db": "IVD",
"id": "b4d8ef0b-eef6-4e09-9b80-86c9b1224d88"
},
{
"db": "VULHUB",
"id": "VHN-95985"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-7165",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-16-313-02",
"trust": 2.8
},
{
"db": "SIEMENS",
"id": "SSA-701708",
"trust": 1.7
},
{
"db": "BID",
"id": "94158",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-201611-301",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2016-10732",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005899",
"trust": 0.8
},
{
"db": "IVD",
"id": "B4D8EF0B-EEF6-4E09-9B80-86C9B1224D88",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-95985",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "b4d8ef0b-eef6-4e09-9b80-86c9b1224d88"
},
{
"db": "CNVD",
"id": "CNVD-2016-10732"
},
{
"db": "VULHUB",
"id": "VHN-95985"
},
{
"db": "BID",
"id": "94158"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005899"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-301"
},
{
"db": "NVD",
"id": "CVE-2016-7165"
}
]
},
"id": "VAR-201611-0180",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "b4d8ef0b-eef6-4e09-9b80-86c9b1224d88"
},
{
"db": "CNVD",
"id": "CNVD-2016-10732"
},
{
"db": "VULHUB",
"id": "VHN-95985"
}
],
"trust": 1.6015931965384618
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "b4d8ef0b-eef6-4e09-9b80-86c9b1224d88"
},
{
"db": "CNVD",
"id": "CNVD-2016-10732"
}
]
},
"last_update_date": "2024-11-23T23:05:34.362000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-701708",
"trust": 0.8,
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-701708.pdf"
},
{
"title": "Patch for a number of Siemens products with privilege escalation vulnerability (CNVD-2016-10732)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/83616"
},
{
"title": "Multiple Siemens Product non-reference Windows Search path vulnerability fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65670"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10732"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005899"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-301"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-254",
"trust": 1.1
},
{
"problemtype": "CWE-284",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95985"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005899"
},
{
"db": "NVD",
"id": "CVE-2016-7165"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-313-02"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/94158"
},
{
"trust": 1.1,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-701708.pdf"
},
{
"trust": 1.1,
"url": "http://securityaffairs.co/wordpress/53266/security/cve-2016-7165-siemens.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7165"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-7165"
},
{
"trust": 0.6,
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-701708.pdf"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-16-313-02"
},
{
"trust": 0.3,
"url": "http://subscriber.communications.siemens.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10732"
},
{
"db": "VULHUB",
"id": "VHN-95985"
},
{
"db": "BID",
"id": "94158"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005899"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-301"
},
{
"db": "NVD",
"id": "CVE-2016-7165"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "b4d8ef0b-eef6-4e09-9b80-86c9b1224d88"
},
{
"db": "CNVD",
"id": "CNVD-2016-10732"
},
{
"db": "VULHUB",
"id": "VHN-95985"
},
{
"db": "BID",
"id": "94158"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005899"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-301"
},
{
"db": "NVD",
"id": "CVE-2016-7165"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-08T00:00:00",
"db": "IVD",
"id": "b4d8ef0b-eef6-4e09-9b80-86c9b1224d88"
},
{
"date": "2016-11-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-10732"
},
{
"date": "2016-11-15T00:00:00",
"db": "VULHUB",
"id": "VHN-95985"
},
{
"date": "2016-11-08T00:00:00",
"db": "BID",
"id": "94158"
},
{
"date": "2016-11-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005899"
},
{
"date": "2016-11-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-301"
},
{
"date": "2016-11-15T19:30:02.797000",
"db": "NVD",
"id": "CVE-2016-7165"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-10732"
},
{
"date": "2018-06-15T00:00:00",
"db": "VULHUB",
"id": "VHN-95985"
},
{
"date": "2016-11-24T01:08:00",
"db": "BID",
"id": "94158"
},
{
"date": "2016-12-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005899"
},
{
"date": "2019-10-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-301"
},
{
"date": "2024-11-21T02:57:37.740000",
"db": "NVD",
"id": "CVE-2016-7165"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "94158"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-301"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Siemens Vulnerability gained in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005899"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "IVD",
"id": "b4d8ef0b-eef6-4e09-9b80-86c9b1224d88"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-301"
}
],
"trust": 0.8
}
}
var-202009-0303
Vulnerability from variot
CodeMeter (All versions prior to 6.90 when using CmActLicense update files with CmActLicense Firm Code) has an issue in the license-file signature checking mechanism, which allows attackers to build arbitrary license files, including forging a valid license file as if it were a valid license file of an existing vendor. Only CmActLicense update files with CmActLicense Firm Code are affected. CodeMeter Exists in a digital signature validation vulnerability.Information may be tampered with. Siemens SINEMA Remote Connect is a set of remote network management platform of German Siemens (Siemens) company. The SIMIT Simluation Platform allows simulation of factory settings to predict failures in the early planning stage. SINEC INS is a web-based application that combines various network services in one tool.
Many Siemens products have security vulnerabilities
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202009-0303",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "codemeter",
"scope": "lt",
"trust": 1.0,
"vendor": "wibu",
"version": "6.90"
},
{
"model": "codemeter",
"scope": null,
"trust": 0.8,
"vendor": "wibu",
"version": null
},
{
"model": "codemeter",
"scope": "eq",
"trust": 0.8,
"vendor": "wibu",
"version": null
},
{
"model": "codemeter",
"scope": "eq",
"trust": 0.8,
"vendor": "wibu",
"version": "6.90"
},
{
"model": "process historian",
"scope": "lte",
"trust": 0.6,
"vendor": "siemens",
"version": "\u003c=2019"
},
{
"model": "simatic pcs neo",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simit simulation platform",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "sinema remote connect",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51243"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011221"
},
{
"db": "NVD",
"id": "CVE-2020-14515"
}
]
},
"cve": "CVE-2020-14515",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-14515",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 5.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.9,
"id": "CNVD-2020-51243",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:H/Au:N/C:N/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-14515",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-14515",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-14515",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-14515",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-51243",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202009-488",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51243"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011221"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-488"
},
{
"db": "NVD",
"id": "CVE-2020-14515"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CodeMeter (All versions prior to 6.90 when using CmActLicense update files with CmActLicense Firm Code) has an issue in the license-file signature checking mechanism, which allows attackers to build arbitrary license files, including forging a valid license file as if it were a valid license file of an existing vendor. Only CmActLicense update files with CmActLicense Firm Code are affected. CodeMeter Exists in a digital signature validation vulnerability.Information may be tampered with. Siemens SINEMA Remote Connect is a set of remote network management platform of German Siemens (Siemens) company. The SIMIT Simluation Platform allows simulation of factory settings to predict failures in the early planning stage. SINEC INS is a web-based application that combines various network services in one tool. \n\r\n\r\nMany Siemens products have security vulnerabilities",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-14515"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011221"
},
{
"db": "CNVD",
"id": "CNVD-2020-51243"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-14515",
"trust": 3.8
},
{
"db": "ICS CERT",
"id": "ICSA-20-203-01",
"trust": 2.4
},
{
"db": "JVN",
"id": "JVNVU90770748",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU94568336",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011221",
"trust": 0.8
},
{
"db": "SIEMENS",
"id": "SSA-455843",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2020-51243",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3076.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3076.3",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3076",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022021806",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202009-488",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51243"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011221"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-488"
},
{
"db": "NVD",
"id": "CVE-2020-14515"
}
]
},
"id": "VAR-202009-0303",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51243"
}
],
"trust": 1.3255275260000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51243"
}
]
},
"last_update_date": "2024-11-23T20:45:00.944000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CodeMeter",
"trust": 0.8,
"url": "https://www.wibu.com/products/codemeter.html"
},
{
"title": "Patch for Improper password signature verification vulnerabilities in many Siemens products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/233341"
},
{
"title": "Wibu-Systems AG CodeMeter Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=127909"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51243"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011221"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-488"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-347",
"trust": 1.0
},
{
"problemtype": "Improper verification of digital signatures (CWE-347) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-011221"
},
{
"db": "NVD",
"id": "CVE-2020-14515"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14515"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu94568336/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90770748/"
},
{
"trust": 0.6,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-455843.pdf"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/siemens-simatic-six-vulnerabilities-via-wibu-systems-codemeter-runtime-33282"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022021806"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3076.2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3076.3/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3076/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51243"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011221"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-488"
},
{
"db": "NVD",
"id": "CVE-2020-14515"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-51243"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011221"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-488"
},
{
"db": "NVD",
"id": "CVE-2020-14515"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-51243"
},
{
"date": "2021-03-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-011221"
},
{
"date": "2020-09-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-488"
},
{
"date": "2020-09-16T20:15:13.567000",
"db": "NVD",
"id": "CVE-2020-14515"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-51243"
},
{
"date": "2022-03-15T05:07:00",
"db": "JVNDB",
"id": "JVNDB-2020-011221"
},
{
"date": "2022-02-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-488"
},
{
"date": "2024-11-21T05:03:26.193000",
"db": "NVD",
"id": "CVE-2020-14515"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-488"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CodeMeter\u00a0 Digital Signature Verification Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-011221"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "data forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-488"
}
],
"trust": 0.6
}
}
var-202108-1048
Vulnerability from variot
A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.0 SP1). Affected devices allow to modify configuration settings over an unauthenticated channel. This could allow a local attacker to escalate privileges and execute own code on the device. SINEMA Remote Connect Client Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens SINEMA Remote Connect Server is a set of remote network management platform of German Siemens (Siemens). The platform is mainly used for remote access, maintenance, control and diagnosis of the underlying network
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202108-1048",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sinema remote connect",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "sinema remote connect",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "sinema remote connect client",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "sinema remote connect client",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": "3.0 sp1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-012376"
},
{
"db": "NVD",
"id": "CVE-2021-31338"
}
]
},
"cve": "CVE-2021-31338",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2021-31338",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-391086",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-31338",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-31338",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-31338",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-31338",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202108-1679",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-391086",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-31338",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-391086"
},
{
"db": "VULMON",
"id": "CVE-2021-31338"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012376"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1679"
},
{
"db": "NVD",
"id": "CVE-2021-31338"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in SINEMA Remote Connect Client (All versions \u003c V3.0 SP1). Affected devices allow to modify configuration settings over an unauthenticated channel. This could allow a local attacker to escalate privileges and execute own code on the device. SINEMA Remote Connect Client Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens SINEMA Remote Connect Server is a set of remote network management platform of German Siemens (Siemens). The platform is mainly used for remote access, maintenance, control and diagnosis of the underlying network",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-31338"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012376"
},
{
"db": "VULHUB",
"id": "VHN-391086"
},
{
"db": "VULMON",
"id": "CVE-2021-31338"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-31338",
"trust": 3.4
},
{
"db": "SIEMENS",
"id": "SSA-816035",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012376",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1679",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-391086",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-31338",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-391086"
},
{
"db": "VULMON",
"id": "CVE-2021-31338"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012376"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1679"
},
{
"db": "NVD",
"id": "CVE-2021-31338"
}
]
},
"id": "VAR-202108-1048",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-391086"
}
],
"trust": 0.7818182
},
"last_update_date": "2024-08-14T14:31:39.946000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-816035",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-816035.pdf"
},
{
"title": "SINEMA Remote Connect Server Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=160599"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=fca44ead56f8a2ad37bac49a2ac59b6c"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-31338"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012376"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1679"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-15",
"trust": 1.0
},
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "others (CWE-Other) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-012376"
},
{
"db": "NVD",
"id": "CVE-2021-31338"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-816035.pdf"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31338"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-816035.txt"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-391086"
},
{
"db": "VULMON",
"id": "CVE-2021-31338"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012376"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1679"
},
{
"db": "NVD",
"id": "CVE-2021-31338"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-391086"
},
{
"db": "VULMON",
"id": "CVE-2021-31338"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012376"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1679"
},
{
"db": "NVD",
"id": "CVE-2021-31338"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-19T00:00:00",
"db": "VULHUB",
"id": "VHN-391086"
},
{
"date": "2021-08-19T00:00:00",
"db": "VULMON",
"id": "CVE-2021-31338"
},
{
"date": "2022-08-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-012376"
},
{
"date": "2021-08-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-1679"
},
{
"date": "2021-08-19T16:15:12.243000",
"db": "NVD",
"id": "CVE-2021-31338"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-26T00:00:00",
"db": "VULHUB",
"id": "VHN-391086"
},
{
"date": "2021-08-26T00:00:00",
"db": "VULMON",
"id": "CVE-2021-31338"
},
{
"date": "2022-08-30T05:33:00",
"db": "JVNDB",
"id": "JVNDB-2021-012376"
},
{
"date": "2021-08-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-1679"
},
{
"date": "2021-08-26T11:52:17.950000",
"db": "NVD",
"id": "CVE-2021-31338"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-1679"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SINEMA\u00a0Remote\u00a0Connect\u00a0Client\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-012376"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-1679"
}
],
"trust": 0.6
}
}
var-201602-0004
Vulnerability from variot
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. GNU glibc is an open source C language compiler released under the LGPL license agreement. It is an implementation of the C library in the Linux operating system.
There is a stack overflow vulnerability in the getaddrinfo function in glibc when processing a specific DNS response packet. An attacker can use the vulnerability to launch an attack on a Linux host or related devices by constructing a malicious DNS service or using a man-in-the-middle attack, which results in remote code execution and can be obtained. User terminal control.
This update also fixes the following bugs:
-
The dynamic loader has been enhanced to allow the loading of more shared libraries that make use of static thread local storage. While static thread local storage is the fastest access mechanism it may also prevent the shared library from being loaded at all since the static storage space is a limited and shared process-global resource. Applications which would previously fail with "dlopen: cannot load any more object with static TLS" should now start up correctly. (BZ#1291270)
-
A bug in the POSIX realtime support would cause asynchronous I/O or certain timer API calls to fail and return errors in the presence of large thread-local storage data that exceeded PTHREAD_STACK_MIN in size (generally 16 KiB). The bug in librt has been corrected and the impacted APIs no longer return errors when large thread-local storage data is present in the application. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c04989404
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04989404 Version: 3
HPSBGN03547 rev.3 - HPE Helion Eucalyptus Node Controller and other Helion Eucalyptus Components using glibc, Remote Arbitrary Code Execution
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2016-02-18 Last Updated: 2016-04-29
Potential Security Impact: Remote Arbitrary Code Execution, Denial of Service (DoS)
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY A security vulnerability in glibc has been addressed with HPE Helion Eucalyptus Node Controller and other Helion Eucalyptus components. The vulnerability could be exploited remotely resulting in arbitrary execution of code.
- Helion Eucalyptus Node Controller (NC) components are confirmed to be affected by the vulnerability. Other Helion Eucalyptus components and pre-bundled service EMIs do not directly expose the vulnerability, but because glibc is a commonly used library on Linux, the exact exposure is hard to determine. Any software performing domain name resolution is potentially vulnerable.
References:
- CVE-2015-7547
- PSRT110035
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
- HPE Helion Eucalyptus Node Controller 4.2.2 and earlier
- HPE Helion Eucalyptus Service components EMIs for Load Balancing and Imaging services package "eucalyptus-service-image-1.48-0.87.99" and earlier
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2015-7547 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HPE has made the following software updates and workaround information available to resolve the vulnerability with glibc for HPE Helion Eucalyptus.
-
All hosts running HPE Helion Eucalyptus services should be upgraded to the latest glibc. Updated glibc packages are available for RHEL and CentOS:
https://access.redhat.com/articles/2161461
RHEL Note: After following the guidelines for RHEL, a reboot is the safest and recommended way to ensure that updates takes effect for all services.
Workaround:
As a cloud administrator:
1) create an update-glibc script with the following content:
#! /bin/bash
yum update -y glibc
2) set the following cloud properties to use that script on instance start:
euctl services.imaging.worker.init_script=@update-glibc
euctl services.loadbalancing.worker.init_script=@update-glibc
This script will be automatically executed for each of the new instances started from the service image. For instances that are already running, the cloud administrator will need to terminate them and start again for the script to take effect. More specifically, for the Load Balancing service, the cloud admin needs to find all instances running under the "(eucalyptus)loadbalancing" account:
# euare-accountlist | grep loadbalancing
(eucalyptus)loadbalancing <accnt_id>
# euca-describe-instances verbose | grep <accnt_id>
And terminate them using euca-terminate-instances. New updated instances will be started automatically after that.
For the Imaging Service, the imaging worker needs to be terminated and started again:
# esi-manage-stack -a delete imaging
# esi-manage-stack -a create imaging
HISTORY Version:1 (rev.1) - 17 February 2016 Initial release Version:2 (rev.2) - 28 April 2016 Update Helion Eucalyptus Service EMI eucalyptus-service-image-1.57-0.93.110.el6 now available Version:2 (rev.2) - 28 April 2016 Update Helion Eucalyptus Service EMI eucalyptus-service-image-1.57-0.93.110.el6 now available Version:3 (rev.3) - 29 April 2016 Changed impacted version from 4.2.1 to 4.2.2 and earlier
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability with any HPE supported product, send Email to: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: glibc security update Advisory ID: RHSA-2016:0225-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0225.html Issue date: 2016-02-16 CVE Names: CVE-2015-7547 =====================================================================
- Summary:
Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 6.2, 6.4, and 6.5 Advanced Update Support, and Red Hat Enterprise Linux 6.6 and 7.1 Extended Update Support.
Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux ComputeNode EUS (v. 7.1) - x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.1) - x86_64 Red Hat Enterprise Linux HPC Node EUS (v. 6.6) - x86_64 Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.6) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.2) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.4) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server EUS (v. 6.6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server EUS (v. 7.1) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.2) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.4) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.1) - ppc64, ppc64le, s390x, x86_64
- Description:
The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.
A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module. (CVE-2015-7547)
This issue was discovered by the Google Security Team and Red Hat.
All glibc users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1293532 - CVE-2015-7547 glibc: getaddrinfo stack-based buffer overflow
- Package List:
Red Hat Enterprise Linux HPC Node EUS (v. 6.6):
Source: glibc-2.12-1.149.el6_6.11.src.rpm
x86_64: glibc-2.12-1.149.el6_6.11.i686.rpm glibc-2.12-1.149.el6_6.11.x86_64.rpm glibc-common-2.12-1.149.el6_6.11.x86_64.rpm glibc-debuginfo-2.12-1.149.el6_6.11.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.11.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.x86_64.rpm glibc-devel-2.12-1.149.el6_6.11.i686.rpm glibc-devel-2.12-1.149.el6_6.11.x86_64.rpm glibc-headers-2.12-1.149.el6_6.11.x86_64.rpm glibc-utils-2.12-1.149.el6_6.11.x86_64.rpm nscd-2.12-1.149.el6_6.11.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.6):
x86_64: glibc-debuginfo-2.12-1.149.el6_6.11.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.11.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.x86_64.rpm glibc-static-2.12-1.149.el6_6.11.i686.rpm glibc-static-2.12-1.149.el6_6.11.x86_64.rpm
Red Hat Enterprise Linux Server AUS (v. 6.2):
Source: glibc-2.12-1.47.el6_2.17.src.rpm
x86_64: glibc-2.12-1.47.el6_2.17.i686.rpm glibc-2.12-1.47.el6_2.17.x86_64.rpm glibc-common-2.12-1.47.el6_2.17.x86_64.rpm glibc-debuginfo-2.12-1.47.el6_2.17.i686.rpm glibc-debuginfo-2.12-1.47.el6_2.17.x86_64.rpm glibc-debuginfo-common-2.12-1.47.el6_2.17.i686.rpm glibc-debuginfo-common-2.12-1.47.el6_2.17.x86_64.rpm glibc-devel-2.12-1.47.el6_2.17.i686.rpm glibc-devel-2.12-1.47.el6_2.17.x86_64.rpm glibc-headers-2.12-1.47.el6_2.17.x86_64.rpm glibc-utils-2.12-1.47.el6_2.17.x86_64.rpm nscd-2.12-1.47.el6_2.17.x86_64.rpm
Red Hat Enterprise Linux Server AUS (v. 6.4):
Source: glibc-2.12-1.107.el6_4.9.src.rpm
x86_64: glibc-2.12-1.107.el6_4.9.i686.rpm glibc-2.12-1.107.el6_4.9.x86_64.rpm glibc-common-2.12-1.107.el6_4.9.x86_64.rpm glibc-debuginfo-2.12-1.107.el6_4.9.i686.rpm glibc-debuginfo-2.12-1.107.el6_4.9.x86_64.rpm glibc-debuginfo-common-2.12-1.107.el6_4.9.i686.rpm glibc-debuginfo-common-2.12-1.107.el6_4.9.x86_64.rpm glibc-devel-2.12-1.107.el6_4.9.i686.rpm glibc-devel-2.12-1.107.el6_4.9.x86_64.rpm glibc-headers-2.12-1.107.el6_4.9.x86_64.rpm glibc-utils-2.12-1.107.el6_4.9.x86_64.rpm nscd-2.12-1.107.el6_4.9.x86_64.rpm
Red Hat Enterprise Linux Server AUS (v. 6.5):
Source: glibc-2.12-1.132.el6_5.7.src.rpm
x86_64: glibc-2.12-1.132.el6_5.7.i686.rpm glibc-2.12-1.132.el6_5.7.x86_64.rpm glibc-common-2.12-1.132.el6_5.7.x86_64.rpm glibc-debuginfo-2.12-1.132.el6_5.7.i686.rpm glibc-debuginfo-2.12-1.132.el6_5.7.x86_64.rpm glibc-debuginfo-common-2.12-1.132.el6_5.7.i686.rpm glibc-debuginfo-common-2.12-1.132.el6_5.7.x86_64.rpm glibc-devel-2.12-1.132.el6_5.7.i686.rpm glibc-devel-2.12-1.132.el6_5.7.x86_64.rpm glibc-headers-2.12-1.132.el6_5.7.x86_64.rpm glibc-utils-2.12-1.132.el6_5.7.x86_64.rpm nscd-2.12-1.132.el6_5.7.x86_64.rpm
Red Hat Enterprise Linux Server EUS (v. 6.6):
Source: glibc-2.12-1.149.el6_6.11.src.rpm
i386: glibc-2.12-1.149.el6_6.11.i686.rpm glibc-common-2.12-1.149.el6_6.11.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.11.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.i686.rpm glibc-devel-2.12-1.149.el6_6.11.i686.rpm glibc-headers-2.12-1.149.el6_6.11.i686.rpm glibc-utils-2.12-1.149.el6_6.11.i686.rpm nscd-2.12-1.149.el6_6.11.i686.rpm
ppc64: glibc-2.12-1.149.el6_6.11.ppc.rpm glibc-2.12-1.149.el6_6.11.ppc64.rpm glibc-common-2.12-1.149.el6_6.11.ppc64.rpm glibc-debuginfo-2.12-1.149.el6_6.11.ppc.rpm glibc-debuginfo-2.12-1.149.el6_6.11.ppc64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.ppc.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.ppc64.rpm glibc-devel-2.12-1.149.el6_6.11.ppc.rpm glibc-devel-2.12-1.149.el6_6.11.ppc64.rpm glibc-headers-2.12-1.149.el6_6.11.ppc64.rpm glibc-utils-2.12-1.149.el6_6.11.ppc64.rpm nscd-2.12-1.149.el6_6.11.ppc64.rpm
s390x: glibc-2.12-1.149.el6_6.11.s390.rpm glibc-2.12-1.149.el6_6.11.s390x.rpm glibc-common-2.12-1.149.el6_6.11.s390x.rpm glibc-debuginfo-2.12-1.149.el6_6.11.s390.rpm glibc-debuginfo-2.12-1.149.el6_6.11.s390x.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.s390.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.s390x.rpm glibc-devel-2.12-1.149.el6_6.11.s390.rpm glibc-devel-2.12-1.149.el6_6.11.s390x.rpm glibc-headers-2.12-1.149.el6_6.11.s390x.rpm glibc-utils-2.12-1.149.el6_6.11.s390x.rpm nscd-2.12-1.149.el6_6.11.s390x.rpm
x86_64: glibc-2.12-1.149.el6_6.11.i686.rpm glibc-2.12-1.149.el6_6.11.x86_64.rpm glibc-common-2.12-1.149.el6_6.11.x86_64.rpm glibc-debuginfo-2.12-1.149.el6_6.11.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.11.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.x86_64.rpm glibc-devel-2.12-1.149.el6_6.11.i686.rpm glibc-devel-2.12-1.149.el6_6.11.x86_64.rpm glibc-headers-2.12-1.149.el6_6.11.x86_64.rpm glibc-utils-2.12-1.149.el6_6.11.x86_64.rpm nscd-2.12-1.149.el6_6.11.x86_64.rpm
Red Hat Enterprise Linux Server Optional AUS (v. 6.2):
Source: glibc-2.12-1.47.el6_2.17.src.rpm
x86_64: glibc-debuginfo-2.12-1.47.el6_2.17.i686.rpm glibc-debuginfo-2.12-1.47.el6_2.17.x86_64.rpm glibc-debuginfo-common-2.12-1.47.el6_2.17.i686.rpm glibc-debuginfo-common-2.12-1.47.el6_2.17.x86_64.rpm glibc-static-2.12-1.47.el6_2.17.i686.rpm glibc-static-2.12-1.47.el6_2.17.x86_64.rpm
Red Hat Enterprise Linux Server Optional AUS (v. 6.4):
Source: glibc-2.12-1.107.el6_4.9.src.rpm
x86_64: glibc-debuginfo-2.12-1.107.el6_4.9.i686.rpm glibc-debuginfo-2.12-1.107.el6_4.9.x86_64.rpm glibc-debuginfo-common-2.12-1.107.el6_4.9.i686.rpm glibc-debuginfo-common-2.12-1.107.el6_4.9.x86_64.rpm glibc-static-2.12-1.107.el6_4.9.i686.rpm glibc-static-2.12-1.107.el6_4.9.x86_64.rpm
Red Hat Enterprise Linux Server Optional AUS (v. 6.5):
Source: glibc-2.12-1.132.el6_5.7.src.rpm
x86_64: glibc-debuginfo-2.12-1.132.el6_5.7.i686.rpm glibc-debuginfo-2.12-1.132.el6_5.7.x86_64.rpm glibc-debuginfo-common-2.12-1.132.el6_5.7.i686.rpm glibc-debuginfo-common-2.12-1.132.el6_5.7.x86_64.rpm glibc-static-2.12-1.132.el6_5.7.i686.rpm glibc-static-2.12-1.132.el6_5.7.x86_64.rpm
Red Hat Enterprise Linux Server Optional EUS (v. 6.6):
i386: glibc-debuginfo-2.12-1.149.el6_6.11.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.i686.rpm glibc-static-2.12-1.149.el6_6.11.i686.rpm
ppc64: glibc-debuginfo-2.12-1.149.el6_6.11.ppc.rpm glibc-debuginfo-2.12-1.149.el6_6.11.ppc64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.ppc.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.ppc64.rpm glibc-static-2.12-1.149.el6_6.11.ppc.rpm glibc-static-2.12-1.149.el6_6.11.ppc64.rpm
s390x: glibc-debuginfo-2.12-1.149.el6_6.11.s390.rpm glibc-debuginfo-2.12-1.149.el6_6.11.s390x.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.s390.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.s390x.rpm glibc-static-2.12-1.149.el6_6.11.s390.rpm glibc-static-2.12-1.149.el6_6.11.s390x.rpm
x86_64: glibc-debuginfo-2.12-1.149.el6_6.11.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.11.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.x86_64.rpm glibc-static-2.12-1.149.el6_6.11.i686.rpm glibc-static-2.12-1.149.el6_6.11.x86_64.rpm
Red Hat Enterprise Linux ComputeNode EUS (v. 7.1):
Source: glibc-2.17-79.el7_1.4.src.rpm
x86_64: glibc-2.17-79.el7_1.4.i686.rpm glibc-2.17-79.el7_1.4.x86_64.rpm glibc-common-2.17-79.el7_1.4.x86_64.rpm glibc-debuginfo-2.17-79.el7_1.4.i686.rpm glibc-debuginfo-2.17-79.el7_1.4.x86_64.rpm glibc-debuginfo-common-2.17-79.el7_1.4.i686.rpm glibc-debuginfo-common-2.17-79.el7_1.4.x86_64.rpm glibc-devel-2.17-79.el7_1.4.i686.rpm glibc-devel-2.17-79.el7_1.4.x86_64.rpm glibc-headers-2.17-79.el7_1.4.x86_64.rpm glibc-utils-2.17-79.el7_1.4.x86_64.rpm nscd-2.17-79.el7_1.4.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.1):
x86_64: glibc-debuginfo-2.17-79.el7_1.4.i686.rpm glibc-debuginfo-2.17-79.el7_1.4.x86_64.rpm glibc-debuginfo-common-2.17-79.el7_1.4.i686.rpm glibc-debuginfo-common-2.17-79.el7_1.4.x86_64.rpm glibc-static-2.17-79.el7_1.4.i686.rpm glibc-static-2.17-79.el7_1.4.x86_64.rpm
Red Hat Enterprise Linux Server EUS (v. 7.1):
Source: glibc-2.17-79.el7_1.4.src.rpm
ppc64: glibc-2.17-79.el7_1.4.ppc.rpm glibc-2.17-79.el7_1.4.ppc64.rpm glibc-common-2.17-79.el7_1.4.ppc64.rpm glibc-debuginfo-2.17-79.el7_1.4.ppc.rpm glibc-debuginfo-2.17-79.el7_1.4.ppc64.rpm glibc-debuginfo-common-2.17-79.el7_1.4.ppc.rpm glibc-debuginfo-common-2.17-79.el7_1.4.ppc64.rpm glibc-devel-2.17-79.el7_1.4.ppc.rpm glibc-devel-2.17-79.el7_1.4.ppc64.rpm glibc-headers-2.17-79.el7_1.4.ppc64.rpm glibc-utils-2.17-79.el7_1.4.ppc64.rpm nscd-2.17-79.el7_1.4.ppc64.rpm
s390x: glibc-2.17-79.el7_1.4.s390.rpm glibc-2.17-79.el7_1.4.s390x.rpm glibc-common-2.17-79.el7_1.4.s390x.rpm glibc-debuginfo-2.17-79.el7_1.4.s390.rpm glibc-debuginfo-2.17-79.el7_1.4.s390x.rpm glibc-debuginfo-common-2.17-79.el7_1.4.s390.rpm glibc-debuginfo-common-2.17-79.el7_1.4.s390x.rpm glibc-devel-2.17-79.el7_1.4.s390.rpm glibc-devel-2.17-79.el7_1.4.s390x.rpm glibc-headers-2.17-79.el7_1.4.s390x.rpm glibc-utils-2.17-79.el7_1.4.s390x.rpm nscd-2.17-79.el7_1.4.s390x.rpm
x86_64: glibc-2.17-79.el7_1.4.i686.rpm glibc-2.17-79.el7_1.4.x86_64.rpm glibc-common-2.17-79.el7_1.4.x86_64.rpm glibc-debuginfo-2.17-79.el7_1.4.i686.rpm glibc-debuginfo-2.17-79.el7_1.4.x86_64.rpm glibc-debuginfo-common-2.17-79.el7_1.4.i686.rpm glibc-debuginfo-common-2.17-79.el7_1.4.x86_64.rpm glibc-devel-2.17-79.el7_1.4.i686.rpm glibc-devel-2.17-79.el7_1.4.x86_64.rpm glibc-headers-2.17-79.el7_1.4.x86_64.rpm glibc-utils-2.17-79.el7_1.4.x86_64.rpm nscd-2.17-79.el7_1.4.x86_64.rpm
Red Hat Enterprise Linux Server EUS (v. 7.1):
Source: glibc-2.17-79.ael7b_1.4.src.rpm
ppc64le: glibc-2.17-79.ael7b_1.4.ppc64le.rpm glibc-common-2.17-79.ael7b_1.4.ppc64le.rpm glibc-debuginfo-2.17-79.ael7b_1.4.ppc64le.rpm glibc-debuginfo-common-2.17-79.ael7b_1.4.ppc64le.rpm glibc-devel-2.17-79.ael7b_1.4.ppc64le.rpm glibc-headers-2.17-79.ael7b_1.4.ppc64le.rpm glibc-utils-2.17-79.ael7b_1.4.ppc64le.rpm nscd-2.17-79.ael7b_1.4.ppc64le.rpm
Red Hat Enterprise Linux Server Optional EUS (v. 7.1):
ppc64: glibc-debuginfo-2.17-79.el7_1.4.ppc.rpm glibc-debuginfo-2.17-79.el7_1.4.ppc64.rpm glibc-debuginfo-common-2.17-79.el7_1.4.ppc.rpm glibc-debuginfo-common-2.17-79.el7_1.4.ppc64.rpm glibc-static-2.17-79.el7_1.4.ppc.rpm glibc-static-2.17-79.el7_1.4.ppc64.rpm
s390x: glibc-debuginfo-2.17-79.el7_1.4.s390.rpm glibc-debuginfo-2.17-79.el7_1.4.s390x.rpm glibc-debuginfo-common-2.17-79.el7_1.4.s390.rpm glibc-debuginfo-common-2.17-79.el7_1.4.s390x.rpm glibc-static-2.17-79.el7_1.4.s390.rpm glibc-static-2.17-79.el7_1.4.s390x.rpm
x86_64: glibc-debuginfo-2.17-79.el7_1.4.i686.rpm glibc-debuginfo-2.17-79.el7_1.4.x86_64.rpm glibc-debuginfo-common-2.17-79.el7_1.4.i686.rpm glibc-debuginfo-common-2.17-79.el7_1.4.x86_64.rpm glibc-static-2.17-79.el7_1.4.i686.rpm glibc-static-2.17-79.el7_1.4.x86_64.rpm
Red Hat Enterprise Linux Server Optional EUS (v. 7.1):
ppc64le: glibc-debuginfo-2.17-79.ael7b_1.4.ppc64le.rpm glibc-debuginfo-common-2.17-79.ael7b_1.4.ppc64le.rpm glibc-static-2.17-79.ael7b_1.4.ppc64le.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2015-7547 https://access.redhat.com/security/updates/classification/#critical https://access.redhat.com/articles/2161461
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFWw0rVXlSAg2UNWIIRAoWoAJ93rclEfn9JUszTFNh+0YlrV1LDvgCdHL4z ZcaJTtI1osFTTkgVY6t05d0= =2Ia0 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/glibc-2.17-i486-11_slack14.1.txz: Rebuilt. However, due to a patch applied to Slackware's glibc back in 2009 (don't use the gethostbyname4() lookup method as it was causing some cheap routers to misbehave), we were not vulnerable to that issue. Nevertheless it seems prudent to patch the overflows anyway even if we're not currently using the code in question. Thanks to mancha for the backported patch. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7547 ( Security fix ) patches/packages/glibc-i18n-2.17-i486-11_slack14.1.txz: Rebuilt. patches/packages/glibc-profile-2.17-i486-11_slack14.1.txz: Rebuilt. patches/packages/glibc-solibs-2.17-i486-11_slack14.1.txz: Rebuilt. +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/glibc-2.17-i486-11_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/glibc-i18n-2.17-i486-11_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/glibc-profile-2.17-i486-11_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/glibc-solibs-2.17-i486-11_slack14.1.txz
Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/glibc-2.17-x86_64-11_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/glibc-i18n-2.17-x86_64-11_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/glibc-profile-2.17-x86_64-11_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/glibc-solibs-2.17-x86_64-11_slack14.1.txz
Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/glibc-solibs-2.23-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-2.23-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-i18n-2.23-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-profile-2.23-i586-1.txz
Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/glibc-solibs-2.23-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-2.23-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-i18n-2.23-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-profile-2.23-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 14.1 packages: 4c56432d638adc8098661cfa818b5bc9 glibc-2.17-i486-11_slack14.1.txz 5c316d6b0a8970fe15fbdf2adff8de19 glibc-i18n-2.17-i486-11_slack14.1.txz a937d842e5ca3d0b125230c23285f8f4 glibc-profile-2.17-i486-11_slack14.1.txz 442f01d094d350612c1fb1fcb5e7fbe7 glibc-solibs-2.17-i486-11_slack14.1.txz
Slackware x86_64 14.1 packages: eec88d584a79909ec79aae1c43c330d3 glibc-2.17-x86_64-11_slack14.1.txz d8b396eb6ada65d1555e3cf0fb8246c2 glibc-i18n-2.17-x86_64-11_slack14.1.txz e7deaabfe3e467cbde10ba5b7748bbbb glibc-profile-2.17-x86_64-11_slack14.1.txz 629c93f0e510d354ff66e61f1ebe8b67 glibc-solibs-2.17-x86_64-11_slack14.1.txz
Slackware -current packages: b11873e4f851a600b57a2e7a2ac8f472 a/glibc-solibs-2.23-i586-1.txz 5116eec63fab5e7dbc58d27fecd48684 l/glibc-2.23-i586-1.txz ae9b8a8e4ead59aa398212d6893d7ddc l/glibc-i18n-2.23-i586-1.txz 61154e43ee4c0739dd5d3c4ce3b60ae6 l/glibc-profile-2.23-i586-1.txz
Slackware x86_64 -current packages: c48a55c8a39dc8e17e04796e4f160bd0 a/glibc-solibs-2.23-x86_64-1.txz 36104e1a004b0e97d193c2132f18222d l/glibc-2.23-x86_64-1.txz e0415f66d17323c8f6df339cfd49051b l/glibc-i18n-2.23-x86_64-1.txz f5433793e9da696a60f2445559f1d33f l/glibc-profile-2.23-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the packages as root:
upgradepkg glibc-*.txz
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. SEC Consult Vulnerability Lab Security Advisory < 20190904-0 > ======================================================================= title: Multiple vulnerabilities product: Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P, Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160, Cisco 160W vulnerable version: Cisco RV34X - 1.0.02.16, Cisco RV16X/26X - 1.0.00.15 fixed version: see "Solution" CVE number: - impact: High homepage: https://www.cisco.com/ found: 2019-05-15 by: T. Weber, S. Viehböck (Office Vienna) IoT Inspector SEC Consult Vulnerability Lab
An integrated part of SEC Consult
Europe | Asia | North America
https://www.sec-consult.com
=======================================================================
Vendor description:
"Securely connecting your small business to the outside world is as important as connecting your internal network devices to one another. Cisco Small Business RV Series Routers offer virtual private networking (VPN) technology so your remote workers can connect to your network through a secure Internet pathway."
Source: https://www.cisco.com/c/en/us/products/routers/small-business-rv-series-routers/index.html
Business recommendation:
We want to thank Cisco for the very quick and professional response and great coordination. Customers are urged to update the firmware of their devices.
Vulnerability overview/description:
1) Hardcoded Credentials The device contains hardcoded users and passwords which can be used to login via SSH on an emulated device at least.
During the communication with Cisco it turned out that: "Accounts like the 'debug-admin' and 'root' can not be accessed from console port, CLI or webui". Therefore, these accounts had no real functionality and cannot be used for malicious actions.
2) Known GNU glibc Vulnerabilities The used GNU glibc in version 2.19 is outdated and contains multiple known vulnerabilities. The outdated version was found by IoT Inspector.
3) Known BusyBox Vulnerabilities The used BusyBox toolkit in version 1.23.2 is outdated and contains multiple known vulnerabilities. The outdated version was found by IoT Inspector. One of the discovered vulnerabilities (CVE-2017-16544) was verified by using the MEDUSA scaleable firmware runtime.
4) Multiple Vulnerabilities - IoT Inspector Report Further information can be found in IoT Inspector report: https://r.sec-consult.com/ciscoiot
Proof of concept:
1) Hardcoded Credentials The following hardcoded hashes were found in the 'shadow' file of the firmware: root:$1$hPNSjUZA$7eKqEpqVYltt9xJ6f0OGf0:15533:0:99999:7::: debug-admin:$1$.AAm0iJ4$na9wZwly9pSrdS8MhcGKw/:15541:0:99999:7::: [...]
The undocumented user 'debug-admin' is also contained in this file.
Starting the dropbear daemon as background process on emulated firmware:
dropbear -E
[1109] Running in background
[1112] Child connection from :52718
[1112] /var must be owned by user or root, and not writable by others [1112] Password auth succeeded for 'debug-admin' from :52718
Log on via another host connected to the same network. For this PoC the password of the debug-admin was changed in the 'shadow' file.
[root@localhost medusa]# ssh debug-admin@ /bin/ash -i debug-admin@'s password: /bin/ash: can't access tty; job control turned off
BusyBox v1.23.2 (2018-11-21 18:22:56 IST) built-in shell (ash)
/tmp $
The 'debug-admin' user has the same privileges like 'root'. This can be determined from the corresponding sudoers file in the firmware: [...]
User privilege specification
root ALL=(ALL) ALL debug-admin ALL=(ALL) ALL
Uncomment to allow members of group wheel to execute any command
%wheel ALL=(ALL) ALL
[...]
During the communication with Cisco it turned out that: "Accounts like the 'debug-admin' and 'root' can not be accessed from console port, CLI or webui". Therefore, these accounts had no real functionality and cannot be used for malicious actions.
2) Known GNU glibc Vulnerabilities GNU glibc version 2.19 contains multiple CVEs like: CVE-2014-4043, CVE-2014-9402, CVE-2014-9761, CVE-2014-9984, CVE-2015-1472, CVE-2015-5277, CVE-2015-8778, CVE-2015-8779, CVE-2017-1000366 and more. It was compiled and executed on the emulated device to test the system.
python cve-2015-7547-poc.py &
[1] 961
chroot /medusa_rootfs/ bin/ash
BusyBox v1.23.2 (2018-11-21 18:22:56 IST) built-in shell (ash)
gdb cve-2015-7547_glibc_getaddrinfo
[...] [UDP] Total Data len recv 36 [UDP] Total Data len recv 36 Connected with 127.0.0.1:41782 [TCP] Total Data len recv 76 [TCP] Request1 len recv 36 [TCP] Request2 len recv 36 Cannot access memory at address 0x4
Program received signal SIGSEGV, Segmentation fault. 0x76f1fd58 in ?? () from /lib/libc.so.6 (gdb)
References: https://security.googleblog.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html https://github.com/fjserna/CVE-2015-7547
3) Known BusyBox Vulnerabilities BusyBox version 1.23.2 contains multiple CVEs like: CVE-2016-2148, CVE-2016-6301, CVE-2015-9261, CVE-2016-2147, CVE-2018-20679, CVE-2017-16544 and CVE-2019-5747. The BusyBox shell autocompletion vulnerability (CVE-2017-16544) was verified on an emulated device:
A file with the name "\ectest\n\e]55;test.txt\a" was created to trigger the vulnerability.
ls "pressing "
test ]55;test.txt
4) Multiple Vulnerabilities - IoT Inspector Report Further information can be found in IoT Inspector report: https://r.sec-consult.com/ciscoiot
The summary is below: IoT Inspector Vulnerability #1 BusyBox CVE entries Outdated BusyBox version is affected by 7 published CVEs.
IoT Inspector Vulnerability #2 curl CVE entries Outdated curl version is affected by 35 published CVEs.
IoT Inspector Vulnerability #3 GNU glibc CVE entries Outdated GNU glibc version is affected by 44 published CVEs.
IoT Inspector Vulnerability #5 Hardcoded password hashes Firmware contains multiple hardcoded credentials.
IoT Inspector Vulnerability #6 Linux Kernel CVE entries Outdated Linux Kernel version affected by 512 published CVEs.
IoT Inspector Vulnerability #7 MiniUPnPd CVE entries Outdated MiniUPnPd version affected by 2 published CVEs.
IoT Inspector Vulnerability #8 Dnsmasq CVE entries Outdated MiniUPnPd version affected by 1 published CVE.
IoT Inspector Vulnerability #9 Linux Kernel Privilege Escalation “pp_key” Outdated Linux Kernel version is affected by CVE-2015-7547.
IoT Inspector Vulnerability #10 OpenSSL CVE entries Outdated OpenSSL version affected by 6 published CVEs.
Vulnerable / tested versions:
The following firmware versions have been tested with IoT Inspector and firmware emulation techniques: Cisco RV340 / 1.0.02.16 Cisco RV340W / 1.0.02.16 Cisco RV345 / 1.0.02.16 Cisco RV345P / 1.0.02.16 The following firmware versions have been tested with IoT Inspector only: Cisco RV260 / 1.0.00.15 Cisco RV260P / 1.0.00.15 Cisco RV260W / 1.0.00.15 Cisco RV160 / 1.0.00.15 Cisco RV160P / 1.0.00.15
The firmware was obtained from the vendor website: https://software.cisco.com/download/home/286287791/type/282465789/release/1.0.02.16 https://software.cisco.com/download/home/286316464/type/282465789/release/1.0.00.15
Vendor contact timeline:
2019-05-15: Contacting vendor through psirt@cisco.com. 2019-05-16: Vendor confirmed the receipt. 2019-05-2019-08: Periodic updates about the investigation from the vendor. Clarification which of the reported issues will be fixed. 2019-08-20: The vendor proposed the next possible publication date for the advisory for 2019-09-04. The vendor added the RV160 and RV260 router series to be vulnerable to the same issues too. 2019-09-04: Coordinated advisory release.
Solution:
Upgrade to the newest available firmware version.
Additionally, the vendor provides the following security notice: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190904-sb-vpnrouter
Workaround:
None.
Advisory URL:
https://www.sec-consult.com/en/vulnerability-lab/advisories/index.html
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SEC Consult Vulnerability Lab
SEC Consult Europe | Asia | North America
About SEC Consult Vulnerability Lab The SEC Consult Vulnerability Lab is an integrated part of SEC Consult. It ensures the continued knowledge gain of SEC Consult in the field of network and application security to stay ahead of the attacker. The SEC Consult Vulnerability Lab supports high-quality penetration testing and the evaluation of new offensive and defensive technologies for our customers. Hence our customers obtain the most current information about vulnerabilities and valid recommendation about the risk profile of new technologies.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Interested to work with the experts of SEC Consult? Send us your application https://www.sec-consult.com/en/career/index.html
Interested in improving your cyber security with the experts of SEC Consult? Contact our local offices https://www.sec-consult.com/en/contact/index.html ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Mail: research at sec-consult dot com Web: https://www.sec-consult.com Blog: http://blog.sec-consult.com Twitter: https://twitter.com/sec_consult
EOF T. Weber / @2019
.
The first vulnerability listed below is considered to have critical impact.
CVE-2015-7547
The Google Security Team and Red Hat discovered that the glibc
host name resolver function, getaddrinfo, when processing
AF_UNSPEC queries (for dual A/AAAA lookups), could mismanage its
internal buffers, leading to a stack-based buffer overflow and
arbitrary code execution. This vulnerability affects most
applications which perform host name resolution using getaddrinfo,
including system services.
CVE-2015-8776
Adam Nielsen discovered that if an invalid separated time value
is passed to strftime, the strftime function could crash or leak
information. Applications normally pass only valid time
information to strftime; no affected applications are known.
CVE-2015-8778
Szabolcs Nagy reported that the rarely-used hcreate and hcreate_r
functions did not check the size argument properly, leading to a
crash (denial of service) for certain arguments. No impacted
applications are known at this time.
CVE-2015-8779
The catopen function contains several unbound stack allocations
(stack overflows), causing it the crash the process (denial of
service). No applications where this issue has a security impact
are currently known.
While it is only necessary to ensure that all processes are not using the old glibc anymore, it is recommended to reboot the machines after applying the security upgrade.
For the stable distribution (jessie), these problems have been fixed in version 2.19-18+deb8u3.
For the unstable distribution (sid), these problems will be fixed in version 2.21-8
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201602-0004",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 2.0,
"vendor": "suse",
"version": "12"
},
{
"model": "exalogic infrastructure",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.0"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.11"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.19"
},
{
"model": "unified threat management software",
"scope": "eq",
"trust": 1.0,
"vendor": "sophos",
"version": "9.319"
},
{
"model": "helion openstack",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "1.1.1"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "13.2"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.21"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "big-ip policy enforcement manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.10.1"
},
{
"model": "linux enterprise desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "12"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.14.1"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.18"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.11.1"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "server migration pack",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "7.5"
},
{
"model": "unified threat management software",
"scope": "eq",
"trust": 1.0,
"vendor": "sophos",
"version": "9.355"
},
{
"model": "big-ip application acceleration manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "exalogic infrastructure",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "big-ip analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "linux enterprise software development kit",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "11.0"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.12.2"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.12"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "12.04"
},
{
"model": "helion openstack",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "2.1.0"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.20"
},
{
"model": "helion openstack",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "2.0.0"
},
{
"model": "big-ip local traffic manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.13"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.12.1"
},
{
"model": "fujitsu m10",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "2290"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.11.2"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "15.10"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.9"
},
{
"model": "enterprise linux hpc node eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.14"
},
{
"model": "big-ip access policy manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.11.3"
},
{
"model": "linux enterprise debuginfo",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "11.0"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.22"
},
{
"model": "big-ip application security manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "linux enterprise software development kit",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "12"
},
{
"model": "big-ip advanced firewall manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.10"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.15"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.17"
},
{
"model": "big-ip domain name system",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.16"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "linux enterprise desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "11.0"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "11.0"
},
{
"model": "glibc",
"scope": "gt",
"trust": 0.6,
"vendor": "gnu",
"version": "2.9"
},
{
"model": "ape",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "basic rt",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v13"
},
{
"model": "rox ii os",
"scope": "gte",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.3.0\u003c=v2.9.0"
},
{
"model": "scalance m-800 s615",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "/"
},
{
"model": "sinema remote connect",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v1.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01100"
},
{
"db": "NVD",
"id": "CVE-2015-7547"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HP",
"sources": [
{
"db": "PACKETSTORM",
"id": "140605"
},
{
"db": "PACKETSTORM",
"id": "136881"
},
{
"db": "PACKETSTORM",
"id": "136988"
},
{
"db": "PACKETSTORM",
"id": "135971"
}
],
"trust": 0.4
},
"cve": "CVE-2015-7547",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2015-7547",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CNVD-2016-01100",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-85508",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2015-7547",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-7547",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2016-01100",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-85508",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01100"
},
{
"db": "VULHUB",
"id": "VHN-85508"
},
{
"db": "NVD",
"id": "CVE-2015-7547"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing \"dual A/AAAA DNS queries\" and the libnss_dns.so.2 NSS module. GNU glibc is an open source C language compiler released under the LGPL license agreement. It is an implementation of the C library in the Linux operating system. \n\nThere is a stack overflow vulnerability in the getaddrinfo function in glibc when processing a specific DNS response packet. An attacker can use the vulnerability to launch an attack on a Linux host or related devices by constructing a malicious DNS service or using a man-in-the-middle attack, which results in remote code execution and can be obtained. User terminal control. \n\nThis update also fixes the following bugs:\n\n* The dynamic loader has been enhanced to allow the loading of more shared\nlibraries that make use of static thread local storage. While static thread\nlocal storage is the fastest access mechanism it may also prevent the\nshared library from being loaded at all since the static storage space is a\nlimited and shared process-global resource. Applications which would\npreviously fail with \"dlopen: cannot load any more object with static TLS\"\nshould now start up correctly. (BZ#1291270)\n\n* A bug in the POSIX realtime support would cause asynchronous I/O or\ncertain timer API calls to fail and return errors in the presence of large\nthread-local storage data that exceeded PTHREAD_STACK_MIN in size\n(generally 16 KiB). The bug in librt has been corrected and the impacted\nAPIs no longer return errors when large thread-local storage data is\npresent in the application. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n\na-c04989404\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04989404\nVersion: 3\n\nHPSBGN03547 rev.3 - HPE Helion Eucalyptus Node Controller and other Helion\nEucalyptus Components using glibc, Remote Arbitrary Code Execution\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2016-02-18\nLast Updated: 2016-04-29\n\nPotential Security Impact: Remote Arbitrary Code Execution, Denial of Service\n(DoS)\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nA security vulnerability in glibc has been addressed with HPE Helion\nEucalyptus Node Controller and other Helion Eucalyptus components. The\nvulnerability could be exploited remotely resulting in arbitrary execution of\ncode. \n\n - Helion Eucalyptus Node Controller (NC) components are confirmed to be\naffected by the vulnerability. Other Helion Eucalyptus components and\npre-bundled service EMIs do not directly expose the vulnerability, but\nbecause glibc is a commonly used library on Linux, the exact exposure is hard\nto determine. Any software performing domain name resolution is potentially\nvulnerable. \n\nReferences:\n\n - CVE-2015-7547\n - PSRT110035\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n - HPE Helion Eucalyptus Node Controller 4.2.2 and earlier\n - HPE Helion Eucalyptus Service components EMIs for Load Balancing and\nImaging services package \"eucalyptus-service-image-1.48-0.87.99\" and earlier\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2015-7547 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHPE has made the following software updates and workaround information\navailable to resolve the vulnerability with glibc for HPE Helion Eucalyptus. \n\n+ All hosts running HPE Helion Eucalyptus services should be upgraded to the\nlatest glibc. Updated glibc packages are available for RHEL and CentOS:\n\n https://access.redhat.com/articles/2161461\n\n **RHEL Note:** After following the guidelines for RHEL, a reboot is the\nsafest and recommended way to ensure that updates takes effect for all\nservices. \n\n**Workaround:**\n\n As a cloud administrator:\n\n 1) create an update-glibc script with the following content:\n\n #! /bin/bash\n yum update -y glibc\n\n 2) set the following cloud properties to use that script on instance start:\n\n euctl services.imaging.worker.init_script=@update-glibc\n euctl services.loadbalancing.worker.init_script=@update-glibc\n\n This script will be automatically executed for each of the new instances\nstarted from the service image. For instances that are already\nrunning, the cloud administrator will need to terminate them and start again\nfor the script to take effect. More specifically, for the Load Balancing\nservice, the cloud admin needs to find all instances running under the\n\"(eucalyptus)loadbalancing\" account:\n\n # euare-accountlist | grep loadbalancing\n (eucalyptus)loadbalancing \u003caccnt_id\u003e\n\n # euca-describe-instances verbose | grep \u003caccnt_id\u003e\n\n And terminate them using euca-terminate-instances. New updated instances\nwill be started automatically after that. \n\n For the Imaging Service, the imaging worker needs to be terminated and\nstarted again:\n\n # esi-manage-stack -a delete imaging\n # esi-manage-stack -a create imaging\n\nHISTORY\nVersion:1 (rev.1) - 17 February 2016 Initial release Version:2 (rev.2) - 28\nApril 2016 Update Helion Eucalyptus Service EMI\neucalyptus-service-image-1.57-0.93.110.el6 now available\nVersion:2 (rev.2) - 28 April 2016 Update Helion Eucalyptus Service EMI\neucalyptus-service-image-1.57-0.93.110.el6 now available\nVersion:3 (rev.3) - 29 April 2016 Changed impacted version from 4.2.1 to\n4.2.2 and earlier\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability with any HPE supported\nproduct, send Email to: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: glibc security update\nAdvisory ID: RHSA-2016:0225-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-0225.html\nIssue date: 2016-02-16\nCVE Names: CVE-2015-7547 \n=====================================================================\n\n1. Summary:\n\nUpdated glibc packages that fix one security issue are now available for\nRed Hat Enterprise Linux 6.2, 6.4, and 6.5 Advanced Update Support, and Red\nHat Enterprise Linux 6.6 and 7.1 Extended Update Support. \n\nRed Hat Product Security has rated this update as having Critical security\nimpact. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available from the CVE link in the\nReferences section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux ComputeNode EUS (v. 7.1) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional EUS (v. 7.1) - x86_64\nRed Hat Enterprise Linux HPC Node EUS (v. 6.6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional EUS (v. 6.6) - x86_64\nRed Hat Enterprise Linux Server AUS (v. 6.2) - x86_64\nRed Hat Enterprise Linux Server AUS (v. 6.4) - x86_64\nRed Hat Enterprise Linux Server AUS (v. 6.5) - x86_64\nRed Hat Enterprise Linux Server EUS (v. 6.6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server EUS (v. 7.1) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional AUS (v. 6.2) - x86_64\nRed Hat Enterprise Linux Server Optional AUS (v. 6.4) - x86_64\nRed Hat Enterprise Linux Server Optional AUS (v. 6.5) - x86_64\nRed Hat Enterprise Linux Server Optional EUS (v. 6.6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional EUS (v. 7.1) - ppc64, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread\nlibraries (libpthread), standard math libraries (libm), and the Name\nServer Caching Daemon (nscd) used by multiple programs on the system. \nWithout these libraries, the Linux system cannot function correctly. \n\nA stack-based buffer overflow was found in the way the libresolv library\nperformed dual A/AAAA DNS queries. Note: this issue is only exposed when libresolv is called from the\nnss_dns NSS service module. (CVE-2015-7547)\n\nThis issue was discovered by the Google Security Team and Red Hat. \n\nAll glibc users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1293532 - CVE-2015-7547 glibc: getaddrinfo stack-based buffer overflow\n\n6. Package List:\n\nRed Hat Enterprise Linux HPC Node EUS (v. 6.6):\n\nSource:\nglibc-2.12-1.149.el6_6.11.src.rpm\n\nx86_64:\nglibc-2.12-1.149.el6_6.11.i686.rpm\nglibc-2.12-1.149.el6_6.11.x86_64.rpm\nglibc-common-2.12-1.149.el6_6.11.x86_64.rpm\nglibc-debuginfo-2.12-1.149.el6_6.11.i686.rpm\nglibc-debuginfo-2.12-1.149.el6_6.11.x86_64.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.11.i686.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.11.x86_64.rpm\nglibc-devel-2.12-1.149.el6_6.11.i686.rpm\nglibc-devel-2.12-1.149.el6_6.11.x86_64.rpm\nglibc-headers-2.12-1.149.el6_6.11.x86_64.rpm\nglibc-utils-2.12-1.149.el6_6.11.x86_64.rpm\nnscd-2.12-1.149.el6_6.11.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional EUS (v. 6.6):\n\nx86_64:\nglibc-debuginfo-2.12-1.149.el6_6.11.i686.rpm\nglibc-debuginfo-2.12-1.149.el6_6.11.x86_64.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.11.i686.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.11.x86_64.rpm\nglibc-static-2.12-1.149.el6_6.11.i686.rpm\nglibc-static-2.12-1.149.el6_6.11.x86_64.rpm\n\nRed Hat Enterprise Linux Server AUS (v. 6.2):\n\nSource:\nglibc-2.12-1.47.el6_2.17.src.rpm\n\nx86_64:\nglibc-2.12-1.47.el6_2.17.i686.rpm\nglibc-2.12-1.47.el6_2.17.x86_64.rpm\nglibc-common-2.12-1.47.el6_2.17.x86_64.rpm\nglibc-debuginfo-2.12-1.47.el6_2.17.i686.rpm\nglibc-debuginfo-2.12-1.47.el6_2.17.x86_64.rpm\nglibc-debuginfo-common-2.12-1.47.el6_2.17.i686.rpm\nglibc-debuginfo-common-2.12-1.47.el6_2.17.x86_64.rpm\nglibc-devel-2.12-1.47.el6_2.17.i686.rpm\nglibc-devel-2.12-1.47.el6_2.17.x86_64.rpm\nglibc-headers-2.12-1.47.el6_2.17.x86_64.rpm\nglibc-utils-2.12-1.47.el6_2.17.x86_64.rpm\nnscd-2.12-1.47.el6_2.17.x86_64.rpm\n\nRed Hat Enterprise Linux Server AUS (v. 6.4):\n\nSource:\nglibc-2.12-1.107.el6_4.9.src.rpm\n\nx86_64:\nglibc-2.12-1.107.el6_4.9.i686.rpm\nglibc-2.12-1.107.el6_4.9.x86_64.rpm\nglibc-common-2.12-1.107.el6_4.9.x86_64.rpm\nglibc-debuginfo-2.12-1.107.el6_4.9.i686.rpm\nglibc-debuginfo-2.12-1.107.el6_4.9.x86_64.rpm\nglibc-debuginfo-common-2.12-1.107.el6_4.9.i686.rpm\nglibc-debuginfo-common-2.12-1.107.el6_4.9.x86_64.rpm\nglibc-devel-2.12-1.107.el6_4.9.i686.rpm\nglibc-devel-2.12-1.107.el6_4.9.x86_64.rpm\nglibc-headers-2.12-1.107.el6_4.9.x86_64.rpm\nglibc-utils-2.12-1.107.el6_4.9.x86_64.rpm\nnscd-2.12-1.107.el6_4.9.x86_64.rpm\n\nRed Hat Enterprise Linux Server AUS (v. 6.5):\n\nSource:\nglibc-2.12-1.132.el6_5.7.src.rpm\n\nx86_64:\nglibc-2.12-1.132.el6_5.7.i686.rpm\nglibc-2.12-1.132.el6_5.7.x86_64.rpm\nglibc-common-2.12-1.132.el6_5.7.x86_64.rpm\nglibc-debuginfo-2.12-1.132.el6_5.7.i686.rpm\nglibc-debuginfo-2.12-1.132.el6_5.7.x86_64.rpm\nglibc-debuginfo-common-2.12-1.132.el6_5.7.i686.rpm\nglibc-debuginfo-common-2.12-1.132.el6_5.7.x86_64.rpm\nglibc-devel-2.12-1.132.el6_5.7.i686.rpm\nglibc-devel-2.12-1.132.el6_5.7.x86_64.rpm\nglibc-headers-2.12-1.132.el6_5.7.x86_64.rpm\nglibc-utils-2.12-1.132.el6_5.7.x86_64.rpm\nnscd-2.12-1.132.el6_5.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server EUS (v. 6.6):\n\nSource:\nglibc-2.12-1.149.el6_6.11.src.rpm\n\ni386:\nglibc-2.12-1.149.el6_6.11.i686.rpm\nglibc-common-2.12-1.149.el6_6.11.i686.rpm\nglibc-debuginfo-2.12-1.149.el6_6.11.i686.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.11.i686.rpm\nglibc-devel-2.12-1.149.el6_6.11.i686.rpm\nglibc-headers-2.12-1.149.el6_6.11.i686.rpm\nglibc-utils-2.12-1.149.el6_6.11.i686.rpm\nnscd-2.12-1.149.el6_6.11.i686.rpm\n\nppc64:\nglibc-2.12-1.149.el6_6.11.ppc.rpm\nglibc-2.12-1.149.el6_6.11.ppc64.rpm\nglibc-common-2.12-1.149.el6_6.11.ppc64.rpm\nglibc-debuginfo-2.12-1.149.el6_6.11.ppc.rpm\nglibc-debuginfo-2.12-1.149.el6_6.11.ppc64.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.11.ppc.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.11.ppc64.rpm\nglibc-devel-2.12-1.149.el6_6.11.ppc.rpm\nglibc-devel-2.12-1.149.el6_6.11.ppc64.rpm\nglibc-headers-2.12-1.149.el6_6.11.ppc64.rpm\nglibc-utils-2.12-1.149.el6_6.11.ppc64.rpm\nnscd-2.12-1.149.el6_6.11.ppc64.rpm\n\ns390x:\nglibc-2.12-1.149.el6_6.11.s390.rpm\nglibc-2.12-1.149.el6_6.11.s390x.rpm\nglibc-common-2.12-1.149.el6_6.11.s390x.rpm\nglibc-debuginfo-2.12-1.149.el6_6.11.s390.rpm\nglibc-debuginfo-2.12-1.149.el6_6.11.s390x.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.11.s390.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.11.s390x.rpm\nglibc-devel-2.12-1.149.el6_6.11.s390.rpm\nglibc-devel-2.12-1.149.el6_6.11.s390x.rpm\nglibc-headers-2.12-1.149.el6_6.11.s390x.rpm\nglibc-utils-2.12-1.149.el6_6.11.s390x.rpm\nnscd-2.12-1.149.el6_6.11.s390x.rpm\n\nx86_64:\nglibc-2.12-1.149.el6_6.11.i686.rpm\nglibc-2.12-1.149.el6_6.11.x86_64.rpm\nglibc-common-2.12-1.149.el6_6.11.x86_64.rpm\nglibc-debuginfo-2.12-1.149.el6_6.11.i686.rpm\nglibc-debuginfo-2.12-1.149.el6_6.11.x86_64.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.11.i686.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.11.x86_64.rpm\nglibc-devel-2.12-1.149.el6_6.11.i686.rpm\nglibc-devel-2.12-1.149.el6_6.11.x86_64.rpm\nglibc-headers-2.12-1.149.el6_6.11.x86_64.rpm\nglibc-utils-2.12-1.149.el6_6.11.x86_64.rpm\nnscd-2.12-1.149.el6_6.11.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional AUS (v. 6.2):\n\nSource:\nglibc-2.12-1.47.el6_2.17.src.rpm\n\nx86_64:\nglibc-debuginfo-2.12-1.47.el6_2.17.i686.rpm\nglibc-debuginfo-2.12-1.47.el6_2.17.x86_64.rpm\nglibc-debuginfo-common-2.12-1.47.el6_2.17.i686.rpm\nglibc-debuginfo-common-2.12-1.47.el6_2.17.x86_64.rpm\nglibc-static-2.12-1.47.el6_2.17.i686.rpm\nglibc-static-2.12-1.47.el6_2.17.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional AUS (v. 6.4):\n\nSource:\nglibc-2.12-1.107.el6_4.9.src.rpm\n\nx86_64:\nglibc-debuginfo-2.12-1.107.el6_4.9.i686.rpm\nglibc-debuginfo-2.12-1.107.el6_4.9.x86_64.rpm\nglibc-debuginfo-common-2.12-1.107.el6_4.9.i686.rpm\nglibc-debuginfo-common-2.12-1.107.el6_4.9.x86_64.rpm\nglibc-static-2.12-1.107.el6_4.9.i686.rpm\nglibc-static-2.12-1.107.el6_4.9.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional AUS (v. 6.5):\n\nSource:\nglibc-2.12-1.132.el6_5.7.src.rpm\n\nx86_64:\nglibc-debuginfo-2.12-1.132.el6_5.7.i686.rpm\nglibc-debuginfo-2.12-1.132.el6_5.7.x86_64.rpm\nglibc-debuginfo-common-2.12-1.132.el6_5.7.i686.rpm\nglibc-debuginfo-common-2.12-1.132.el6_5.7.x86_64.rpm\nglibc-static-2.12-1.132.el6_5.7.i686.rpm\nglibc-static-2.12-1.132.el6_5.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional EUS (v. 6.6):\n\ni386:\nglibc-debuginfo-2.12-1.149.el6_6.11.i686.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.11.i686.rpm\nglibc-static-2.12-1.149.el6_6.11.i686.rpm\n\nppc64:\nglibc-debuginfo-2.12-1.149.el6_6.11.ppc.rpm\nglibc-debuginfo-2.12-1.149.el6_6.11.ppc64.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.11.ppc.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.11.ppc64.rpm\nglibc-static-2.12-1.149.el6_6.11.ppc.rpm\nglibc-static-2.12-1.149.el6_6.11.ppc64.rpm\n\ns390x:\nglibc-debuginfo-2.12-1.149.el6_6.11.s390.rpm\nglibc-debuginfo-2.12-1.149.el6_6.11.s390x.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.11.s390.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.11.s390x.rpm\nglibc-static-2.12-1.149.el6_6.11.s390.rpm\nglibc-static-2.12-1.149.el6_6.11.s390x.rpm\n\nx86_64:\nglibc-debuginfo-2.12-1.149.el6_6.11.i686.rpm\nglibc-debuginfo-2.12-1.149.el6_6.11.x86_64.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.11.i686.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.11.x86_64.rpm\nglibc-static-2.12-1.149.el6_6.11.i686.rpm\nglibc-static-2.12-1.149.el6_6.11.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode EUS (v. 7.1):\n\nSource:\nglibc-2.17-79.el7_1.4.src.rpm\n\nx86_64:\nglibc-2.17-79.el7_1.4.i686.rpm\nglibc-2.17-79.el7_1.4.x86_64.rpm\nglibc-common-2.17-79.el7_1.4.x86_64.rpm\nglibc-debuginfo-2.17-79.el7_1.4.i686.rpm\nglibc-debuginfo-2.17-79.el7_1.4.x86_64.rpm\nglibc-debuginfo-common-2.17-79.el7_1.4.i686.rpm\nglibc-debuginfo-common-2.17-79.el7_1.4.x86_64.rpm\nglibc-devel-2.17-79.el7_1.4.i686.rpm\nglibc-devel-2.17-79.el7_1.4.x86_64.rpm\nglibc-headers-2.17-79.el7_1.4.x86_64.rpm\nglibc-utils-2.17-79.el7_1.4.x86_64.rpm\nnscd-2.17-79.el7_1.4.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional EUS (v. 7.1):\n\nx86_64:\nglibc-debuginfo-2.17-79.el7_1.4.i686.rpm\nglibc-debuginfo-2.17-79.el7_1.4.x86_64.rpm\nglibc-debuginfo-common-2.17-79.el7_1.4.i686.rpm\nglibc-debuginfo-common-2.17-79.el7_1.4.x86_64.rpm\nglibc-static-2.17-79.el7_1.4.i686.rpm\nglibc-static-2.17-79.el7_1.4.x86_64.rpm\n\nRed Hat Enterprise Linux Server EUS (v. 7.1):\n\nSource:\nglibc-2.17-79.el7_1.4.src.rpm\n\nppc64:\nglibc-2.17-79.el7_1.4.ppc.rpm\nglibc-2.17-79.el7_1.4.ppc64.rpm\nglibc-common-2.17-79.el7_1.4.ppc64.rpm\nglibc-debuginfo-2.17-79.el7_1.4.ppc.rpm\nglibc-debuginfo-2.17-79.el7_1.4.ppc64.rpm\nglibc-debuginfo-common-2.17-79.el7_1.4.ppc.rpm\nglibc-debuginfo-common-2.17-79.el7_1.4.ppc64.rpm\nglibc-devel-2.17-79.el7_1.4.ppc.rpm\nglibc-devel-2.17-79.el7_1.4.ppc64.rpm\nglibc-headers-2.17-79.el7_1.4.ppc64.rpm\nglibc-utils-2.17-79.el7_1.4.ppc64.rpm\nnscd-2.17-79.el7_1.4.ppc64.rpm\n\ns390x:\nglibc-2.17-79.el7_1.4.s390.rpm\nglibc-2.17-79.el7_1.4.s390x.rpm\nglibc-common-2.17-79.el7_1.4.s390x.rpm\nglibc-debuginfo-2.17-79.el7_1.4.s390.rpm\nglibc-debuginfo-2.17-79.el7_1.4.s390x.rpm\nglibc-debuginfo-common-2.17-79.el7_1.4.s390.rpm\nglibc-debuginfo-common-2.17-79.el7_1.4.s390x.rpm\nglibc-devel-2.17-79.el7_1.4.s390.rpm\nglibc-devel-2.17-79.el7_1.4.s390x.rpm\nglibc-headers-2.17-79.el7_1.4.s390x.rpm\nglibc-utils-2.17-79.el7_1.4.s390x.rpm\nnscd-2.17-79.el7_1.4.s390x.rpm\n\nx86_64:\nglibc-2.17-79.el7_1.4.i686.rpm\nglibc-2.17-79.el7_1.4.x86_64.rpm\nglibc-common-2.17-79.el7_1.4.x86_64.rpm\nglibc-debuginfo-2.17-79.el7_1.4.i686.rpm\nglibc-debuginfo-2.17-79.el7_1.4.x86_64.rpm\nglibc-debuginfo-common-2.17-79.el7_1.4.i686.rpm\nglibc-debuginfo-common-2.17-79.el7_1.4.x86_64.rpm\nglibc-devel-2.17-79.el7_1.4.i686.rpm\nglibc-devel-2.17-79.el7_1.4.x86_64.rpm\nglibc-headers-2.17-79.el7_1.4.x86_64.rpm\nglibc-utils-2.17-79.el7_1.4.x86_64.rpm\nnscd-2.17-79.el7_1.4.x86_64.rpm\n\nRed Hat Enterprise Linux Server EUS (v. 7.1):\n\nSource:\nglibc-2.17-79.ael7b_1.4.src.rpm\n\nppc64le:\nglibc-2.17-79.ael7b_1.4.ppc64le.rpm\nglibc-common-2.17-79.ael7b_1.4.ppc64le.rpm\nglibc-debuginfo-2.17-79.ael7b_1.4.ppc64le.rpm\nglibc-debuginfo-common-2.17-79.ael7b_1.4.ppc64le.rpm\nglibc-devel-2.17-79.ael7b_1.4.ppc64le.rpm\nglibc-headers-2.17-79.ael7b_1.4.ppc64le.rpm\nglibc-utils-2.17-79.ael7b_1.4.ppc64le.rpm\nnscd-2.17-79.ael7b_1.4.ppc64le.rpm\n\nRed Hat Enterprise Linux Server Optional EUS (v. 7.1):\n\nppc64:\nglibc-debuginfo-2.17-79.el7_1.4.ppc.rpm\nglibc-debuginfo-2.17-79.el7_1.4.ppc64.rpm\nglibc-debuginfo-common-2.17-79.el7_1.4.ppc.rpm\nglibc-debuginfo-common-2.17-79.el7_1.4.ppc64.rpm\nglibc-static-2.17-79.el7_1.4.ppc.rpm\nglibc-static-2.17-79.el7_1.4.ppc64.rpm\n\ns390x:\nglibc-debuginfo-2.17-79.el7_1.4.s390.rpm\nglibc-debuginfo-2.17-79.el7_1.4.s390x.rpm\nglibc-debuginfo-common-2.17-79.el7_1.4.s390.rpm\nglibc-debuginfo-common-2.17-79.el7_1.4.s390x.rpm\nglibc-static-2.17-79.el7_1.4.s390.rpm\nglibc-static-2.17-79.el7_1.4.s390x.rpm\n\nx86_64:\nglibc-debuginfo-2.17-79.el7_1.4.i686.rpm\nglibc-debuginfo-2.17-79.el7_1.4.x86_64.rpm\nglibc-debuginfo-common-2.17-79.el7_1.4.i686.rpm\nglibc-debuginfo-common-2.17-79.el7_1.4.x86_64.rpm\nglibc-static-2.17-79.el7_1.4.i686.rpm\nglibc-static-2.17-79.el7_1.4.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional EUS (v. 7.1):\n\nppc64le:\nglibc-debuginfo-2.17-79.ael7b_1.4.ppc64le.rpm\nglibc-debuginfo-common-2.17-79.ael7b_1.4.ppc64le.rpm\nglibc-static-2.17-79.ael7b_1.4.ppc64le.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-7547\nhttps://access.redhat.com/security/updates/classification/#critical\nhttps://access.redhat.com/articles/2161461\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFWw0rVXlSAg2UNWIIRAoWoAJ93rclEfn9JUszTFNh+0YlrV1LDvgCdHL4z\nZcaJTtI1osFTTkgVY6t05d0=\n=2Ia0\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/glibc-2.17-i486-11_slack14.1.txz: Rebuilt. However,\n due to a patch applied to Slackware\u0027s glibc back in 2009 (don\u0027t use the\n gethostbyname4() lookup method as it was causing some cheap routers to\n misbehave), we were not vulnerable to that issue. Nevertheless it seems\n prudent to patch the overflows anyway even if we\u0027re not currently using\n the code in question. Thanks to mancha for the backported patch. \n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7547\n (* Security fix *)\npatches/packages/glibc-i18n-2.17-i486-11_slack14.1.txz: Rebuilt. \npatches/packages/glibc-profile-2.17-i486-11_slack14.1.txz: Rebuilt. \npatches/packages/glibc-solibs-2.17-i486-11_slack14.1.txz: Rebuilt. \n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/glibc-2.17-i486-11_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/glibc-i18n-2.17-i486-11_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/glibc-profile-2.17-i486-11_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/glibc-solibs-2.17-i486-11_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/glibc-2.17-x86_64-11_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/glibc-i18n-2.17-x86_64-11_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/glibc-profile-2.17-x86_64-11_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/glibc-solibs-2.17-x86_64-11_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/glibc-solibs-2.23-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-2.23-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-i18n-2.23-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-profile-2.23-i586-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/glibc-solibs-2.23-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-2.23-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-i18n-2.23-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-profile-2.23-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.1 packages:\n4c56432d638adc8098661cfa818b5bc9 glibc-2.17-i486-11_slack14.1.txz\n5c316d6b0a8970fe15fbdf2adff8de19 glibc-i18n-2.17-i486-11_slack14.1.txz\na937d842e5ca3d0b125230c23285f8f4 glibc-profile-2.17-i486-11_slack14.1.txz\n442f01d094d350612c1fb1fcb5e7fbe7 glibc-solibs-2.17-i486-11_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\neec88d584a79909ec79aae1c43c330d3 glibc-2.17-x86_64-11_slack14.1.txz\nd8b396eb6ada65d1555e3cf0fb8246c2 glibc-i18n-2.17-x86_64-11_slack14.1.txz\ne7deaabfe3e467cbde10ba5b7748bbbb glibc-profile-2.17-x86_64-11_slack14.1.txz\n629c93f0e510d354ff66e61f1ebe8b67 glibc-solibs-2.17-x86_64-11_slack14.1.txz\n\nSlackware -current packages:\nb11873e4f851a600b57a2e7a2ac8f472 a/glibc-solibs-2.23-i586-1.txz\n5116eec63fab5e7dbc58d27fecd48684 l/glibc-2.23-i586-1.txz\nae9b8a8e4ead59aa398212d6893d7ddc l/glibc-i18n-2.23-i586-1.txz\n61154e43ee4c0739dd5d3c4ce3b60ae6 l/glibc-profile-2.23-i586-1.txz\n\nSlackware x86_64 -current packages:\nc48a55c8a39dc8e17e04796e4f160bd0 a/glibc-solibs-2.23-x86_64-1.txz\n36104e1a004b0e97d193c2132f18222d l/glibc-2.23-x86_64-1.txz\ne0415f66d17323c8f6df339cfd49051b l/glibc-i18n-2.23-x86_64-1.txz\nf5433793e9da696a60f2445559f1d33f l/glibc-profile-2.23-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg glibc-*.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. SEC Consult Vulnerability Lab Security Advisory \u003c 20190904-0 \u003e\n=======================================================================\n title: Multiple vulnerabilities\n product: Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P,\n Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160,\n Cisco 160W\n vulnerable version: Cisco RV34X - 1.0.02.16, Cisco RV16X/26X - 1.0.00.15\n fixed version: see \"Solution\"\n CVE number: -\n impact: High\n homepage: https://www.cisco.com/\n found: 2019-05-15\n by: T. Weber, S. Viehb\u00f6ck (Office Vienna)\n IoT Inspector\n SEC Consult Vulnerability Lab\n\n An integrated part of SEC Consult\n Europe | Asia | North America\n\n https://www.sec-consult.com\n\n=======================================================================\n\nVendor description:\n-------------------\n\"Securely connecting your small business to the outside world is as important\nas connecting your internal network devices to one another. Cisco Small\nBusiness RV Series Routers offer virtual private networking (VPN) technology\nso your remote workers can connect to your network through a secure Internet\npathway.\"\n\nSource: https://www.cisco.com/c/en/us/products/routers/small-business-rv-series-routers/index.html\n\n\nBusiness recommendation:\n------------------------\nWe want to thank Cisco for the very quick and professional response and great\ncoordination. Customers are urged to update the firmware of their devices. \n\n\nVulnerability overview/description:\n-----------------------------------\n1) Hardcoded Credentials\nThe device contains hardcoded users and passwords which can be used to login\nvia SSH on an emulated device at least. \n\nDuring the communication with Cisco it turned out that:\n\"Accounts like the \u0027debug-admin\u0027 and \u0027root\u0027 can not be accessed\nfrom console port, CLI or webui\". \nTherefore, these accounts had no real functionality and cannot be used for\nmalicious actions. \n\n2) Known GNU glibc Vulnerabilities\nThe used GNU glibc in version 2.19 is outdated and contains multiple known\nvulnerabilities. The outdated version was found by IoT Inspector. \n\n3) Known BusyBox Vulnerabilities\nThe used BusyBox toolkit in version 1.23.2 is outdated and contains multiple\nknown vulnerabilities. The outdated version was found by IoT Inspector. \nOne of the discovered vulnerabilities (CVE-2017-16544) was verified by using\nthe MEDUSA scaleable firmware runtime. \n\n\n4) Multiple Vulnerabilities - IoT Inspector Report\nFurther information can be found in IoT Inspector report:\nhttps://r.sec-consult.com/ciscoiot\n\n\nProof of concept:\n-----------------\n1) Hardcoded Credentials\nThe following hardcoded hashes were found in the \u0027shadow\u0027 file of the firmware:\nroot:$1$hPNSjUZA$7eKqEpqVYltt9xJ6f0OGf0:15533:0:99999:7:::\ndebug-admin:$1$.AAm0iJ4$na9wZwly9pSrdS8MhcGKw/:15541:0:99999:7:::\n[...]\n\nThe undocumented user \u0027debug-admin\u0027 is also contained in this file. \n\nStarting the dropbear daemon as background process on emulated firmware:\n-------------------------------------------------------------------------------\n# dropbear -E\n# [1109] \u003ctimestamp\u003e Running in background\n#\n# [1112] \u003ctimestamp\u003e Child connection from \u003cIP\u003e:52718\n[1112] \u003ctimestamp\u003e /var must be owned by user or root, and not writable by others\n[1112] \u003ctimestamp\u003e Password auth succeeded for \u0027debug-admin\u0027 from \u003cIP\u003e:52718\n-------------------------------------------------------------------------------\n\nLog on via another host connected to the same network. For this PoC the\npassword of the debug-admin was changed in the \u0027shadow\u0027 file. \n-------------------------------------------------------------------------------\n[root@localhost medusa]# ssh debug-admin@\u003cIP\u003e /bin/ash -i\ndebug-admin@\u003cIP\u003e\u0027s password:\n/bin/ash: can\u0027t access tty; job control turned off\n\n\nBusyBox v1.23.2 (2018-11-21 18:22:56 IST) built-in shell (ash)\n\n/tmp $\n-------------------------------------------------------------------------------\n\nThe \u0027debug-admin\u0027 user has the same privileges like \u0027root\u0027. This can be\ndetermined from the corresponding sudoers file in the firmware:\n[...]\n## User privilege specification\n##\nroot ALL=(ALL) ALL\ndebug-admin ALL=(ALL) ALL\n\n## Uncomment to allow members of group wheel to execute any command\n# %wheel ALL=(ALL) ALL\n[...]\n\nDuring the communication with Cisco it turned out that:\n\"Accounts like the \u0027debug-admin\u0027 and \u0027root\u0027 can not be accessed\nfrom console port, CLI or webui\". \nTherefore, these accounts had no real functionality and cannot be used for\nmalicious actions. \n\n2) Known GNU glibc Vulnerabilities\nGNU glibc version 2.19 contains multiple CVEs like:\nCVE-2014-4043, CVE-2014-9402, CVE-2014-9761, CVE-2014-9984, CVE-2015-1472,\nCVE-2015-5277, CVE-2015-8778, CVE-2015-8779, CVE-2017-1000366 and more. It was compiled\nand executed on the emulated device to test the system. \n\n# python cve-2015-7547-poc.py \u0026\n[1] 961\n# chroot /medusa_rootfs/ bin/ash\n\n\nBusyBox v1.23.2 (2018-11-21 18:22:56 IST) built-in shell (ash)\n\n# gdb cve-2015-7547_glibc_getaddrinfo\n[...]\n[UDP] Total Data len recv 36\n[UDP] Total Data len recv 36\nConnected with 127.0.0.1:41782\n[TCP] Total Data len recv 76\n[TCP] Request1 len recv 36\n[TCP] Request2 len recv 36\nCannot access memory at address 0x4\n\nProgram received signal SIGSEGV, Segmentation fault. \n0x76f1fd58 in ?? () from /lib/libc.so.6\n(gdb)\n\nReferences:\nhttps://security.googleblog.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html\nhttps://github.com/fjserna/CVE-2015-7547\n\n\n3) Known BusyBox Vulnerabilities\nBusyBox version 1.23.2 contains multiple CVEs like:\nCVE-2016-2148, CVE-2016-6301, CVE-2015-9261, CVE-2016-2147, CVE-2018-20679,\nCVE-2017-16544 and CVE-2019-5747. \nThe BusyBox shell autocompletion vulnerability (CVE-2017-16544) was verified on\nan emulated device:\n\nA file with the name \"\\ectest\\n\\e]55;test.txt\\a\" was created to trigger the\nvulnerability. \n-------------------------------------------------------------------------------\n# ls \"pressing \u003cTAB\u003e\"\ntest\n]55;test.txt\n#\n-------------------------------------------------------------------------------\n\n4) Multiple Vulnerabilities - IoT Inspector Report\nFurther information can be found in IoT Inspector report:\nhttps://r.sec-consult.com/ciscoiot\n\nThe summary is below:\nIoT Inspector Vulnerability #1 BusyBox CVE entries\nOutdated BusyBox version is affected by 7 published CVEs. \n\nIoT Inspector Vulnerability #2 curl CVE entries\nOutdated curl version is affected by 35 published CVEs. \n\nIoT Inspector Vulnerability #3 GNU glibc CVE entries\nOutdated GNU glibc version is affected by 44 published CVEs. \n\nIoT Inspector Vulnerability #5 Hardcoded password hashes\nFirmware contains multiple hardcoded credentials. \n\nIoT Inspector Vulnerability #6 Linux Kernel CVE entries\nOutdated Linux Kernel version affected by 512 published CVEs. \n\nIoT Inspector Vulnerability #7 MiniUPnPd CVE entries\nOutdated MiniUPnPd version affected by 2 published CVEs. \n\nIoT Inspector Vulnerability #8 Dnsmasq CVE entries\nOutdated MiniUPnPd version affected by 1 published CVE. \n\nIoT Inspector Vulnerability #9 Linux Kernel Privilege Escalation \u201cpp_key\u201d\nOutdated Linux Kernel version is affected by CVE-2015-7547. \n\nIoT Inspector Vulnerability #10 OpenSSL CVE entries\nOutdated OpenSSL version affected by 6 published CVEs. \n\n\nVulnerable / tested versions:\n-----------------------------\nThe following firmware versions have been tested with IoT Inspector and\nfirmware emulation techniques:\nCisco RV340 / 1.0.02.16\nCisco RV340W / 1.0.02.16\nCisco RV345 / 1.0.02.16\nCisco RV345P / 1.0.02.16\nThe following firmware versions have been tested with IoT Inspector only:\nCisco RV260 / 1.0.00.15\nCisco RV260P / 1.0.00.15\nCisco RV260W / 1.0.00.15\nCisco RV160 / 1.0.00.15\nCisco RV160P / 1.0.00.15\n\nThe firmware was obtained from the vendor website:\nhttps://software.cisco.com/download/home/286287791/type/282465789/release/1.0.02.16\nhttps://software.cisco.com/download/home/286316464/type/282465789/release/1.0.00.15\n\n\nVendor contact timeline:\n------------------------\n2019-05-15: Contacting vendor through psirt@cisco.com. \n2019-05-16: Vendor confirmed the receipt. \n2019-05-2019-08: Periodic updates about the investigation from the vendor. \n Clarification which of the reported issues will be fixed. \n2019-08-20: The vendor proposed the next possible publication date for the\n advisory for 2019-09-04. The vendor added the RV160 and RV260\n router series to be vulnerable to the same issues too. \n2019-09-04: Coordinated advisory release. \n\n\nSolution:\n---------\nUpgrade to the newest available firmware version. \n\nAdditionally, the vendor provides the following security notice:\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190904-sb-vpnrouter\n\n\nWorkaround:\n-----------\nNone. \n\n\nAdvisory URL:\n-------------\nhttps://www.sec-consult.com/en/vulnerability-lab/advisories/index.html\n\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nSEC Consult Vulnerability Lab\n\nSEC Consult\nEurope | Asia | North America\n\nAbout SEC Consult Vulnerability Lab\nThe SEC Consult Vulnerability Lab is an integrated part of SEC Consult. It\nensures the continued knowledge gain of SEC Consult in the field of network\nand application security to stay ahead of the attacker. The SEC Consult\nVulnerability Lab supports high-quality penetration testing and the evaluation\nof new offensive and defensive technologies for our customers. Hence our\ncustomers obtain the most current information about vulnerabilities and valid\nrecommendation about the risk profile of new technologies. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\nInterested to work with the experts of SEC Consult?\nSend us your application https://www.sec-consult.com/en/career/index.html\n\nInterested in improving your cyber security with the experts of SEC Consult?\nContact our local offices https://www.sec-consult.com/en/contact/index.html\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nMail: research at sec-consult dot com\nWeb: https://www.sec-consult.com\nBlog: http://blog.sec-consult.com\nTwitter: https://twitter.com/sec_consult\n\nEOF T. Weber / @2019\n\n. \n\nThe first vulnerability listed below is considered to have critical\nimpact. \n\nCVE-2015-7547\n\n The Google Security Team and Red Hat discovered that the glibc\n host name resolver function, getaddrinfo, when processing\n AF_UNSPEC queries (for dual A/AAAA lookups), could mismanage its\n internal buffers, leading to a stack-based buffer overflow and\n arbitrary code execution. This vulnerability affects most\n applications which perform host name resolution using getaddrinfo,\n including system services. \n\nCVE-2015-8776\n\n Adam Nielsen discovered that if an invalid separated time value\n is passed to strftime, the strftime function could crash or leak\n information. Applications normally pass only valid time\n information to strftime; no affected applications are known. \n\nCVE-2015-8778\n\n Szabolcs Nagy reported that the rarely-used hcreate and hcreate_r\n functions did not check the size argument properly, leading to a\n crash (denial of service) for certain arguments. No impacted\n applications are known at this time. \n\nCVE-2015-8779\n\n The catopen function contains several unbound stack allocations\n (stack overflows), causing it the crash the process (denial of\n service). No applications where this issue has a security impact\n are currently known. \n\nWhile it is only necessary to ensure that all processes are not using\nthe old glibc anymore, it is recommended to reboot the machines after\napplying the security upgrade. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 2.19-18+deb8u3. \n\nFor the unstable distribution (sid), these problems will be fixed in\nversion 2.21-8",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7547"
},
{
"db": "CNVD",
"id": "CNVD-2016-01100"
},
{
"db": "VULHUB",
"id": "VHN-85508"
},
{
"db": "PACKETSTORM",
"id": "135789"
},
{
"db": "PACKETSTORM",
"id": "140605"
},
{
"db": "PACKETSTORM",
"id": "136881"
},
{
"db": "PACKETSTORM",
"id": "135791"
},
{
"db": "PACKETSTORM",
"id": "135911"
},
{
"db": "PACKETSTORM",
"id": "154361"
},
{
"db": "PACKETSTORM",
"id": "136988"
},
{
"db": "PACKETSTORM",
"id": "135800"
},
{
"db": "PACKETSTORM",
"id": "135971"
}
],
"trust": 2.34
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-85508",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85508"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-7547",
"trust": 2.6
},
{
"db": "BID",
"id": "83265",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "154361",
"trust": 1.2
},
{
"db": "EXPLOIT-DB",
"id": "39454",
"trust": 1.1
},
{
"db": "EXPLOIT-DB",
"id": "40339",
"trust": 1.1
},
{
"db": "MCAFEE",
"id": "SB10150",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "167552",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "164014",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "135802",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1035020",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#457759",
"trust": 1.1
},
{
"db": "PULSESECURE",
"id": "SA40161",
"trust": 1.1
},
{
"db": "TENABLE",
"id": "TRA-2017-08",
"trust": 1.1
},
{
"db": "ICS CERT",
"id": "ICSA-16-103-01",
"trust": 1.1
},
{
"db": "SIEMENS",
"id": "SSA-301706",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2016-01100",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "135971",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "135791",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "136988",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "136881",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "135911",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "135800",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "135789",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "136808",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137497",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135856",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "138068",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136976",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135853",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137351",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137112",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136325",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135801",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136985",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "138601",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136048",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-201602-348",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-90749",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-85508",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "140605",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01100"
},
{
"db": "VULHUB",
"id": "VHN-85508"
},
{
"db": "PACKETSTORM",
"id": "135789"
},
{
"db": "PACKETSTORM",
"id": "140605"
},
{
"db": "PACKETSTORM",
"id": "136881"
},
{
"db": "PACKETSTORM",
"id": "135791"
},
{
"db": "PACKETSTORM",
"id": "135911"
},
{
"db": "PACKETSTORM",
"id": "154361"
},
{
"db": "PACKETSTORM",
"id": "136988"
},
{
"db": "PACKETSTORM",
"id": "135800"
},
{
"db": "PACKETSTORM",
"id": "135971"
},
{
"db": "NVD",
"id": "CVE-2015-7547"
}
]
},
"id": "VAR-201602-0004",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-85508"
}
],
"trust": 0.8356060666666666
},
"last_update_date": "2024-11-29T20:09:54.055000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for GNU glibc getaddrinfo () stack buffer overflow vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/71529"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01100"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85508"
},
{
"db": "NVD",
"id": "CVE-2015-7547"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html"
},
{
"trust": 1.4,
"url": "https://access.redhat.com/articles/2161461"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2016-0175.html"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2016-0225.html"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1035020"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2019/sep/7"
},
{
"trust": 1.1,
"url": "https://seclists.org/bugtraq/2019/sep/7"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2021/sep/0"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2022/jun/36"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/39454/"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/40339/"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/83265"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2016/dsa-3480"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2016/dsa-3481"
},
{
"trust": 1.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-february/177404.html"
},
{
"trust": 1.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-february/177412.html"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/201602-02"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2016-0176.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2016-0277.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html"
},
{
"trust": 1.1,
"url": "http://ubuntu.com/usn/usn-2900-1"
},
{
"trust": 1.1,
"url": "https://www.kb.cert.org/vuls/id/457759"
},
{
"trust": 1.1,
"url": "http://fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/135802/glibc-getaddrinfo-stack-based-buffer-overflow.html"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/154361/cisco-device-hardcoded-credentials-gnu-glibc-busybox.html"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/164014/moxa-command-injection-cross-site-scripting-vulnerable-software.html"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/167552/nexans-ftto-gigaswitch-outdated-components-hardcoded-backdoor.html"
},
{
"trust": 1.1,
"url": "http://support.citrix.com/article/ctx206991"
},
{
"trust": 1.1,
"url": "http://www.fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow"
},
{
"trust": 1.1,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160304-01-glibc-en"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"trust": 1.1,
"url": "http://www.vmware.com/security/advisories/vmsa-2016-0002.html"
},
{
"trust": 1.1,
"url": "https://blogs.sophos.com/2016/02/24/utm-up2date-9-355-released/"
},
{
"trust": 1.1,
"url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/"
},
{
"trust": 1.1,
"url": "https://bto.bluecoat.com/security-advisory/sa114"
},
{
"trust": 1.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1293532"
},
{
"trust": 1.1,
"url": "https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05028479"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04989404"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05008367"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05053211"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05073516"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05098877"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05125672"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05128937"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05130958"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05140858"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05158380"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05176716"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05212266"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05376917"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05390722"
},
{
"trust": 1.1,
"url": "https://help.ecostruxureit.com/display/public/uadco8x/struxureware+data+center+operation+software+vulnerability+fixes"
},
{
"trust": 1.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-103-01"
},
{
"trust": 1.1,
"url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40161"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20160217-0002/"
},
{
"trust": 1.1,
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=18665"
},
{
"trust": 1.1,
"url": "https://support.f5.com/kb/en-us/solutions/public/k/47/sol47098834.html"
},
{
"trust": 1.1,
"url": "https://support.lenovo.com/us/en/product_security/len_5450"
},
{
"trust": 1.1,
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1255-security-advisory-17"
},
{
"trust": 1.1,
"url": "https://www.tenable.com/security/research/tra-2017-08"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00043.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00044.html"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=146161017210491\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=145857691004892\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=145596041017029\u0026w=2"
},
{
"trust": 1.0,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10150"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=145690841819314\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=145672440608228\u0026w=2"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7547"
},
{
"trust": 0.6,
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-301706.pdf"
},
{
"trust": 0.6,
"url": "https://googleonlinesecurity.blogspot.de/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html"
},
{
"trust": 0.6,
"url": "https://isc.sans.edu/diary/cve-2015-7547"
},
{
"trust": 0.4,
"url": "http://www.hpe.com/support/security_bulletin_archive"
},
{
"trust": 0.4,
"url": "http://www.hpe.com/support/subscriber_choice"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-7547"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8778"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8779"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=145690841819314\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=145596041017029\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=145672440608228\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=145857691004892\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=146161017210491\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10150"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4877"
},
{
"trust": 0.1,
"url": "https://www.hpe.com/info/report-security-vulnerability"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05376917"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0702"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2842"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-6420"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705"
},
{
"trust": 0.1,
"url": "https://h20392.www2.hpe.com/portal/swdepot/displayproductinfo.do?productnumb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0050"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799"
},
{
"trust": 0.1,
"url": "http://downloads.eucalyptus.com/software/eucalyptus/4.2/"
},
{
"trust": 0.1,
"url": "http://slackware.com"
},
{
"trust": 0.1,
"url": "http://osuosl.org)"
},
{
"trust": 0.1,
"url": "http://slackware.com/gpg-key"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7547"
},
{
"trust": 0.1,
"url": "https://github.com/fjserna/cve-2015-7547"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6301"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1472"
},
{
"trust": 0.1,
"url": "https://www.cisco.com/c/en/us/products/routers/small-business-rv-series-routers/index.html"
},
{
"trust": 0.1,
"url": "https://r.sec-consult.com/ciscoiot"
},
{
"trust": 0.1,
"url": "https://security.googleblog.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html"
},
{
"trust": 0.1,
"url": "https://github.com/fjserna/cve-2015-7547."
},
{
"trust": 0.1,
"url": "https://www.sec-consult.com/en/career/index.html"
},
{
"trust": 0.1,
"url": "https://www.cisco.com/"
},
{
"trust": 0.1,
"url": "https://www.sec-consult.com"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9402"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5277"
},
{
"trust": 0.1,
"url": "https://twitter.com/sec_consult"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190904-sb-vpnrouter"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-9261"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2147"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9761"
},
{
"trust": 0.1,
"url": "http://blog.sec-consult.com"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4043"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-1000366"
},
{
"trust": 0.1,
"url": "https://www.sec-consult.com/en/vulnerability-lab/advisories/index.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-16544"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2148"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20679"
},
{
"trust": 0.1,
"url": "https://software.cisco.com/download/home/286316464/type/282465789/release/1.0.00.15"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5747"
},
{
"trust": 0.1,
"url": "https://www.sec-consult.com/en/contact/index.html"
},
{
"trust": 0.1,
"url": "https://software.cisco.com/download/home/286287791/type/282465789/release/1.0.02.16"
},
{
"trust": 0.1,
"url": "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0728"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8776"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01100"
},
{
"db": "VULHUB",
"id": "VHN-85508"
},
{
"db": "PACKETSTORM",
"id": "135789"
},
{
"db": "PACKETSTORM",
"id": "140605"
},
{
"db": "PACKETSTORM",
"id": "136881"
},
{
"db": "PACKETSTORM",
"id": "135791"
},
{
"db": "PACKETSTORM",
"id": "135911"
},
{
"db": "PACKETSTORM",
"id": "154361"
},
{
"db": "PACKETSTORM",
"id": "136988"
},
{
"db": "PACKETSTORM",
"id": "135800"
},
{
"db": "PACKETSTORM",
"id": "135971"
},
{
"db": "NVD",
"id": "CVE-2015-7547"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-01100"
},
{
"db": "VULHUB",
"id": "VHN-85508"
},
{
"db": "PACKETSTORM",
"id": "135789"
},
{
"db": "PACKETSTORM",
"id": "140605"
},
{
"db": "PACKETSTORM",
"id": "136881"
},
{
"db": "PACKETSTORM",
"id": "135791"
},
{
"db": "PACKETSTORM",
"id": "135911"
},
{
"db": "PACKETSTORM",
"id": "154361"
},
{
"db": "PACKETSTORM",
"id": "136988"
},
{
"db": "PACKETSTORM",
"id": "135800"
},
{
"db": "PACKETSTORM",
"id": "135971"
},
{
"db": "NVD",
"id": "CVE-2015-7547"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-02-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-01100"
},
{
"date": "2016-02-18T00:00:00",
"db": "VULHUB",
"id": "VHN-85508"
},
{
"date": "2016-02-16T17:17:25",
"db": "PACKETSTORM",
"id": "135789"
},
{
"date": "2017-01-19T13:56:50",
"db": "PACKETSTORM",
"id": "140605"
},
{
"date": "2016-05-02T21:41:42",
"db": "PACKETSTORM",
"id": "136881"
},
{
"date": "2016-02-16T17:17:58",
"db": "PACKETSTORM",
"id": "135791"
},
{
"date": "2016-02-24T23:59:59",
"db": "PACKETSTORM",
"id": "135911"
},
{
"date": "2019-09-04T18:32:22",
"db": "PACKETSTORM",
"id": "154361"
},
{
"date": "2016-05-13T16:14:06",
"db": "PACKETSTORM",
"id": "136988"
},
{
"date": "2016-02-17T01:01:16",
"db": "PACKETSTORM",
"id": "135800"
},
{
"date": "2016-02-26T19:32:00",
"db": "PACKETSTORM",
"id": "135971"
},
{
"date": "2016-02-18T21:59:00.120000",
"db": "NVD",
"id": "CVE-2015-7547"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-01100"
},
{
"date": "2023-02-12T00:00:00",
"db": "VULHUB",
"id": "VHN-85508"
},
{
"date": "2024-11-21T02:36:57.503000",
"db": "NVD",
"id": "CVE-2015-7547"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "135789"
},
{
"db": "PACKETSTORM",
"id": "136881"
},
{
"db": "PACKETSTORM",
"id": "135791"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GNU glibc getaddrinfo () stack buffer overflow vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01100"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "overflow",
"sources": [
{
"db": "PACKETSTORM",
"id": "135789"
},
{
"db": "PACKETSTORM",
"id": "135791"
}
],
"trust": 0.2
}
}
var-202309-0672
Vulnerability from variot
A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system. Wibu-Systems AG of CodeMeter Runtime Products from multiple vendors, such as the following, contain out-of-bounds write vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. PSS(R)CAPE is a transmission and distribution network protection simulation software. PSS(R)E is a power system simulation and analysis tool for transmission operation and planning. PSS(R)ODMS is a CIM-based network model management tool with network analysis capabilities for planning and operational planning of transmission utilities. SIMATIC PCS neo is a distributed control system (DCS). SIMATIC WinCC Open Architecture (OA) is part of the SIMATIC HMI family. It is designed for applications requiring a high degree of customer-specific adaptability, large or complex applications, and projects that impose specific system requirements or functionality. SIMIT Simulation Platform allows simulating factory settings to predict failures at an early planning stage. SINEC INS (Infrastructure Network Services) is a web-based application that combines various network services in one tool. SINEMA Remote Connect is a management platform for remote networks that allows simple management of tunnel connections (VPN) between headquarters, service technicians and installed machines or plants.
Siemens Industrial product WIBU system CodeMeter has a heap buffer overflow vulnerability, which is caused by failure to perform correct boundary checks. An attacker could exploit this vulnerability to cause a buffer overflow and execute arbitrary code on the system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202309-0672",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "oseon",
"scope": "lte",
"trust": 1.0,
"vendor": "trumpf",
"version": "3.0.22"
},
{
"model": "tubedesign",
"scope": "lte",
"trust": 1.0,
"vendor": "trumpf",
"version": "14.06.150"
},
{
"model": "programmingtube",
"scope": "lte",
"trust": 1.0,
"vendor": "trumpf",
"version": "4.6.3"
},
{
"model": "trutopsfab",
"scope": "gte",
"trust": 1.0,
"vendor": "trumpf",
"version": "15.00.23.00"
},
{
"model": "teczonebend",
"scope": "lte",
"trust": 1.0,
"vendor": "trumpf",
"version": "23.06.01"
},
{
"model": "trutopsweld",
"scope": "lte",
"trust": 1.0,
"vendor": "trumpf",
"version": "9.0.28148.1"
},
{
"model": "trutops cell sw48",
"scope": "lte",
"trust": 1.0,
"vendor": "trumpf",
"version": "02.26.0"
},
{
"model": "trutopsprint",
"scope": "lte",
"trust": 1.0,
"vendor": "trumpf",
"version": "01.00"
},
{
"model": "trutops",
"scope": "gte",
"trust": 1.0,
"vendor": "trumpf",
"version": "08.00"
},
{
"model": "e-mobility charging suite",
"scope": "lte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.7.0"
},
{
"model": "module type package designer",
"scope": "lt",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.2.0"
},
{
"model": "trutopsfab",
"scope": "lte",
"trust": 1.0,
"vendor": "trumpf",
"version": "22.8.25"
},
{
"model": "trutopsfab storage smallstore",
"scope": "gte",
"trust": 1.0,
"vendor": "trumpf",
"version": "14.06.20"
},
{
"model": "activation wizard",
"scope": "lte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.6"
},
{
"model": "trutops",
"scope": "lte",
"trust": 1.0,
"vendor": "trumpf",
"version": "12.01.00.00"
},
{
"model": "tubedesign",
"scope": "gte",
"trust": 1.0,
"vendor": "trumpf",
"version": "08.00"
},
{
"model": "iol-conf",
"scope": "lte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.7.0"
},
{
"model": "trutopsboost",
"scope": "gte",
"trust": 1.0,
"vendor": "trumpf",
"version": "06.00.23.00"
},
{
"model": "topscalculation",
"scope": "lte",
"trust": 1.0,
"vendor": "trumpf",
"version": "22.00.00"
},
{
"model": "trutopsprint",
"scope": "gte",
"trust": 1.0,
"vendor": "trumpf",
"version": "00.06.00"
},
{
"model": "trutops cell classic",
"scope": "lte",
"trust": 1.0,
"vendor": "trumpf",
"version": "09.09.02"
},
{
"model": "programmingtube",
"scope": "gte",
"trust": 1.0,
"vendor": "trumpf",
"version": "1.0.1"
},
{
"model": "trutopsboost",
"scope": "lte",
"trust": 1.0,
"vendor": "trumpf",
"version": "16.0.22"
},
{
"model": "fl network manager",
"scope": "lte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "7.0"
},
{
"model": "teczonebend",
"scope": "gte",
"trust": 1.0,
"vendor": "trumpf",
"version": "18.02.r8"
},
{
"model": "trutops mark 3d",
"scope": "lte",
"trust": 1.0,
"vendor": "trumpf",
"version": "06.01"
},
{
"model": "codemeter runtime",
"scope": "lt",
"trust": 1.0,
"vendor": "wibu",
"version": "7.60c"
},
{
"model": "trutopsprintmultilaserassistant",
"scope": "gte",
"trust": 1.0,
"vendor": "trumpf",
"version": "01.02"
},
{
"model": "trumpflicenseexpert",
"scope": "gte",
"trust": 1.0,
"vendor": "trumpf",
"version": "1.5.2"
},
{
"model": "trutops mark 3d",
"scope": "gte",
"trust": 1.0,
"vendor": "trumpf",
"version": "01.00"
},
{
"model": "module type package designer",
"scope": "eq",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.2.0"
},
{
"model": "plcnext engineer",
"scope": "lte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "2023.6"
},
{
"model": "trumpflicenseexpert",
"scope": "lte",
"trust": 1.0,
"vendor": "trumpf",
"version": "1.11.1"
},
{
"model": "trutopsweld",
"scope": "gte",
"trust": 1.0,
"vendor": "trumpf",
"version": "7.0.198.241"
},
{
"model": "trutops cell sw48",
"scope": "gte",
"trust": 1.0,
"vendor": "trumpf",
"version": "01.00"
},
{
"model": "tops unfold",
"scope": "eq",
"trust": 1.0,
"vendor": "trumpf",
"version": "05.03.00.00"
},
{
"model": "oseon",
"scope": "gte",
"trust": 1.0,
"vendor": "trumpf",
"version": "1.0.0"
},
{
"model": "topscalculation",
"scope": "gte",
"trust": 1.0,
"vendor": "trumpf",
"version": "14.00"
},
{
"model": "trutopsfab storage smallstore",
"scope": "lte",
"trust": 1.0,
"vendor": "trumpf",
"version": "20.04.20.00"
},
{
"model": "trutopsweld",
"scope": null,
"trust": 0.8,
"vendor": "trumpf",
"version": null
},
{
"model": "programmingtube",
"scope": null,
"trust": 0.8,
"vendor": "trumpf",
"version": null
},
{
"model": "codemeter runtime",
"scope": null,
"trust": 0.8,
"vendor": "wibu",
"version": null
},
{
"model": "trutopsboost",
"scope": null,
"trust": 0.8,
"vendor": "trumpf",
"version": null
},
{
"model": "trutopsprintmultilaserassistant",
"scope": null,
"trust": 0.8,
"vendor": "trumpf",
"version": null
},
{
"model": "trutopsprint",
"scope": null,
"trust": 0.8,
"vendor": "trumpf",
"version": null
},
{
"model": "oseon",
"scope": null,
"trust": 0.8,
"vendor": "trumpf",
"version": null
},
{
"model": "trutops cell sw48",
"scope": null,
"trust": 0.8,
"vendor": "trumpf",
"version": null
},
{
"model": "trutopsfab",
"scope": null,
"trust": 0.8,
"vendor": "trumpf",
"version": null
},
{
"model": "tops unfold",
"scope": null,
"trust": 0.8,
"vendor": "trumpf",
"version": null
},
{
"model": "trutops mark 3d",
"scope": null,
"trust": 0.8,
"vendor": "trumpf",
"version": null
},
{
"model": "trutopsfab storage smallstore",
"scope": null,
"trust": 0.8,
"vendor": "trumpf",
"version": null
},
{
"model": "tubedesign",
"scope": null,
"trust": 0.8,
"vendor": "trumpf",
"version": null
},
{
"model": "trutops",
"scope": null,
"trust": 0.8,
"vendor": "trumpf",
"version": null
},
{
"model": "trumpflicenseexpert",
"scope": null,
"trust": 0.8,
"vendor": "trumpf",
"version": null
},
{
"model": "topscalculation",
"scope": null,
"trust": 0.8,
"vendor": "trumpf",
"version": null
},
{
"model": "teczonebend",
"scope": null,
"trust": 0.8,
"vendor": "trumpf",
"version": null
},
{
"model": "trutops cell classic",
"scope": null,
"trust": 0.8,
"vendor": "trumpf",
"version": null
},
{
"model": "sinec ins",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simit simulation platform",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "sinema remote connect",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc oa",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v3.17"
},
{
"model": "simatic wincc oa",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v3.18"
},
{
"model": "pss cape",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v14\u003cv14.2023-08-23"
},
{
"model": "pss cape",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v15\u003cv15.0.22"
},
{
"model": "pss e",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v34\u003cv34.9.6"
},
{
"model": "pss odms",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v13.0"
},
{
"model": "pss odms",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v13.1\u003cv13.1.12.1"
},
{
"model": "simatic pcs neo",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v3"
},
{
"model": "simatic pcs neo",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v4"
},
{
"model": "simatic wincc oa p006",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v3.19\u003cv3.19"
},
{
"model": "pss e",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v35"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-69811"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-012536"
},
{
"db": "NVD",
"id": "CVE-2023-3935"
}
]
},
"cve": "CVE-2023-3935",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CNVD-2023-69811",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "info@cert.vde.com",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2023-3935",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2023-012536",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "info@cert.vde.com",
"id": "CVE-2023-3935",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2023-3935",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "OTHER",
"id": "JVNDB-2023-012536",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2023-69811",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-69811"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-012536"
},
{
"db": "NVD",
"id": "CVE-2023-3935"
},
{
"db": "NVD",
"id": "CVE-2023-3935"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system. Wibu-Systems AG of CodeMeter Runtime Products from multiple vendors, such as the following, contain out-of-bounds write vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. PSS(R)CAPE is a transmission and distribution network protection simulation software. PSS(R)E is a power system simulation and analysis tool for transmission operation and planning. PSS(R)ODMS is a CIM-based network model management tool with network analysis capabilities for planning and operational planning of transmission utilities. SIMATIC PCS neo is a distributed control system (DCS). SIMATIC WinCC Open Architecture (OA) is part of the SIMATIC HMI family. It is designed for applications requiring a high degree of customer-specific adaptability, large or complex applications, and projects that impose specific system requirements or functionality. SIMIT Simulation Platform allows simulating factory settings to predict failures at an early planning stage. SINEC INS (Infrastructure Network Services) is a web-based application that combines various network services in one tool. SINEMA Remote Connect is a management platform for remote networks that allows simple management of tunnel connections (VPN) between headquarters, service technicians and installed machines or plants. \n\r\n\r\nSiemens Industrial product WIBU system CodeMeter has a heap buffer overflow vulnerability, which is caused by failure to perform correct boundary checks. An attacker could exploit this vulnerability to cause a buffer overflow and execute arbitrary code on the system",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-3935"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-012536"
},
{
"db": "CNVD",
"id": "CNVD-2023-69811"
},
{
"db": "VULMON",
"id": "CVE-2023-3935"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-3935",
"trust": 3.3
},
{
"db": "CERT@VDE",
"id": "VDE-2023-031",
"trust": 1.9
},
{
"db": "CERT@VDE",
"id": "VDE-2023-030",
"trust": 1.8
},
{
"db": "JVN",
"id": "JVNVU92598492",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU92008538",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU98137233",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-24-004-01",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-23-320-03",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-23-257-06",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-012536",
"trust": 0.8
},
{
"db": "SIEMENS",
"id": "SSA-240541",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2023-69811",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-3935",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-69811"
},
{
"db": "VULMON",
"id": "CVE-2023-3935"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-012536"
},
{
"db": "NVD",
"id": "CVE-2023-3935"
}
]
},
"id": "VAR-202309-0672",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-69811"
}
],
"trust": 1.1685151266666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-69811"
}
]
},
"last_update_date": "2024-08-14T12:13:07.282000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Siemens Industrial product WIBU system CodeMeter heap buffer overflow vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/460931"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-69811"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-012536"
},
{
"db": "NVD",
"id": "CVE-2023-3935"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/advisorywibu-230704-01-v3.0.pdf"
},
{
"trust": 1.9,
"url": "https://cert.vde.com/en/advisories/vde-2023-031/"
},
{
"trust": 1.8,
"url": "https://cert.vde.com/en/advisories/vde-2023-030/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98137233/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92598492/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92008538/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-3935"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-257-06"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-03"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-004-01"
},
{
"trust": 0.6,
"url": "https://cert-portal.siemens.com/productcert/html/ssa-240541.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-69811"
},
{
"db": "VULMON",
"id": "CVE-2023-3935"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-012536"
},
{
"db": "NVD",
"id": "CVE-2023-3935"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2023-69811"
},
{
"db": "VULMON",
"id": "CVE-2023-3935"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-012536"
},
{
"db": "NVD",
"id": "CVE-2023-3935"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-09-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-69811"
},
{
"date": "2023-09-13T00:00:00",
"db": "VULMON",
"id": "CVE-2023-3935"
},
{
"date": "2023-12-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-012536"
},
{
"date": "2023-09-13T14:15:09.147000",
"db": "NVD",
"id": "CVE-2023-3935"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-69811"
},
{
"date": "2023-09-13T00:00:00",
"db": "VULMON",
"id": "CVE-2023-3935"
},
{
"date": "2024-01-09T02:47:00",
"db": "JVNDB",
"id": "JVNDB-2023-012536"
},
{
"date": "2024-01-25T20:24:58.783000",
"db": "NVD",
"id": "CVE-2023-3935"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Wibu-Systems\u00a0AG\u00a0 of \u00a0CodeMeter\u00a0Runtime\u00a0 Out-of-bounds write vulnerability in products from multiple vendors such as",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-012536"
}
],
"trust": 0.8
}
}
var-202009-0319
Vulnerability from variot
CodeMeter (All versions prior to 6.81) and the software using it may crash while processing a specifically crafted license file due to unverified length fields. CodeMeter Is vulnerable to input validation.Denial of service (DoS) It may be put into a state. SPPA-S2000 simulates the automation component (S7) of the nuclear DCS system SPPA-T2000. SPPA-S3000 simulates the automation components of DCS system SPPA-T3000. SPPA-T3000 is a distributed control system, mainly used in fossil and large renewable energy power plants.
Many Siemens products have security vulnerabilities. Attackers can use vulnerabilities to crash software
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202009-0319",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "codemeter",
"scope": "lt",
"trust": 1.0,
"vendor": "wibu",
"version": "6.81"
},
{
"model": "codemeter",
"scope": null,
"trust": 0.8,
"vendor": "wibu",
"version": null
},
{
"model": "codemeter",
"scope": "eq",
"trust": 0.8,
"vendor": "wibu",
"version": null
},
{
"model": "codemeter",
"scope": "eq",
"trust": 0.8,
"vendor": "wibu",
"version": "6.81"
},
{
"model": "sppa-s2000",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "3.04"
},
{
"model": "sppa-s2000",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "3.06"
},
{
"model": "sppa-t3000 r8.2 sp2",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "sppa-s3000",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "3.05"
},
{
"model": "process historian",
"scope": "lte",
"trust": 0.6,
"vendor": "siemens",
"version": "\u003c=2019"
},
{
"model": "simatic pcs neo",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simit simulation platform",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "sinema remote connect",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51244"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011220"
},
{
"db": "NVD",
"id": "CVE-2020-14513"
}
]
},
"cve": "CVE-2020-14513",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-14513",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-51244",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-14513",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-14513",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-14513",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-14513",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-51244",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202009-483",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51244"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011220"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-483"
},
{
"db": "NVD",
"id": "CVE-2020-14513"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CodeMeter (All versions prior to 6.81) and the software using it may crash while processing a specifically crafted license file due to unverified length fields. CodeMeter Is vulnerable to input validation.Denial of service (DoS) It may be put into a state. SPPA-S2000 simulates the automation component (S7) of the nuclear DCS system SPPA-T2000. SPPA-S3000 simulates the automation components of DCS system SPPA-T3000. SPPA-T3000 is a distributed control system, mainly used in fossil and large renewable energy power plants. \n\r\n\r\nMany Siemens products have security vulnerabilities. Attackers can use vulnerabilities to crash software",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-14513"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011220"
},
{
"db": "CNVD",
"id": "CNVD-2020-51244"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-14513",
"trust": 3.8
},
{
"db": "ICS CERT",
"id": "ICSA-20-203-01",
"trust": 2.4
},
{
"db": "JVN",
"id": "JVNVU90770748",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU94568336",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011220",
"trust": 0.8
},
{
"db": "SIEMENS",
"id": "SSA-455843",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2020-51244",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3076.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3076.3",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3076",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022021806",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202009-483",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51244"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011220"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-483"
},
{
"db": "NVD",
"id": "CVE-2020-14513"
}
]
},
"id": "VAR-202009-0319",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51244"
}
],
"trust": 1.42845470375
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51244"
}
]
},
"last_update_date": "2024-11-23T20:38:38.780000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CodeMeter",
"trust": 0.8,
"url": "https://www.wibu.com/products/codemeter.html"
},
{
"title": "Patch for Improper input verification vulnerabilities in multiple Siemens products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/233338"
},
{
"title": "ARC Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=127904"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51244"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011220"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-483"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
},
{
"problemtype": "Incorrect input confirmation (CWE-20) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-011220"
},
{
"db": "NVD",
"id": "CVE-2020-14513"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14513"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu94568336/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90770748/"
},
{
"trust": 0.6,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-455843.pdf"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/siemens-simatic-six-vulnerabilities-via-wibu-systems-codemeter-runtime-33282"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022021806"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3076.2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3076.3/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3076/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51244"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011220"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-483"
},
{
"db": "NVD",
"id": "CVE-2020-14513"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-51244"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011220"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-483"
},
{
"db": "NVD",
"id": "CVE-2020-14513"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-51244"
},
{
"date": "2021-03-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-011220"
},
{
"date": "2020-09-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-483"
},
{
"date": "2020-09-16T20:15:13.473000",
"db": "NVD",
"id": "CVE-2020-14513"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-51244"
},
{
"date": "2022-03-15T05:04:00",
"db": "JVNDB",
"id": "JVNDB-2020-011220"
},
{
"date": "2022-02-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-483"
},
{
"date": "2024-11-21T05:03:25.957000",
"db": "NVD",
"id": "CVE-2020-14513"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-483"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CodeMeter\u00a0 Input confirmation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-011220"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-483"
}
],
"trust": 0.6
}
}