Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-9273 (GCVE-0-2020-9273)
Vulnerability from cvelistv5
Published
2020-02-20 15:22
Modified
2024-08-04 10:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:26:16.038Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/proftpd/proftpd/issues/903"
},
{
"name": "[debian-lts-announce] 20200221 [SECURITY] [DLA 2115-1] proftpd-dfsg security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00022.html"
},
{
"name": "DSA-4635",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4635"
},
{
"name": "FEDORA-2020-76c707cff0",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XHO3S5WPRRP7VGKIAHLYQVEYW5HRYIJN/"
},
{
"name": "FEDORA-2020-876b1f664e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCUPRYSJR7XOM3HQ6H5M4OGDU7OHCHBF/"
},
{
"name": "openSUSE-SU-2020:0273",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00002.html"
},
{
"name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2115-2] proftpd-dfsg regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00002.html"
},
{
"name": "GLSA-202003-35",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-35"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-679335.pdf"
},
{
"name": "[oss-security] 20210824 Possible memory leak on getspnam / getspnam_r",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/08/25/1"
},
{
"name": "[oss-security] 20210906 Re: Possible memory leak on getspnam / getspnam_r",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/09/06/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-06T20:06:05",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/proftpd/proftpd/issues/903"
},
{
"name": "[debian-lts-announce] 20200221 [SECURITY] [DLA 2115-1] proftpd-dfsg security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00022.html"
},
{
"name": "DSA-4635",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4635"
},
{
"name": "FEDORA-2020-76c707cff0",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XHO3S5WPRRP7VGKIAHLYQVEYW5HRYIJN/"
},
{
"name": "FEDORA-2020-876b1f664e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCUPRYSJR7XOM3HQ6H5M4OGDU7OHCHBF/"
},
{
"name": "openSUSE-SU-2020:0273",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00002.html"
},
{
"name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2115-2] proftpd-dfsg regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00002.html"
},
{
"name": "GLSA-202003-35",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202003-35"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-679335.pdf"
},
{
"name": "[oss-security] 20210824 Possible memory leak on getspnam / getspnam_r",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/08/25/1"
},
{
"name": "[oss-security] 20210906 Re: Possible memory leak on getspnam / getspnam_r",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/09/06/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-9273",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES",
"refsource": "CONFIRM",
"url": "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES"
},
{
"name": "https://github.com/proftpd/proftpd/issues/903",
"refsource": "CONFIRM",
"url": "https://github.com/proftpd/proftpd/issues/903"
},
{
"name": "[debian-lts-announce] 20200221 [SECURITY] [DLA 2115-1] proftpd-dfsg security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00022.html"
},
{
"name": "DSA-4635",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4635"
},
{
"name": "FEDORA-2020-76c707cff0",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XHO3S5WPRRP7VGKIAHLYQVEYW5HRYIJN/"
},
{
"name": "FEDORA-2020-876b1f664e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCUPRYSJR7XOM3HQ6H5M4OGDU7OHCHBF/"
},
{
"name": "openSUSE-SU-2020:0273",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00002.html"
},
{
"name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2115-2] proftpd-dfsg regression update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00002.html"
},
{
"name": "GLSA-202003-35",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-35"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-679335.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-679335.pdf"
},
{
"name": "[oss-security] 20210824 Possible memory leak on getspnam / getspnam_r",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/08/25/1"
},
{
"name": "[oss-security] 20210906 Re: Possible memory leak on getspnam / getspnam_r",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/09/06/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-9273",
"datePublished": "2020-02-20T15:22:53",
"dateReserved": "2020-02-19T00:00:00",
"dateUpdated": "2024-08-04T10:26:16.038Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2020-9273\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2020-02-20T16:15:11.950\",\"lastModified\":\"2024-11-21T05:40:19.713\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution.\"},{\"lang\":\"es\",\"value\":\"En ProFTPD versi\u00f3n 1.3.7, es posible corromper los grupos de memoria mediante la interrupci\u00f3n del canal de transferencia de datos. Esto conlleva a un uso de la memoria previamente liberada en la funci\u00f3n alloc_pool en el archivo pool.c, y una posible ejecuci\u00f3n de c\u00f3digo remota.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:C/I:C/A:C\",\"baseScore\":9.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:proftpd:proftpd:1.3.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9840D8DB-F09B-47C2-871E-89247B841871\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97A4B8DF-58DA-4AB6-A1F9-331B36409BA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80F0FA5D-8D3B-4C0E-81E2-87998286AF33\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:opensuse:backports_sle:15.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"D83DA865-E4A6-4FBF-AA1B-A969EBA6B2AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"40513095-7E6E-46B3-B604-C926F1BA3568\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_net_cp_1545-1_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7A46FF27-6B0D-4606-9D7B-45912556416F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_net_cp_1545-1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1256EB4B-DD8A-4F99-AE69-F74E8F789C63\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_net_cp_1543-1_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.0\",\"matchCriteriaId\":\"572DFEC6-64D6-4187-91AB-571504E3F571\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_net_cp_1543-1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F56C2BDC-928E-491A-8E7C-F976B3787C7A\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00002.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2021/08/25/1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2021/09/06/2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-679335.pdf\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/proftpd/proftpd/issues/903\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/02/msg00022.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/03/msg00002.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCUPRYSJR7XOM3HQ6H5M4OGDU7OHCHBF/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XHO3S5WPRRP7VGKIAHLYQVEYW5HRYIJN/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.gentoo.org/glsa/202003-35\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4635\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2021/08/25/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2021/09/06/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-679335.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/proftpd/proftpd/issues/903\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/02/msg00022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/03/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCUPRYSJR7XOM3HQ6H5M4OGDU7OHCHBF/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XHO3S5WPRRP7VGKIAHLYQVEYW5HRYIJN/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202003-35\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4635\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
CERTFR-2021-AVI-608
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | SIMATIC NET CP 1545-1 | ||
| Siemens | N/A | SIMATIC Drive Controller family versions antérieures à V2.9.2 | ||
| Siemens | N/A | SIMATIC S7-1500 Software Controller | ||
| Siemens | N/A | TIM 1531 IRC (incl. SIPLUS NET variants) versions antérieures à V2.2 | ||
| Siemens | N/A | Automation License Manager 6 versions antérieures à V6.0 SP9 Update 2 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) versions antérieures à V2.9.2 | ||
| Siemens | N/A | SINEC NMS versions antérieures à V1.0 SP2 | ||
| Siemens | N/A | Automation License Manager 5 | ||
| Siemens | N/A | SIMATIC S7-1200 CPU family (incl. SIPLUS variants) versions V4.4.x antérieures à V4.4.1 | ||
| Siemens | N/A | SIMATIC S7-1200 CPU family (incl. SIPLUS variants) versions V4.5.x antérieures à V4.5.1 | ||
| Siemens | N/A | SIMATIC S7 PLCSIM Advanced versions antérieures à V4 | ||
| Siemens | N/A | T2Go versions antérieures à V13.2.0.2 | ||
| Siemens | N/A | Solid Edge SE2021 versions antérieures à SE2021MP7 | ||
| Siemens | N/A | Teamcenter Visualization versions antérieures à V13.2.0.2 | ||
| Siemens | N/A | SGT-100, SGT-200, SGT-300, SGT-400, SGT-A20, SGT-A35 et SGT-A65 | ||
| Siemens | N/A | de nombreux produits SIMATIC et SINUMERIK (cf. avis de sécurité ssa-309571) | ||
| Siemens | N/A | SIMATIC NET CP 1543-1 (incl. SIPLUS NET variants) versions antérieures à V3.0 | ||
| Siemens | N/A | SIMATIC ET 200SP Open Controller CPU 515SP PC2 (incl. SIPLUS variants) |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SIMATIC NET CP 1545-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Drive Controller family versions ant\u00e9rieures \u00e0 V2.9.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 Software Controller",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIM 1531 IRC (incl. SIPLUS NET variants) versions ant\u00e9rieures \u00e0 V2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Automation License Manager 6 versions ant\u00e9rieures \u00e0 V6.0 SP9 Update 2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) versions ant\u00e9rieures \u00e0 V2.9.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEC NMS versions ant\u00e9rieures \u00e0 V1.0 SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Automation License Manager 5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants) versions V4.4.x ant\u00e9rieures \u00e0 V4.4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants) versions V4.5.x ant\u00e9rieures \u00e0 V4.5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7 PLCSIM Advanced versions ant\u00e9rieures \u00e0 V4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "T2Go versions ant\u00e9rieures \u00e0 V13.2.0.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Solid Edge SE2021 versions ant\u00e9rieures \u00e0 SE2021MP7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter Visualization versions ant\u00e9rieures \u00e0 V13.2.0.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SGT-100, SGT-200, SGT-300, SGT-400, SGT-A20, SGT-A35 et SGT-A65",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "de nombreux produits SIMATIC et SINUMERIK (cf. avis de s\u00e9curit\u00e9 ssa-309571)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC NET CP 1543-1 (incl. SIPLUS NET variants) versions ant\u00e9rieures \u00e0 V3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET 200SP Open Controller CPU 515SP PC2 (incl. SIPLUS variants)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-33721",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33721"
},
{
"name": "CVE-2021-32944",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32944"
},
{
"name": "CVE-2021-37178",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37178"
},
{
"name": "CVE-2021-32936",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32936"
},
{
"name": "CVE-2016-20009",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-20009"
},
{
"name": "CVE-2021-33717",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33717"
},
{
"name": "CVE-2021-32946",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32946"
},
{
"name": "CVE-2020-12360",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12360"
},
{
"name": "CVE-2020-9272",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9272"
},
{
"name": "CVE-2021-32938",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32938"
},
{
"name": "CVE-2021-32940",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32940"
},
{
"name": "CVE-2020-8703",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8703"
},
{
"name": "CVE-2020-12357",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12357"
},
{
"name": "CVE-2021-32948",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32948"
},
{
"name": "CVE-2021-37172",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37172"
},
{
"name": "CVE-2020-24513",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24513"
},
{
"name": "CVE-2021-32952",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32952"
},
{
"name": "CVE-2020-24507",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24507"
},
{
"name": "CVE-2021-33738",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33738"
},
{
"name": "CVE-2020-12358",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12358"
},
{
"name": "CVE-2021-32950",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32950"
},
{
"name": "CVE-2020-9273",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9273"
},
{
"name": "CVE-2021-37180",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37180"
},
{
"name": "CVE-2020-8670",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8670"
},
{
"name": "CVE-2020-8704",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8704"
},
{
"name": "CVE-2021-25659",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25659"
},
{
"name": "CVE-2020-24486",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24486"
},
{
"name": "CVE-2020-24506",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24506"
},
{
"name": "CVE-2020-24512",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24512"
},
{
"name": "CVE-2021-37179",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37179"
},
{
"name": "CVE-2020-24511",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24511"
},
{
"name": "CVE-2020-28397",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28397"
}
],
"initial_release_date": "2021-08-10T00:00:00",
"last_revision_date": "2021-08-10T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-608",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-08-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-309571 du 10 ao\u00fbt 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-865327 du 10 ao\u00fbt 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-865327.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-365397 du 10 ao\u00fbt 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-938030 du 10 ao\u00fbt 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-938030.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-679335 du 10 ao\u00fbt 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-679335.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-553445 du 10 ao\u00fbt 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-553445.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-158827 du 10 ao\u00fbt 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-158827.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-818688 du 10 ao\u00fbt 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-818688.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-756744 du 10 ao\u00fbt 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-756744.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-830194 du 10 ao\u00fbt 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-830194.pdf"
}
]
}
CERTFR-2022-AVI-547
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | SCALANCE XR526-8C, 2x230V (6GK5526-8GS00-4AR2) versions antérieures à V6.5 | ||
| Siemens | N/A | SICAM GridEdge Essential with GDS ARM (6MD7881-2AA10) versions antérieures à V2.6.6 | ||
| Siemens | N/A | SCALANCE M876-3 (EVDO) (6GK5876-3AA02-2BA2) toutes versions | ||
| Siemens | N/A | SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) toutes versions | ||
| Siemens | N/A | TALON TC Compact (BACnet) versions antérieures à V3.5 | ||
| Siemens | N/A | SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) toutes versions | ||
| Siemens | N/A | SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) toutes versions | ||
| Siemens | N/A | SIMATIC RF650R (6GT2811-6AB20) versions antérieures à V4.0.1 | ||
| Siemens | N/A | SIMATIC RF610R (6GT2811-6BC10) versions antérieures à V4.0.1 | ||
| Siemens | N/A | SCALANCE XR526-8C, 1x230V (L3 int.) (6GK5526-8GR00-3AR2) versions antérieures à V6.5 | ||
| Siemens | N/A | EN100 Ethernet module IEC 104 variant toutes versions | ||
| Siemens | N/A | SICAM GridEdge Essential ARM (6MD7881-2AA30) versions antérieures à V2.6.6 | ||
| Siemens | N/A | SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) toutes versions | ||
| Siemens | N/A | Teamcenter V12.4 versions antérieures à V12.4.0.13 | ||
| Siemens | N/A | SCALANCE XR524-8C, 1x230V (L3 int.) (6GK5524-8GR00-3AR2) versions antérieures à V6.5 | ||
| Siemens | N/A | SCALANCE XR524-8C, 2x230V (L3 int.) (6GK5524-8GR00-4AR2) versions antérieures à V6.5 | ||
| Siemens | N/A | SCALANCE M804PB (6GK5804-0AP00-2AA2) toutes versions | ||
| Siemens | N/A | APOGEE PXC Modular (BACnet) versions antérieures à V3.5 | ||
| Siemens | N/A | SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) toutes versions | ||
| Siemens | N/A | EN100 Ethernet module IEC 61850 variant versions antérieures à V4.37 | ||
| Siemens | N/A | Xpedition Designer versions antérieures à X.2.11 | ||
| Siemens | N/A | SIMATIC NET PC Software V15 toutes versions | ||
| Siemens | N/A | SIMATIC RF186C (6GT2002-0JE20) versions antérieures à V2.0.1 | ||
| Siemens | N/A | SCALANCE M816-1 ADSL-Router (Annex A) (6GK5816-1AA00-2AA2) toutes versions | ||
| Siemens | N/A | SIMATIC CP 1543-1 (incl. SIPLUS variants) versions antérieures à V3.0 | ||
| Siemens | N/A | SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) toutes versions | ||
| Siemens | N/A | SCALANCE XR552-12M (2HR2) (6GK5552-0AA00-2HR2) versions antérieures à V6.5 | ||
| Siemens | N/A | SCALANCE M812-1 ADSL-Router (Annex A) (6GK5812-1AA00-2AA2) toutes versions | ||
| Siemens | N/A | SIMATIC WinCC (TIA Portal) toutes versions | ||
| Siemens | N/A | EN100 Ethernet module Modbus TCP variant toutes versions | ||
| Siemens | N/A | SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) toutes versions | ||
| Siemens | N/A | SIMATIC RF188C (6GT2002-0JE40) versions antérieures à V2.0.1 | ||
| Siemens | N/A | SINAUT Software ST7sc toutes versions | ||
| Siemens | N/A | SIMATIC STEP 7 V5.X toutes versions | ||
| Siemens | N/A | SIMATIC RF166C (6GT2002-0EE20) versions antérieures à V2.0.1 | ||
| Siemens | N/A | Teamcenter V13.0 versions antérieures à V13.0.0.9 | ||
| Siemens | N/A | SCALANCE M812-1 ADSL-Router (Annex B) (6GK5812-1BA00-2AA2) toutes versions | ||
| Siemens | N/A | SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) toutes versions | ||
| Siemens | N/A | SIMATIC CP 1543-1 (6GK7543-1AX00-0XE0) toutes versions | ||
| Siemens | N/A | SIMATIC CP 343-1 Advanced (6GK7343-1GX31-0XE0) toutes versions | ||
| Siemens | N/A | SIMATIC CP 1626 (6GK1162-6AA01) toutes versions | ||
| Siemens | N/A | TIA Portal V15 toutes versions | ||
| Siemens | N/A | SCALANCE XM408-8C (L3 int.) (6GK5408-8GR00-2AM2) versions antérieures à V6.5 | ||
| Siemens | N/A | SIMATIC Cloud Connect 7 CC716 (6GK1411-5AC00) toutes versions | ||
| Siemens | N/A | RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) toutes versions | ||
| Siemens | N/A | SIMATIC NET PC Software V14 toutes versions | ||
| Siemens | N/A | APOGEE PXC Compact (P2 Ethernet) toutes versions | ||
| Siemens | N/A | RUGGEDCOM CROSSBOW Station Access Controller toutes versions | ||
| Siemens | N/A | SCALANCE XR528-6M (6GK5528-0AA00-2AR2) versions antérieures à V6.5 | ||
| Siemens | N/A | SIMATIC RF188CI (6GT2002-0JE60) versions antérieures à V2.0.1 | ||
| Siemens | N/A | SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) toutes versions | ||
| Siemens | N/A | SICAM GridEdge Essential Intel (6MD7881-2AA40) versions antérieures à V2.6.6 | ||
| Siemens | N/A | TIA Portal V16 toutes versions | ||
| Siemens | N/A | SIMATIC PDM toutes versions | ||
| Siemens | N/A | Spectrum Power 4 toutes versions using Shared HIS | ||
| Siemens | N/A | SIPLUS NET CP 1543-1 (6AG1543-1AX00-2XE0) toutes versions | ||
| Siemens | N/A | SCALANCE XR552-12M (6GK5552-0AA00-2AR2) versions antérieures à V6.5 | ||
| Siemens | N/A | SIMATIC NET PC Software V16 toutes versions | ||
| Siemens | N/A | SIMATIC CP 1545-1 (6GK7545-1GX00-0XE0) toutes versions | ||
| Siemens | N/A | SIMATIC MV540 H (6GF3540-0GE10) toutes versions | ||
| Siemens | N/A | SIMATIC RF360R (6GT2801-5BA30) versions antérieures à V2.0.1 | ||
| Siemens | N/A | SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) toutes versions | ||
| Siemens | N/A | SIMATIC STEP 7 (TIA Portal) toutes versions | ||
| Siemens | N/A | SCALANCE XR526-8C, 2x230V (L3 int.) (6GK5526-8GR00-4AR2) versions antérieures à V6.5 | ||
| Siemens | N/A | SCALANCE XR526-8C, 1x230V (6GK5526-8GS00-3AR2) versions antérieures à V6.5 | ||
| Siemens | N/A | SCALANCE XM408-4C (6GK5408-4GP00-2AM2) versions antérieures à V6.5 | ||
| Siemens | N/A | SCALANCE XM408-4C (L3 int.) (6GK5408-4GQ00-2AM2) versions antérieures à V6.5 | ||
| Siemens | N/A | SINUMERIK Edge versions antérieures à V3.3.0 | ||
| Siemens | N/A | SCALANCE LPE9403 (6GK5998-3GS00-2AC2) versions antérieures à V2.0 | ||
| Siemens | N/A | Spectrum Power MGMS toutes versions using Shared HIS | ||
| Siemens | N/A | SCALANCE XR526-8C, 24V (L3 int.) (6GK5526-8GR00-2AR2) versions antérieures à V6.5 | ||
| Siemens | N/A | SIMATIC ET 200SP Open Controller (incl. SIPLUS variants) toutes versions | ||
| Siemens | N/A | SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) toutes versions | ||
| Siemens | N/A | Teamcenter V13.2 toutes versions | ||
| Siemens | N/A | SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) toutes versions | ||
| Siemens | N/A | RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) toutes versions | ||
| Siemens | N/A | SIMATIC CP 1545-1 (6GK7545-1GX00-0XE0) versions antérieures à V1.1 | ||
| Siemens | N/A | SCALANCE S615 (6GK5615-0AA00-2AA2) toutes versions | ||
| Siemens | N/A | SCALANCE M874-3 (6GK5874-3AA00-2AA2) toutes versions | ||
| Siemens | N/A | RUGGEDCOM ROX Series toutes versions | ||
| Siemens | N/A | SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) toutes versions | ||
| Siemens | N/A | SIMATIC RF185C (6GT2002-0JE10) versions antérieures à V2.0.1 | ||
| Siemens | N/A | SCALANCE XR528-6M (2HR2, L3 int.) (6GK5528-0AR00-2HR2) versions antérieures à V6.5 | ||
| Siemens | N/A | SCALANCE MUM853-1 (RoW) (6GK5853-2EA00-2AA1) toutes versions | ||
| Siemens | N/A | EN100 Ethernet module PROFINET IO variant toutes versions | ||
| Siemens | N/A | SCALANCE XR524-8C, 24V (6GK5524-8GS00-2AR2) versions antérieures à V6.5 | ||
| Siemens | N/A | TIA Portal Cloud toutes versions | ||
| Siemens | N/A | SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) toutes versions | ||
| Siemens | N/A | SIMATIC S7-PLCSIM Advanced toutes versions | ||
| Siemens | N/A | SINEMA Remote Connect Server versions antérieures à V3.1 | ||
| Siemens | N/A | SIMATIC Logon toutes versions | ||
| Siemens | N/A | SCALANCE M874-2 (6GK5874-2AA00-2AA2) toutes versions | ||
| Siemens | N/A | SIMATIC MV550 S (6GF3550-0CD10) toutes versions | ||
| Siemens | N/A | SIMATIC MV550 H (6GF3550-0GE10) toutes versions | ||
| Siemens | N/A | TIM 1531 IRC (6GK7543-1MX00-0XE0) toutes versions | ||
| Siemens | N/A | SIPLUS NET CP 343-1 Advanced (6AG1343-1GX31-4XE0) toutes versions | ||
| Siemens | N/A | Mendix SAML Module (Mendix 8 compatible) versions antérieures à 2.2.2 | ||
| Siemens | N/A | APOGEE PXC Modular (P2 Ethernet) toutes versions | ||
| Siemens | N/A | Teamcenter V13.3 versions antérieures à V13.3.0.3 | ||
| Siemens | N/A | SCALANCE XR552-12M (2HR2) (6GK5552-0AR00-2HR2) versions antérieures à V6.5 | ||
| Siemens | N/A | Teamcenter Active Workspace V6.0 versions antérieures à V6.0.3 | ||
| Siemens | N/A | SIMATIC S7-1200 CPU family (incl. SIPLUS variants) toutes versions | ||
| Siemens | N/A | SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) toutes versions | ||
| Siemens | N/A | SCALANCE SC622-2C (6GK5622-2GS00-2AC2) toutes versions versions antérieures à V2.3.1 | ||
| Siemens | N/A | Mendix SAML Module (Mendix 7 compatible) versions antérieures à 1.16.6 | ||
| Siemens | N/A | EN100 Ethernet module DNP3 IP variant toutes versions | ||
| Siemens | N/A | SCALANCE XM416-4C (6GK5416-4GS00-2AM2) versions antérieures à V6.5 | ||
| Siemens | N/A | SCALANCE M816-1 ADSL-Router (Annex B) (6GK5816-1BA00-2AA2) toutes versions | ||
| Siemens | N/A | Industrial Edge - PROFINET IO Connector toutes versions | ||
| Siemens | N/A | SCALANCE XM416-4C (L3 int.) (6GK5416-4GR00-2AM2) versions antérieures à V6.5 | ||
| Siemens | N/A | SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) toutes versions | ||
| Siemens | N/A | RUGGEDCOM ROS Series toutes versions | ||
| Siemens | N/A | TIA Portal V17 toutes versions | ||
| Siemens | N/A | TALON TC Modular (BACnet) versions antérieures à V3.5 | ||
| Siemens | N/A | SIMATIC PCS 7 TeleControl toutes versions | ||
| Siemens | N/A | APOGEE PXC Compact (BACnet) versions antérieures à V3.5 | ||
| Siemens | N/A | SCALANCE MUM856-1 (NAM) (6GK5856-2EA00-3BA1) toutes versions | ||
| Siemens | N/A | SIMATIC RF685R (6GT2811-6CA10) versions antérieures à V4.0.1 | ||
| Siemens | N/A | SINEMA Server V14 toutes versions | ||
| Siemens | N/A | SCALANCE SC646-2C (6GK5646-2GS00-2AC2) toutes versions versions antérieures à V2.3.1 | ||
| Siemens | N/A | SIMATIC RF680R (6GT2811-6AA10) versions antérieures à V4.0.1 | ||
| Siemens | N/A | SIMATIC MV560 U (6GF3560-0LE10) toutes versions | ||
| Siemens | N/A | Industrial Edge - SIMATIC S7 Connector App versions antérieures à V1.7.0 | ||
| Siemens | N/A | SINEC INS toutes versions | ||
| Siemens | N/A | SCALANCE XR524-8C, 24V (L3 int.) (6GK5524-8GR00-2AR2) versions antérieures à V6.5 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) toutes versions | ||
| Siemens | N/A | SCALANCE XR524-8C, 2x230V (6GK5524-8GS00-4AR2) versions antérieures à V6.5 | ||
| Siemens | N/A | SCALANCE SC636-2C (6GK5636-2GS00-2AC2) toutes versions versions antérieures à V2.3.1 | ||
| Siemens | N/A | TIA Administrator toutes versions | ||
| Siemens | N/A | SCALANCE XR526-8C, 24V (6GK5526-8GS00-2AR2) versions antérieures à V6.5 | ||
| Siemens | N/A | TeleControl Server Basic V3 toutes versions | ||
| Siemens | N/A | SINAUT ST7CC toutes versions | ||
| Siemens | N/A | SCALANCE XM408-8C (6GK5408-8GS00-2AM2) versions antérieures à V6.5 | ||
| Siemens | N/A | SCALANCE XR552-12M (2HR2, L3 int.) (6GK5552-0AR00-2AR2) versions antérieures à V6.5 | ||
| Siemens | N/A | SCALANCE XR528-6M (2HR2) (6GK5528-0AA00-2HR2) versions antérieures à V6.5 | ||
| Siemens | N/A | SIMATIC NET PC Software V17 toutes versions | ||
| Siemens | N/A | Spectrum Power 7 toutes versions using Shared HIS | ||
| Siemens | N/A | SIMATIC MV560 X (6GF3560-0HE10) toutes versions | ||
| Siemens | N/A | SIMATIC S7-1500 Software Controller (incl. F) toutes versions | ||
| Siemens | N/A | SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) toutes versions | ||
| Siemens | N/A | SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) toutes versions | ||
| Siemens | N/A | SINEMA Remote Connect Server versions antérieures à 3.0 SP2 | ||
| Siemens | N/A | Industrial Edge - OPC UA Connector toutes versions | ||
| Siemens | N/A | Teamcenter Active Workspace V5.2 versions antérieures à V5.2.9 | ||
| Siemens | N/A | SCALANCE SC642-2C (6GK5642-2GS00-2AC2) toutes versions versions antérieures à V2.3.1 | ||
| Siemens | N/A | SINEC NMS toutes versions | ||
| Siemens | N/A | Mendix SAML Module (Mendix 9 compatible) versions antérieures à 3.2.3 | ||
| Siemens | N/A | Teamcenter V14.0 toutes versions | ||
| Siemens | N/A | SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) toutes versions | ||
| Siemens | N/A | SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) toutes versions | ||
| Siemens | N/A | SIMATIC RF615R (6GT2811-6CC10) versions antérieures à V4.0.1 | ||
| Siemens | N/A | SIMATIC Cloud Connect 7 CC712 (6GK1411-1AC00) toutes versions | ||
| Siemens | N/A | SIMATIC RF186CI (6GT2002-0JE50) versions antérieures à V2.0.1 | ||
| Siemens | N/A | SCALANCE XR528-6M (L3 int.) (6GK5528-0AR00-2AR2) versions antérieures à V6.5 | ||
| Siemens | N/A | SCALANCE XR524-8C, 1x230V (6GK5524-8GS00-3AR2) versions antérieures à V6.5 | ||
| Siemens | N/A | SIMATIC CP 1628 (6GK1162-8AA00) toutes versions | ||
| Siemens | N/A | SICAM GridEdge Essential with GDS Intel (6MD7881-2AA20) versions antérieures à V2.6.6 | ||
| Siemens | N/A | Teamcenter V13.1 versions antérieures à V13.1.0.9 | ||
| Siemens | N/A | SCALANCE SC632-2C (6GK5632-2GS00-2AC2) toutes versions versions antérieures à V2.3.1 | ||
| Siemens | N/A | SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) toutes versions | ||
| Siemens | N/A | SIMATIC MV540 S (6GF3540-0CD10) toutes versions | ||
| Siemens | N/A | SIMATIC CP 443-1 OPC UA (6GK7443-1UX00-0XE0) toutes versions | ||
| Siemens | N/A | SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) toutes versions | ||
| Siemens | N/A | SIMATIC PCS neo toutes versions | ||
| Siemens | N/A | RUGGEDCOM NMS toutes versions |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SCALANCE XR526-8C, 2x230V (6GK5526-8GS00-4AR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SICAM GridEdge Essential with GDS ARM (6MD7881-2AA10) versions ant\u00e9rieures \u00e0 V2.6.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M876-3 (EVDO) (6GK5876-3AA02-2BA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TALON TC Compact (BACnet) versions ant\u00e9rieures \u00e0 V3.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF650R (6GT2811-6AB20) versions ant\u00e9rieures \u00e0 V4.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF610R (6GT2811-6BC10) versions ant\u00e9rieures \u00e0 V4.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR526-8C, 1x230V (L3 int.) (6GK5526-8GR00-3AR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "EN100 Ethernet module IEC 104 variant toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SICAM GridEdge Essential ARM (6MD7881-2AA30) versions ant\u00e9rieures \u00e0 V2.6.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter V12.4 versions ant\u00e9rieures \u00e0 V12.4.0.13",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR524-8C, 1x230V (L3 int.) (6GK5524-8GR00-3AR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR524-8C, 2x230V (L3 int.) (6GK5524-8GR00-4AR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M804PB (6GK5804-0AP00-2AA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "APOGEE PXC Modular (BACnet) versions ant\u00e9rieures \u00e0 V3.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "EN100 Ethernet module IEC 61850 variant versions ant\u00e9rieures \u00e0 V4.37",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Xpedition Designer versions ant\u00e9rieures \u00e0 X.2.11",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC NET PC Software V15 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF186C (6GT2002-0JE20) versions ant\u00e9rieures \u00e0 V2.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M816-1 ADSL-Router (Annex A) (6GK5816-1AA00-2AA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1543-1 (incl. SIPLUS variants) versions ant\u00e9rieures \u00e0 V3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR552-12M (2HR2) (6GK5552-0AA00-2HR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M812-1 ADSL-Router (Annex A) (6GK5812-1AA00-2AA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC (TIA Portal) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "EN100 Ethernet module Modbus TCP variant toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF188C (6GT2002-0JE40) versions ant\u00e9rieures \u00e0 V2.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAUT Software ST7sc toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 V5.X toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF166C (6GT2002-0EE20) versions ant\u00e9rieures \u00e0 V2.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter V13.0 versions ant\u00e9rieures \u00e0 V13.0.0.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M812-1 ADSL-Router (Annex B) (6GK5812-1BA00-2AA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1543-1 (6GK7543-1AX00-0XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 343-1 Advanced (6GK7343-1GX31-0XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1626 (6GK1162-6AA01) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Portal V15 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XM408-8C (L3 int.) (6GK5408-8GR00-2AM2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Cloud Connect 7 CC716 (6GK1411-5AC00) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC NET PC Software V14 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "APOGEE PXC Compact (P2 Ethernet) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM CROSSBOW Station Access Controller toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR528-6M (6GK5528-0AA00-2AR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF188CI (6GT2002-0JE60) versions ant\u00e9rieures \u00e0 V2.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SICAM GridEdge Essential Intel (6MD7881-2AA40) versions ant\u00e9rieures \u00e0 V2.6.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Portal V16 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PDM toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Spectrum Power 4 toutes versions using Shared HIS",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS NET CP 1543-1 (6AG1543-1AX00-2XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR552-12M (6GK5552-0AA00-2AR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC NET PC Software V16 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1545-1 (6GK7545-1GX00-0XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC MV540 H (6GF3540-0GE10) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF360R (6GT2801-5BA30) versions ant\u00e9rieures \u00e0 V2.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 (TIA Portal) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR526-8C, 2x230V (L3 int.) (6GK5526-8GR00-4AR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR526-8C, 1x230V (6GK5526-8GS00-3AR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XM408-4C (6GK5408-4GP00-2AM2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XM408-4C (L3 int.) (6GK5408-4GQ00-2AM2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINUMERIK Edge versions ant\u00e9rieures \u00e0 V3.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE LPE9403 (6GK5998-3GS00-2AC2) versions ant\u00e9rieures \u00e0 V2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Spectrum Power MGMS toutes versions using Shared HIS",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR526-8C, 24V (L3 int.) (6GK5526-8GR00-2AR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET 200SP Open Controller (incl. SIPLUS variants) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter V13.2 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1545-1 (6GK7545-1GX00-0XE0) versions ant\u00e9rieures \u00e0 V1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE S615 (6GK5615-0AA00-2AA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M874-3 (6GK5874-3AA00-2AA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM ROX Series toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF185C (6GT2002-0JE10) versions ant\u00e9rieures \u00e0 V2.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR528-6M (2HR2, L3 int.) (6GK5528-0AR00-2HR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE MUM853-1 (RoW) (6GK5853-2EA00-2AA1) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "EN100 Ethernet module PROFINET IO variant toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR524-8C, 24V (6GK5524-8GS00-2AR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Portal Cloud toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-PLCSIM Advanced toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEMA Remote Connect Server versions ant\u00e9rieures \u00e0 V3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Logon toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M874-2 (6GK5874-2AA00-2AA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC MV550 S (6GF3550-0CD10) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC MV550 H (6GF3550-0GE10) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIM 1531 IRC (6GK7543-1MX00-0XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS NET CP 343-1 Advanced (6AG1343-1GX31-4XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Mendix SAML Module (Mendix 8 compatible) versions ant\u00e9rieures \u00e0 2.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "APOGEE PXC Modular (P2 Ethernet) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter V13.3 versions ant\u00e9rieures \u00e0 V13.3.0.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR552-12M (2HR2) (6GK5552-0AR00-2HR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter Active Workspace V6.0 versions ant\u00e9rieures \u00e0 V6.0.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE SC622-2C (6GK5622-2GS00-2AC2) toutes versions versions ant\u00e9rieures \u00e0 V2.3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Mendix SAML Module (Mendix 7 compatible) versions ant\u00e9rieures \u00e0 1.16.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "EN100 Ethernet module DNP3 IP variant toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XM416-4C (6GK5416-4GS00-2AM2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M816-1 ADSL-Router (Annex B) (6GK5816-1BA00-2AA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Industrial Edge - PROFINET IO Connector toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XM416-4C (L3 int.) (6GK5416-4GR00-2AM2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM ROS Series toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Portal V17 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TALON TC Modular (BACnet) versions ant\u00e9rieures \u00e0 V3.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PCS 7 TeleControl toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "APOGEE PXC Compact (BACnet) versions ant\u00e9rieures \u00e0 V3.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE MUM856-1 (NAM) (6GK5856-2EA00-3BA1) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF685R (6GT2811-6CA10) versions ant\u00e9rieures \u00e0 V4.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEMA Server V14 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE SC646-2C (6GK5646-2GS00-2AC2) toutes versions versions ant\u00e9rieures \u00e0 V2.3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF680R (6GT2811-6AA10) versions ant\u00e9rieures \u00e0 V4.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC MV560 U (6GF3560-0LE10) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Industrial Edge - SIMATIC S7 Connector App versions ant\u00e9rieures \u00e0 V1.7.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEC INS toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR524-8C, 24V (L3 int.) (6GK5524-8GR00-2AR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR524-8C, 2x230V (6GK5524-8GS00-4AR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE SC636-2C (6GK5636-2GS00-2AC2) toutes versions versions ant\u00e9rieures \u00e0 V2.3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Administrator toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR526-8C, 24V (6GK5526-8GS00-2AR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TeleControl Server Basic V3 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAUT ST7CC toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XM408-8C (6GK5408-8GS00-2AM2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR552-12M (2HR2, L3 int.) (6GK5552-0AR00-2AR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR528-6M (2HR2) (6GK5528-0AA00-2HR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC NET PC Software V17 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Spectrum Power 7 toutes versions using Shared HIS",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC MV560 X (6GF3560-0HE10) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 Software Controller (incl. F) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEMA Remote Connect Server versions ant\u00e9rieures \u00e0 3.0 SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Industrial Edge - OPC UA Connector toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter Active Workspace V5.2 versions ant\u00e9rieures \u00e0 V5.2.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE SC642-2C (6GK5642-2GS00-2AC2) toutes versions versions ant\u00e9rieures \u00e0 V2.3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEC NMS toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Mendix SAML Module (Mendix 9 compatible) versions ant\u00e9rieures \u00e0 3.2.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter V14.0 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF615R (6GT2811-6CC10) versions ant\u00e9rieures \u00e0 V4.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Cloud Connect 7 CC712 (6GK1411-1AC00) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF186CI (6GT2002-0JE50) versions ant\u00e9rieures \u00e0 V2.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR528-6M (L3 int.) (6GK5528-0AR00-2AR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR524-8C, 1x230V (6GK5524-8GS00-3AR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1628 (6GK1162-8AA00) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SICAM GridEdge Essential with GDS Intel (6MD7881-2AA20) versions ant\u00e9rieures \u00e0 V2.6.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter V13.1 versions ant\u00e9rieures \u00e0 V13.1.0.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE SC632-2C (6GK5632-2GS00-2AC2) toutes versions versions ant\u00e9rieures \u00e0 V2.3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC MV540 S (6GF3540-0CD10) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 443-1 OPC UA (6GK7443-1UX00-0XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PCS neo toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM NMS toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-32285",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32285"
},
{
"name": "CVE-2022-32286",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32286"
},
{
"name": "CVE-2021-45960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
},
{
"name": "CVE-2021-20317",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20317"
},
{
"name": "CVE-2022-32258",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32258"
},
{
"name": "CVE-2021-41091",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41091"
},
{
"name": "CVE-2021-22925",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22925"
},
{
"name": "CVE-2022-30231",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30231"
},
{
"name": "CVE-2021-33196",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33196"
},
{
"name": "CVE-2022-32254",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32254"
},
{
"name": "CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"name": "CVE-2022-32145",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32145"
},
{
"name": "CVE-2022-32259",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32259"
},
{
"name": "CVE-2022-32262",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32262"
},
{
"name": "CVE-2017-9947",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9947"
},
{
"name": "CVE-2022-32255",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32255"
},
{
"name": "CVE-2020-27304",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27304"
},
{
"name": "CVE-2022-25315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
},
{
"name": "CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"name": "CVE-2022-32252",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32252"
},
{
"name": "CVE-2021-22924",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22924"
},
{
"name": "CVE-2022-25313",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25313"
},
{
"name": "CVE-2021-39275",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39275"
},
{
"name": "CVE-2021-37182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37182"
},
{
"name": "CVE-2020-9272",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9272"
},
{
"name": "CVE-2021-39293",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39293"
},
{
"name": "CVE-2021-33910",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33910"
},
{
"name": "CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"name": "CVE-2022-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
},
{
"name": "CVE-2022-25314",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25314"
},
{
"name": "CVE-2022-23990",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23990"
},
{
"name": "CVE-2022-26476",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26476"
},
{
"name": "CVE-2022-25235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
},
{
"name": "CVE-2022-0847",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0847"
},
{
"name": "CVE-2022-30228",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30228"
},
{
"name": "CVE-2021-46143",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
},
{
"name": "CVE-2021-41092",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41092"
},
{
"name": "CVE-2022-32251",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32251"
},
{
"name": "CVE-2021-34798",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34798"
},
{
"name": "CVE-2021-36221",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36221"
},
{
"name": "CVE-2021-41089",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41089"
},
{
"name": "CVE-2022-30230",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30230"
},
{
"name": "CVE-2020-9273",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9273"
},
{
"name": "CVE-2022-30229",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30229"
},
{
"name": "CVE-2022-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
},
{
"name": "CVE-2022-29034",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29034"
},
{
"name": "CVE-2022-30937",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30937"
},
{
"name": "CVE-2022-25236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
},
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
},
{
"name": "CVE-2022-27219",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27219"
},
{
"name": "CVE-2022-27221",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27221"
},
{
"name": "CVE-2022-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
},
{
"name": "CVE-2022-31619",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31619"
},
{
"name": "CVE-2022-32261",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32261"
},
{
"name": "CVE-2022-32260",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32260"
},
{
"name": "CVE-2021-40438",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40438"
},
{
"name": "CVE-2021-4034",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4034"
},
{
"name": "CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
},
{
"name": "CVE-2022-27220",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27220"
},
{
"name": "CVE-2022-31465",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31465"
},
{
"name": "CVE-2017-9946",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9946"
},
{
"name": "CVE-2021-41103",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41103"
},
{
"name": "CVE-2022-32253",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32253"
},
{
"name": "CVE-2022-32256",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32256"
},
{
"name": "CVE-2021-37209",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37209"
}
],
"initial_release_date": "2022-06-15T00:00:00",
"last_revision_date": "2022-06-15T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-547",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-06-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-148078 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-148078.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-220589 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-220589.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-988345 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-988345.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-484086 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-484086.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-330556 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-330556.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-145224 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-145224.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-685781 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-685781.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-693555 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-693555.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-911567 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-911567.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-401167 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-401167.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-764417 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-764417.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-712929 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-712929.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-679335 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-679335.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-388239 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-388239.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-631336 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-631336.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-740594 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-740594.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-222547 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-222547.html"
}
]
}
icsa-21-222-07
Vulnerability from csaf_cisa
Published
2021-08-10 00:00
Modified
2022-06-14 00:00
Summary
Siemens SIMATIC CP (Update A)
Notes
Summary
SIMATIC CP 1543-1 and CP 1545-1 devices are affected by multiple vulnerabilities in ProFTPD, a third party component, that could allow a remote attacker to access sensitive information and execute arbitrary code.
Siemens has released updates for the affected products and recommends to update to the latest versions.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer
This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.
Critical infrastructure sectors
Multiple
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.
Recommended Practices
Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices
Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
{
"document": {
"acknowledgments": [
{
"organization": "Siemens ProductCERT",
"summary": "reporting these vulnerabilities to CISA."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"notes": [
{
"category": "summary",
"text": "SIMATIC CP 1543-1 and CP 1545-1 devices are affected by multiple vulnerabilities in ProFTPD, a third party component, that could allow a remote attacker to access sensitive information and execute arbitrary code.\n\nSiemens has released updates for the affected products and recommends to update to the latest versions.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "other",
"text": "This CISA CSAF advisory was converted from Siemens ProductCERT\u0027s CSAF advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Multiple",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "SSA-679335: Multiple Vulnerabilities in Embedded FTP Server of SIMATIC CP Modules - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-679335.json"
},
{
"category": "self",
"summary": "SSA-679335: Multiple Vulnerabilities in Embedded FTP Server of SIMATIC CP Modules - TXT Version",
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-679335.txt"
},
{
"category": "self",
"summary": "SSA-679335: Multiple Vulnerabilities in Embedded FTP Server of SIMATIC CP Modules - PDF Version",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-679335.pdf"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-21-222-07 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-222-07.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-21-222-07 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-222-07"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Siemens SIMATIC CP (Update A)",
"tracking": {
"current_release_date": "2022-06-14T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-21-222-07",
"initial_release_date": "2021-08-10T00:00:00.000000Z",
"revision_history": [
{
"date": "2021-08-10T00:00:00.000000Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2022-06-14T00:00:00.000000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added fix for SIMATIC CP 1545-1"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.0",
"product": {
"name": "SIMATIC CP 1543-1 (incl. SIPLUS variants)",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "SIMATIC CP 1543-1 (incl. SIPLUS variants)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV1.1",
"product": {
"name": "SIMATIC CP 1545-1",
"product_id": "CSAFPID-0002",
"product_identification_helper": {
"model_numbers": [
"6GK7545-1GX00-0XE0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC CP 1545-1"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-9272",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap via the cap_text.c cap_to_text function, that could lead to information disclosure.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"summary": "CVE-2020-9272 - SIMATIC CP 1543-1 (incl. SIPLUS variants)",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109800773/"
},
{
"summary": "CVE-2020-9272 - SIMATIC CP 1545-1",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109811116/"
},
{
"summary": "CVE-2020-9272 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-9272.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109800773/"
},
{
"category": "vendor_fix",
"details": "Update to V1.1 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109811116/"
},
{
"category": "mitigation",
"details": "Disable the embedded FTP server. The server is deactivated in the default configuration",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Limit access to port 21/tcp to trusted IP addresses",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2020-9272"
},
{
"cve": "CVE-2020-9273",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"summary": "CVE-2020-9273 - SIMATIC CP 1543-1 (incl. SIPLUS variants)",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109800773/"
},
{
"summary": "CVE-2020-9273 - SIMATIC CP 1545-1",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109811116/"
},
{
"summary": "CVE-2020-9273 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-9273.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109800773/"
},
{
"category": "vendor_fix",
"details": "Update to V1.1 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109811116/"
},
{
"category": "mitigation",
"details": "Disable the embedded FTP server. The server is deactivated in the default configuration",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Limit access to port 21/tcp to trusted IP addresses",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2020-9273"
}
]
}
ICSA-21-222-07
Vulnerability from csaf_cisa
Published
2021-08-10 00:00
Modified
2022-06-14 00:00
Summary
Siemens SIMATIC CP (Update A)
Notes
Summary
SIMATIC CP 1543-1 and CP 1545-1 devices are affected by multiple vulnerabilities in ProFTPD, a third party component, that could allow a remote attacker to access sensitive information and execute arbitrary code.
Siemens has released updates for the affected products and recommends to update to the latest versions.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer
This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.
Critical infrastructure sectors
Multiple
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.
Recommended Practices
Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices
Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
{
"document": {
"acknowledgments": [
{
"organization": "Siemens ProductCERT",
"summary": "reporting these vulnerabilities to CISA."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"notes": [
{
"category": "summary",
"text": "SIMATIC CP 1543-1 and CP 1545-1 devices are affected by multiple vulnerabilities in ProFTPD, a third party component, that could allow a remote attacker to access sensitive information and execute arbitrary code.\n\nSiemens has released updates for the affected products and recommends to update to the latest versions.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "other",
"text": "This CISA CSAF advisory was converted from Siemens ProductCERT\u0027s CSAF advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Multiple",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "SSA-679335: Multiple Vulnerabilities in Embedded FTP Server of SIMATIC CP Modules - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-679335.json"
},
{
"category": "self",
"summary": "SSA-679335: Multiple Vulnerabilities in Embedded FTP Server of SIMATIC CP Modules - TXT Version",
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-679335.txt"
},
{
"category": "self",
"summary": "SSA-679335: Multiple Vulnerabilities in Embedded FTP Server of SIMATIC CP Modules - PDF Version",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-679335.pdf"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-21-222-07 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-222-07.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-21-222-07 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-222-07"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Siemens SIMATIC CP (Update A)",
"tracking": {
"current_release_date": "2022-06-14T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-21-222-07",
"initial_release_date": "2021-08-10T00:00:00.000000Z",
"revision_history": [
{
"date": "2021-08-10T00:00:00.000000Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2022-06-14T00:00:00.000000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added fix for SIMATIC CP 1545-1"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.0",
"product": {
"name": "SIMATIC CP 1543-1 (incl. SIPLUS variants)",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "SIMATIC CP 1543-1 (incl. SIPLUS variants)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV1.1",
"product": {
"name": "SIMATIC CP 1545-1",
"product_id": "CSAFPID-0002",
"product_identification_helper": {
"model_numbers": [
"6GK7545-1GX00-0XE0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC CP 1545-1"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-9272",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap via the cap_text.c cap_to_text function, that could lead to information disclosure.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"summary": "CVE-2020-9272 - SIMATIC CP 1543-1 (incl. SIPLUS variants)",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109800773/"
},
{
"summary": "CVE-2020-9272 - SIMATIC CP 1545-1",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109811116/"
},
{
"summary": "CVE-2020-9272 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-9272.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109800773/"
},
{
"category": "vendor_fix",
"details": "Update to V1.1 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109811116/"
},
{
"category": "mitigation",
"details": "Disable the embedded FTP server. The server is deactivated in the default configuration",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Limit access to port 21/tcp to trusted IP addresses",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2020-9272"
},
{
"cve": "CVE-2020-9273",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"summary": "CVE-2020-9273 - SIMATIC CP 1543-1 (incl. SIPLUS variants)",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109800773/"
},
{
"summary": "CVE-2020-9273 - SIMATIC CP 1545-1",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109811116/"
},
{
"summary": "CVE-2020-9273 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-9273.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109800773/"
},
{
"category": "vendor_fix",
"details": "Update to V1.1 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109811116/"
},
{
"category": "mitigation",
"details": "Disable the embedded FTP server. The server is deactivated in the default configuration",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Limit access to port 21/tcp to trusted IP addresses",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2020-9273"
}
]
}
cnvd-2020-12799
Vulnerability from cnvd
Title
ProFTPD资源管理错误漏洞
Description
ProFTPD是ProFTPD团队的一套安全云打印解决方案。该方案支持从笔记本电脑、台式机和移动设备连接打印机进行打印。
ProFTPD存在资源管理错误漏洞。攻击者可利用该漏洞实现远程代码执行。
Severity
高
VLAI Severity ?
Patch Name
ProFTPD资源管理错误漏洞的补丁
Patch Description
ProFTPD是ProFTPD团队的一套安全云打印解决方案。该方案支持从笔记本电脑、台式机和移动设备连接打印机进行打印。
ProFTPD存在资源管理错误漏洞。攻击者可利用该漏洞实现远程代码执行。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://github.com/proftpd/proftpd/issues/903
Reference
https://nvd.nist.gov/vuln/detail/CVE-2020-9273
Impacted products
| Name | ProFTPD Project ProFTPD 1.3.7 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2020-9273",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-9273"
}
},
"description": "ProFTPD\u662fProFTPD\u56e2\u961f\u7684\u4e00\u5957\u5b89\u5168\u4e91\u6253\u5370\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u65b9\u6848\u652f\u6301\u4ece\u7b14\u8bb0\u672c\u7535\u8111\u3001\u53f0\u5f0f\u673a\u548c\u79fb\u52a8\u8bbe\u5907\u8fde\u63a5\u6253\u5370\u673a\u8fdb\u884c\u6253\u5370\u3002\n\nProFTPD\u5b58\u5728\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5b9e\u73b0\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/proftpd/proftpd/issues/903",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2020-12799",
"openTime": "2020-02-23",
"patchDescription": "ProFTPD\u662fProFTPD\u56e2\u961f\u7684\u4e00\u5957\u5b89\u5168\u4e91\u6253\u5370\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u65b9\u6848\u652f\u6301\u4ece\u7b14\u8bb0\u672c\u7535\u8111\u3001\u53f0\u5f0f\u673a\u548c\u79fb\u52a8\u8bbe\u5907\u8fde\u63a5\u6253\u5370\u673a\u8fdb\u884c\u6253\u5370\u3002\r\n\r\nProFTPD\u5b58\u5728\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5b9e\u73b0\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "ProFTPD\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "ProFTPD Project ProFTPD 1.3.7"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-9273",
"serverity": "\u9ad8",
"submitTime": "2020-02-21",
"title": "ProFTPD\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e"
}
opensuse-su-2020:0273-1
Vulnerability from csaf_opensuse
Published
2020-03-01 17:13
Modified
2020-03-01 17:13
Summary
Security update for proftpd
Notes
Title of the patch
Security update for proftpd
Description of the patch
This update for proftpd fixes the following issues:
proftpd was updated to version 1.3.6c.
Security issues fixed:
- CVE-2020-9272: Fixed an out-of-bounds read in mod_cap (bsc#1164572).
- CVE-2020-9273: Fixed a potential memory corruption caused by an interruption of the data transfer channel (bsc#1164574).
Patchnames
openSUSE-2020-273
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for proftpd",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for proftpd fixes the following issues:\n\nproftpd was updated to version 1.3.6c.\n\nSecurity issues fixed:\n\n- CVE-2020-9272: Fixed an out-of-bounds read in mod_cap (bsc#1164572).\n- CVE-2020-9273: Fixed a potential memory corruption caused by an interruption of the data transfer channel (bsc#1164574).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-273",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_0273-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:0273-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NWEO4RUNNDPDSIHIS6CBC7B43G6TT4FO/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:0273-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NWEO4RUNNDPDSIHIS6CBC7B43G6TT4FO/"
},
{
"category": "self",
"summary": "SUSE Bug 1164572",
"url": "https://bugzilla.suse.com/1164572"
},
{
"category": "self",
"summary": "SUSE Bug 1164574",
"url": "https://bugzilla.suse.com/1164574"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-9272 page",
"url": "https://www.suse.com/security/cve/CVE-2020-9272/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-9273 page",
"url": "https://www.suse.com/security/cve/CVE-2020-9273/"
}
],
"title": "Security update for proftpd",
"tracking": {
"current_release_date": "2020-03-01T17:13:15Z",
"generator": {
"date": "2020-03-01T17:13:15Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:0273-1",
"initial_release_date": "2020-03-01T17:13:15Z",
"revision_history": [
{
"date": "2020-03-01T17:13:15Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "proftpd-1.3.6c-bp151.4.9.1.aarch64",
"product": {
"name": "proftpd-1.3.6c-bp151.4.9.1.aarch64",
"product_id": "proftpd-1.3.6c-bp151.4.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "proftpd-devel-1.3.6c-bp151.4.9.1.aarch64",
"product": {
"name": "proftpd-devel-1.3.6c-bp151.4.9.1.aarch64",
"product_id": "proftpd-devel-1.3.6c-bp151.4.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "proftpd-doc-1.3.6c-bp151.4.9.1.aarch64",
"product": {
"name": "proftpd-doc-1.3.6c-bp151.4.9.1.aarch64",
"product_id": "proftpd-doc-1.3.6c-bp151.4.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "proftpd-ldap-1.3.6c-bp151.4.9.1.aarch64",
"product": {
"name": "proftpd-ldap-1.3.6c-bp151.4.9.1.aarch64",
"product_id": "proftpd-ldap-1.3.6c-bp151.4.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "proftpd-mysql-1.3.6c-bp151.4.9.1.aarch64",
"product": {
"name": "proftpd-mysql-1.3.6c-bp151.4.9.1.aarch64",
"product_id": "proftpd-mysql-1.3.6c-bp151.4.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "proftpd-pgsql-1.3.6c-bp151.4.9.1.aarch64",
"product": {
"name": "proftpd-pgsql-1.3.6c-bp151.4.9.1.aarch64",
"product_id": "proftpd-pgsql-1.3.6c-bp151.4.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "proftpd-radius-1.3.6c-bp151.4.9.1.aarch64",
"product": {
"name": "proftpd-radius-1.3.6c-bp151.4.9.1.aarch64",
"product_id": "proftpd-radius-1.3.6c-bp151.4.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "proftpd-sqlite-1.3.6c-bp151.4.9.1.aarch64",
"product": {
"name": "proftpd-sqlite-1.3.6c-bp151.4.9.1.aarch64",
"product_id": "proftpd-sqlite-1.3.6c-bp151.4.9.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "proftpd-lang-1.3.6c-bp151.4.9.1.noarch",
"product": {
"name": "proftpd-lang-1.3.6c-bp151.4.9.1.noarch",
"product_id": "proftpd-lang-1.3.6c-bp151.4.9.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "proftpd-1.3.6c-bp151.4.9.1.ppc64le",
"product": {
"name": "proftpd-1.3.6c-bp151.4.9.1.ppc64le",
"product_id": "proftpd-1.3.6c-bp151.4.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "proftpd-devel-1.3.6c-bp151.4.9.1.ppc64le",
"product": {
"name": "proftpd-devel-1.3.6c-bp151.4.9.1.ppc64le",
"product_id": "proftpd-devel-1.3.6c-bp151.4.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "proftpd-doc-1.3.6c-bp151.4.9.1.ppc64le",
"product": {
"name": "proftpd-doc-1.3.6c-bp151.4.9.1.ppc64le",
"product_id": "proftpd-doc-1.3.6c-bp151.4.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "proftpd-ldap-1.3.6c-bp151.4.9.1.ppc64le",
"product": {
"name": "proftpd-ldap-1.3.6c-bp151.4.9.1.ppc64le",
"product_id": "proftpd-ldap-1.3.6c-bp151.4.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "proftpd-mysql-1.3.6c-bp151.4.9.1.ppc64le",
"product": {
"name": "proftpd-mysql-1.3.6c-bp151.4.9.1.ppc64le",
"product_id": "proftpd-mysql-1.3.6c-bp151.4.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "proftpd-pgsql-1.3.6c-bp151.4.9.1.ppc64le",
"product": {
"name": "proftpd-pgsql-1.3.6c-bp151.4.9.1.ppc64le",
"product_id": "proftpd-pgsql-1.3.6c-bp151.4.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "proftpd-radius-1.3.6c-bp151.4.9.1.ppc64le",
"product": {
"name": "proftpd-radius-1.3.6c-bp151.4.9.1.ppc64le",
"product_id": "proftpd-radius-1.3.6c-bp151.4.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "proftpd-sqlite-1.3.6c-bp151.4.9.1.ppc64le",
"product": {
"name": "proftpd-sqlite-1.3.6c-bp151.4.9.1.ppc64le",
"product_id": "proftpd-sqlite-1.3.6c-bp151.4.9.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "proftpd-1.3.6c-bp151.4.9.1.s390x",
"product": {
"name": "proftpd-1.3.6c-bp151.4.9.1.s390x",
"product_id": "proftpd-1.3.6c-bp151.4.9.1.s390x"
}
},
{
"category": "product_version",
"name": "proftpd-devel-1.3.6c-bp151.4.9.1.s390x",
"product": {
"name": "proftpd-devel-1.3.6c-bp151.4.9.1.s390x",
"product_id": "proftpd-devel-1.3.6c-bp151.4.9.1.s390x"
}
},
{
"category": "product_version",
"name": "proftpd-doc-1.3.6c-bp151.4.9.1.s390x",
"product": {
"name": "proftpd-doc-1.3.6c-bp151.4.9.1.s390x",
"product_id": "proftpd-doc-1.3.6c-bp151.4.9.1.s390x"
}
},
{
"category": "product_version",
"name": "proftpd-ldap-1.3.6c-bp151.4.9.1.s390x",
"product": {
"name": "proftpd-ldap-1.3.6c-bp151.4.9.1.s390x",
"product_id": "proftpd-ldap-1.3.6c-bp151.4.9.1.s390x"
}
},
{
"category": "product_version",
"name": "proftpd-mysql-1.3.6c-bp151.4.9.1.s390x",
"product": {
"name": "proftpd-mysql-1.3.6c-bp151.4.9.1.s390x",
"product_id": "proftpd-mysql-1.3.6c-bp151.4.9.1.s390x"
}
},
{
"category": "product_version",
"name": "proftpd-pgsql-1.3.6c-bp151.4.9.1.s390x",
"product": {
"name": "proftpd-pgsql-1.3.6c-bp151.4.9.1.s390x",
"product_id": "proftpd-pgsql-1.3.6c-bp151.4.9.1.s390x"
}
},
{
"category": "product_version",
"name": "proftpd-radius-1.3.6c-bp151.4.9.1.s390x",
"product": {
"name": "proftpd-radius-1.3.6c-bp151.4.9.1.s390x",
"product_id": "proftpd-radius-1.3.6c-bp151.4.9.1.s390x"
}
},
{
"category": "product_version",
"name": "proftpd-sqlite-1.3.6c-bp151.4.9.1.s390x",
"product": {
"name": "proftpd-sqlite-1.3.6c-bp151.4.9.1.s390x",
"product_id": "proftpd-sqlite-1.3.6c-bp151.4.9.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "proftpd-1.3.6c-bp151.4.9.1.x86_64",
"product": {
"name": "proftpd-1.3.6c-bp151.4.9.1.x86_64",
"product_id": "proftpd-1.3.6c-bp151.4.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "proftpd-devel-1.3.6c-bp151.4.9.1.x86_64",
"product": {
"name": "proftpd-devel-1.3.6c-bp151.4.9.1.x86_64",
"product_id": "proftpd-devel-1.3.6c-bp151.4.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "proftpd-doc-1.3.6c-bp151.4.9.1.x86_64",
"product": {
"name": "proftpd-doc-1.3.6c-bp151.4.9.1.x86_64",
"product_id": "proftpd-doc-1.3.6c-bp151.4.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "proftpd-ldap-1.3.6c-bp151.4.9.1.x86_64",
"product": {
"name": "proftpd-ldap-1.3.6c-bp151.4.9.1.x86_64",
"product_id": "proftpd-ldap-1.3.6c-bp151.4.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "proftpd-mysql-1.3.6c-bp151.4.9.1.x86_64",
"product": {
"name": "proftpd-mysql-1.3.6c-bp151.4.9.1.x86_64",
"product_id": "proftpd-mysql-1.3.6c-bp151.4.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "proftpd-pgsql-1.3.6c-bp151.4.9.1.x86_64",
"product": {
"name": "proftpd-pgsql-1.3.6c-bp151.4.9.1.x86_64",
"product_id": "proftpd-pgsql-1.3.6c-bp151.4.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "proftpd-radius-1.3.6c-bp151.4.9.1.x86_64",
"product": {
"name": "proftpd-radius-1.3.6c-bp151.4.9.1.x86_64",
"product_id": "proftpd-radius-1.3.6c-bp151.4.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "proftpd-sqlite-1.3.6c-bp151.4.9.1.x86_64",
"product": {
"name": "proftpd-sqlite-1.3.6c-bp151.4.9.1.x86_64",
"product_id": "proftpd-sqlite-1.3.6c-bp151.4.9.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15",
"product": {
"name": "SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15"
}
},
{
"category": "product_name",
"name": "SUSE Package Hub 15 SP1",
"product": {
"name": "SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1"
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-1.3.6c-bp151.4.9.1.aarch64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:proftpd-1.3.6c-bp151.4.9.1.aarch64"
},
"product_reference": "proftpd-1.3.6c-bp151.4.9.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-1.3.6c-bp151.4.9.1.ppc64le as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:proftpd-1.3.6c-bp151.4.9.1.ppc64le"
},
"product_reference": "proftpd-1.3.6c-bp151.4.9.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-1.3.6c-bp151.4.9.1.s390x as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:proftpd-1.3.6c-bp151.4.9.1.s390x"
},
"product_reference": "proftpd-1.3.6c-bp151.4.9.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-1.3.6c-bp151.4.9.1.x86_64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:proftpd-1.3.6c-bp151.4.9.1.x86_64"
},
"product_reference": "proftpd-1.3.6c-bp151.4.9.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-devel-1.3.6c-bp151.4.9.1.aarch64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:proftpd-devel-1.3.6c-bp151.4.9.1.aarch64"
},
"product_reference": "proftpd-devel-1.3.6c-bp151.4.9.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-devel-1.3.6c-bp151.4.9.1.ppc64le as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:proftpd-devel-1.3.6c-bp151.4.9.1.ppc64le"
},
"product_reference": "proftpd-devel-1.3.6c-bp151.4.9.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-devel-1.3.6c-bp151.4.9.1.s390x as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:proftpd-devel-1.3.6c-bp151.4.9.1.s390x"
},
"product_reference": "proftpd-devel-1.3.6c-bp151.4.9.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-devel-1.3.6c-bp151.4.9.1.x86_64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:proftpd-devel-1.3.6c-bp151.4.9.1.x86_64"
},
"product_reference": "proftpd-devel-1.3.6c-bp151.4.9.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-doc-1.3.6c-bp151.4.9.1.aarch64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:proftpd-doc-1.3.6c-bp151.4.9.1.aarch64"
},
"product_reference": "proftpd-doc-1.3.6c-bp151.4.9.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-doc-1.3.6c-bp151.4.9.1.ppc64le as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:proftpd-doc-1.3.6c-bp151.4.9.1.ppc64le"
},
"product_reference": "proftpd-doc-1.3.6c-bp151.4.9.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-doc-1.3.6c-bp151.4.9.1.s390x as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:proftpd-doc-1.3.6c-bp151.4.9.1.s390x"
},
"product_reference": "proftpd-doc-1.3.6c-bp151.4.9.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-doc-1.3.6c-bp151.4.9.1.x86_64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:proftpd-doc-1.3.6c-bp151.4.9.1.x86_64"
},
"product_reference": "proftpd-doc-1.3.6c-bp151.4.9.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-lang-1.3.6c-bp151.4.9.1.noarch as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:proftpd-lang-1.3.6c-bp151.4.9.1.noarch"
},
"product_reference": "proftpd-lang-1.3.6c-bp151.4.9.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-ldap-1.3.6c-bp151.4.9.1.aarch64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:proftpd-ldap-1.3.6c-bp151.4.9.1.aarch64"
},
"product_reference": "proftpd-ldap-1.3.6c-bp151.4.9.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-ldap-1.3.6c-bp151.4.9.1.ppc64le as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:proftpd-ldap-1.3.6c-bp151.4.9.1.ppc64le"
},
"product_reference": "proftpd-ldap-1.3.6c-bp151.4.9.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-ldap-1.3.6c-bp151.4.9.1.s390x as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:proftpd-ldap-1.3.6c-bp151.4.9.1.s390x"
},
"product_reference": "proftpd-ldap-1.3.6c-bp151.4.9.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-ldap-1.3.6c-bp151.4.9.1.x86_64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:proftpd-ldap-1.3.6c-bp151.4.9.1.x86_64"
},
"product_reference": "proftpd-ldap-1.3.6c-bp151.4.9.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-mysql-1.3.6c-bp151.4.9.1.aarch64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:proftpd-mysql-1.3.6c-bp151.4.9.1.aarch64"
},
"product_reference": "proftpd-mysql-1.3.6c-bp151.4.9.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-mysql-1.3.6c-bp151.4.9.1.ppc64le as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:proftpd-mysql-1.3.6c-bp151.4.9.1.ppc64le"
},
"product_reference": "proftpd-mysql-1.3.6c-bp151.4.9.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-mysql-1.3.6c-bp151.4.9.1.s390x as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:proftpd-mysql-1.3.6c-bp151.4.9.1.s390x"
},
"product_reference": "proftpd-mysql-1.3.6c-bp151.4.9.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-mysql-1.3.6c-bp151.4.9.1.x86_64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:proftpd-mysql-1.3.6c-bp151.4.9.1.x86_64"
},
"product_reference": "proftpd-mysql-1.3.6c-bp151.4.9.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-pgsql-1.3.6c-bp151.4.9.1.aarch64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:proftpd-pgsql-1.3.6c-bp151.4.9.1.aarch64"
},
"product_reference": "proftpd-pgsql-1.3.6c-bp151.4.9.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-pgsql-1.3.6c-bp151.4.9.1.ppc64le as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:proftpd-pgsql-1.3.6c-bp151.4.9.1.ppc64le"
},
"product_reference": "proftpd-pgsql-1.3.6c-bp151.4.9.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-pgsql-1.3.6c-bp151.4.9.1.s390x as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:proftpd-pgsql-1.3.6c-bp151.4.9.1.s390x"
},
"product_reference": "proftpd-pgsql-1.3.6c-bp151.4.9.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-pgsql-1.3.6c-bp151.4.9.1.x86_64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:proftpd-pgsql-1.3.6c-bp151.4.9.1.x86_64"
},
"product_reference": "proftpd-pgsql-1.3.6c-bp151.4.9.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-radius-1.3.6c-bp151.4.9.1.aarch64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:proftpd-radius-1.3.6c-bp151.4.9.1.aarch64"
},
"product_reference": "proftpd-radius-1.3.6c-bp151.4.9.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-radius-1.3.6c-bp151.4.9.1.ppc64le as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:proftpd-radius-1.3.6c-bp151.4.9.1.ppc64le"
},
"product_reference": "proftpd-radius-1.3.6c-bp151.4.9.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-radius-1.3.6c-bp151.4.9.1.s390x as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:proftpd-radius-1.3.6c-bp151.4.9.1.s390x"
},
"product_reference": "proftpd-radius-1.3.6c-bp151.4.9.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-radius-1.3.6c-bp151.4.9.1.x86_64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:proftpd-radius-1.3.6c-bp151.4.9.1.x86_64"
},
"product_reference": "proftpd-radius-1.3.6c-bp151.4.9.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-sqlite-1.3.6c-bp151.4.9.1.aarch64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:proftpd-sqlite-1.3.6c-bp151.4.9.1.aarch64"
},
"product_reference": "proftpd-sqlite-1.3.6c-bp151.4.9.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-sqlite-1.3.6c-bp151.4.9.1.ppc64le as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:proftpd-sqlite-1.3.6c-bp151.4.9.1.ppc64le"
},
"product_reference": "proftpd-sqlite-1.3.6c-bp151.4.9.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-sqlite-1.3.6c-bp151.4.9.1.s390x as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:proftpd-sqlite-1.3.6c-bp151.4.9.1.s390x"
},
"product_reference": "proftpd-sqlite-1.3.6c-bp151.4.9.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-sqlite-1.3.6c-bp151.4.9.1.x86_64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:proftpd-sqlite-1.3.6c-bp151.4.9.1.x86_64"
},
"product_reference": "proftpd-sqlite-1.3.6c-bp151.4.9.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-1.3.6c-bp151.4.9.1.aarch64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:proftpd-1.3.6c-bp151.4.9.1.aarch64"
},
"product_reference": "proftpd-1.3.6c-bp151.4.9.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-1.3.6c-bp151.4.9.1.ppc64le as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:proftpd-1.3.6c-bp151.4.9.1.ppc64le"
},
"product_reference": "proftpd-1.3.6c-bp151.4.9.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-1.3.6c-bp151.4.9.1.s390x as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:proftpd-1.3.6c-bp151.4.9.1.s390x"
},
"product_reference": "proftpd-1.3.6c-bp151.4.9.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-1.3.6c-bp151.4.9.1.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:proftpd-1.3.6c-bp151.4.9.1.x86_64"
},
"product_reference": "proftpd-1.3.6c-bp151.4.9.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-devel-1.3.6c-bp151.4.9.1.aarch64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:proftpd-devel-1.3.6c-bp151.4.9.1.aarch64"
},
"product_reference": "proftpd-devel-1.3.6c-bp151.4.9.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-devel-1.3.6c-bp151.4.9.1.ppc64le as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:proftpd-devel-1.3.6c-bp151.4.9.1.ppc64le"
},
"product_reference": "proftpd-devel-1.3.6c-bp151.4.9.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-devel-1.3.6c-bp151.4.9.1.s390x as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:proftpd-devel-1.3.6c-bp151.4.9.1.s390x"
},
"product_reference": "proftpd-devel-1.3.6c-bp151.4.9.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-devel-1.3.6c-bp151.4.9.1.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:proftpd-devel-1.3.6c-bp151.4.9.1.x86_64"
},
"product_reference": "proftpd-devel-1.3.6c-bp151.4.9.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-doc-1.3.6c-bp151.4.9.1.aarch64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:proftpd-doc-1.3.6c-bp151.4.9.1.aarch64"
},
"product_reference": "proftpd-doc-1.3.6c-bp151.4.9.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-doc-1.3.6c-bp151.4.9.1.ppc64le as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:proftpd-doc-1.3.6c-bp151.4.9.1.ppc64le"
},
"product_reference": "proftpd-doc-1.3.6c-bp151.4.9.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-doc-1.3.6c-bp151.4.9.1.s390x as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:proftpd-doc-1.3.6c-bp151.4.9.1.s390x"
},
"product_reference": "proftpd-doc-1.3.6c-bp151.4.9.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-doc-1.3.6c-bp151.4.9.1.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:proftpd-doc-1.3.6c-bp151.4.9.1.x86_64"
},
"product_reference": "proftpd-doc-1.3.6c-bp151.4.9.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-lang-1.3.6c-bp151.4.9.1.noarch as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:proftpd-lang-1.3.6c-bp151.4.9.1.noarch"
},
"product_reference": "proftpd-lang-1.3.6c-bp151.4.9.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-ldap-1.3.6c-bp151.4.9.1.aarch64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:proftpd-ldap-1.3.6c-bp151.4.9.1.aarch64"
},
"product_reference": "proftpd-ldap-1.3.6c-bp151.4.9.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-ldap-1.3.6c-bp151.4.9.1.ppc64le as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:proftpd-ldap-1.3.6c-bp151.4.9.1.ppc64le"
},
"product_reference": "proftpd-ldap-1.3.6c-bp151.4.9.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-ldap-1.3.6c-bp151.4.9.1.s390x as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:proftpd-ldap-1.3.6c-bp151.4.9.1.s390x"
},
"product_reference": "proftpd-ldap-1.3.6c-bp151.4.9.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-ldap-1.3.6c-bp151.4.9.1.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:proftpd-ldap-1.3.6c-bp151.4.9.1.x86_64"
},
"product_reference": "proftpd-ldap-1.3.6c-bp151.4.9.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-mysql-1.3.6c-bp151.4.9.1.aarch64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:proftpd-mysql-1.3.6c-bp151.4.9.1.aarch64"
},
"product_reference": "proftpd-mysql-1.3.6c-bp151.4.9.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-mysql-1.3.6c-bp151.4.9.1.ppc64le as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:proftpd-mysql-1.3.6c-bp151.4.9.1.ppc64le"
},
"product_reference": "proftpd-mysql-1.3.6c-bp151.4.9.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-mysql-1.3.6c-bp151.4.9.1.s390x as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:proftpd-mysql-1.3.6c-bp151.4.9.1.s390x"
},
"product_reference": "proftpd-mysql-1.3.6c-bp151.4.9.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-mysql-1.3.6c-bp151.4.9.1.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:proftpd-mysql-1.3.6c-bp151.4.9.1.x86_64"
},
"product_reference": "proftpd-mysql-1.3.6c-bp151.4.9.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-pgsql-1.3.6c-bp151.4.9.1.aarch64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:proftpd-pgsql-1.3.6c-bp151.4.9.1.aarch64"
},
"product_reference": "proftpd-pgsql-1.3.6c-bp151.4.9.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-pgsql-1.3.6c-bp151.4.9.1.ppc64le as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:proftpd-pgsql-1.3.6c-bp151.4.9.1.ppc64le"
},
"product_reference": "proftpd-pgsql-1.3.6c-bp151.4.9.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-pgsql-1.3.6c-bp151.4.9.1.s390x as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:proftpd-pgsql-1.3.6c-bp151.4.9.1.s390x"
},
"product_reference": "proftpd-pgsql-1.3.6c-bp151.4.9.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-pgsql-1.3.6c-bp151.4.9.1.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:proftpd-pgsql-1.3.6c-bp151.4.9.1.x86_64"
},
"product_reference": "proftpd-pgsql-1.3.6c-bp151.4.9.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-radius-1.3.6c-bp151.4.9.1.aarch64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:proftpd-radius-1.3.6c-bp151.4.9.1.aarch64"
},
"product_reference": "proftpd-radius-1.3.6c-bp151.4.9.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-radius-1.3.6c-bp151.4.9.1.ppc64le as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:proftpd-radius-1.3.6c-bp151.4.9.1.ppc64le"
},
"product_reference": "proftpd-radius-1.3.6c-bp151.4.9.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-radius-1.3.6c-bp151.4.9.1.s390x as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:proftpd-radius-1.3.6c-bp151.4.9.1.s390x"
},
"product_reference": "proftpd-radius-1.3.6c-bp151.4.9.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-radius-1.3.6c-bp151.4.9.1.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:proftpd-radius-1.3.6c-bp151.4.9.1.x86_64"
},
"product_reference": "proftpd-radius-1.3.6c-bp151.4.9.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-sqlite-1.3.6c-bp151.4.9.1.aarch64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:proftpd-sqlite-1.3.6c-bp151.4.9.1.aarch64"
},
"product_reference": "proftpd-sqlite-1.3.6c-bp151.4.9.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-sqlite-1.3.6c-bp151.4.9.1.ppc64le as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:proftpd-sqlite-1.3.6c-bp151.4.9.1.ppc64le"
},
"product_reference": "proftpd-sqlite-1.3.6c-bp151.4.9.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-sqlite-1.3.6c-bp151.4.9.1.s390x as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:proftpd-sqlite-1.3.6c-bp151.4.9.1.s390x"
},
"product_reference": "proftpd-sqlite-1.3.6c-bp151.4.9.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-sqlite-1.3.6c-bp151.4.9.1.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:proftpd-sqlite-1.3.6c-bp151.4.9.1.x86_64"
},
"product_reference": "proftpd-sqlite-1.3.6c-bp151.4.9.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-1.3.6c-bp151.4.9.1.aarch64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:proftpd-1.3.6c-bp151.4.9.1.aarch64"
},
"product_reference": "proftpd-1.3.6c-bp151.4.9.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-1.3.6c-bp151.4.9.1.ppc64le as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:proftpd-1.3.6c-bp151.4.9.1.ppc64le"
},
"product_reference": "proftpd-1.3.6c-bp151.4.9.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-1.3.6c-bp151.4.9.1.s390x as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:proftpd-1.3.6c-bp151.4.9.1.s390x"
},
"product_reference": "proftpd-1.3.6c-bp151.4.9.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-1.3.6c-bp151.4.9.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:proftpd-1.3.6c-bp151.4.9.1.x86_64"
},
"product_reference": "proftpd-1.3.6c-bp151.4.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-devel-1.3.6c-bp151.4.9.1.aarch64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:proftpd-devel-1.3.6c-bp151.4.9.1.aarch64"
},
"product_reference": "proftpd-devel-1.3.6c-bp151.4.9.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-devel-1.3.6c-bp151.4.9.1.ppc64le as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:proftpd-devel-1.3.6c-bp151.4.9.1.ppc64le"
},
"product_reference": "proftpd-devel-1.3.6c-bp151.4.9.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-devel-1.3.6c-bp151.4.9.1.s390x as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:proftpd-devel-1.3.6c-bp151.4.9.1.s390x"
},
"product_reference": "proftpd-devel-1.3.6c-bp151.4.9.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-devel-1.3.6c-bp151.4.9.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:proftpd-devel-1.3.6c-bp151.4.9.1.x86_64"
},
"product_reference": "proftpd-devel-1.3.6c-bp151.4.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-doc-1.3.6c-bp151.4.9.1.aarch64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:proftpd-doc-1.3.6c-bp151.4.9.1.aarch64"
},
"product_reference": "proftpd-doc-1.3.6c-bp151.4.9.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-doc-1.3.6c-bp151.4.9.1.ppc64le as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:proftpd-doc-1.3.6c-bp151.4.9.1.ppc64le"
},
"product_reference": "proftpd-doc-1.3.6c-bp151.4.9.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-doc-1.3.6c-bp151.4.9.1.s390x as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:proftpd-doc-1.3.6c-bp151.4.9.1.s390x"
},
"product_reference": "proftpd-doc-1.3.6c-bp151.4.9.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-doc-1.3.6c-bp151.4.9.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:proftpd-doc-1.3.6c-bp151.4.9.1.x86_64"
},
"product_reference": "proftpd-doc-1.3.6c-bp151.4.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-lang-1.3.6c-bp151.4.9.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:proftpd-lang-1.3.6c-bp151.4.9.1.noarch"
},
"product_reference": "proftpd-lang-1.3.6c-bp151.4.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-ldap-1.3.6c-bp151.4.9.1.aarch64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:proftpd-ldap-1.3.6c-bp151.4.9.1.aarch64"
},
"product_reference": "proftpd-ldap-1.3.6c-bp151.4.9.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-ldap-1.3.6c-bp151.4.9.1.ppc64le as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:proftpd-ldap-1.3.6c-bp151.4.9.1.ppc64le"
},
"product_reference": "proftpd-ldap-1.3.6c-bp151.4.9.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-ldap-1.3.6c-bp151.4.9.1.s390x as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:proftpd-ldap-1.3.6c-bp151.4.9.1.s390x"
},
"product_reference": "proftpd-ldap-1.3.6c-bp151.4.9.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-ldap-1.3.6c-bp151.4.9.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:proftpd-ldap-1.3.6c-bp151.4.9.1.x86_64"
},
"product_reference": "proftpd-ldap-1.3.6c-bp151.4.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-mysql-1.3.6c-bp151.4.9.1.aarch64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:proftpd-mysql-1.3.6c-bp151.4.9.1.aarch64"
},
"product_reference": "proftpd-mysql-1.3.6c-bp151.4.9.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-mysql-1.3.6c-bp151.4.9.1.ppc64le as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:proftpd-mysql-1.3.6c-bp151.4.9.1.ppc64le"
},
"product_reference": "proftpd-mysql-1.3.6c-bp151.4.9.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-mysql-1.3.6c-bp151.4.9.1.s390x as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:proftpd-mysql-1.3.6c-bp151.4.9.1.s390x"
},
"product_reference": "proftpd-mysql-1.3.6c-bp151.4.9.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-mysql-1.3.6c-bp151.4.9.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:proftpd-mysql-1.3.6c-bp151.4.9.1.x86_64"
},
"product_reference": "proftpd-mysql-1.3.6c-bp151.4.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-pgsql-1.3.6c-bp151.4.9.1.aarch64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:proftpd-pgsql-1.3.6c-bp151.4.9.1.aarch64"
},
"product_reference": "proftpd-pgsql-1.3.6c-bp151.4.9.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-pgsql-1.3.6c-bp151.4.9.1.ppc64le as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:proftpd-pgsql-1.3.6c-bp151.4.9.1.ppc64le"
},
"product_reference": "proftpd-pgsql-1.3.6c-bp151.4.9.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-pgsql-1.3.6c-bp151.4.9.1.s390x as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:proftpd-pgsql-1.3.6c-bp151.4.9.1.s390x"
},
"product_reference": "proftpd-pgsql-1.3.6c-bp151.4.9.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-pgsql-1.3.6c-bp151.4.9.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:proftpd-pgsql-1.3.6c-bp151.4.9.1.x86_64"
},
"product_reference": "proftpd-pgsql-1.3.6c-bp151.4.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-radius-1.3.6c-bp151.4.9.1.aarch64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:proftpd-radius-1.3.6c-bp151.4.9.1.aarch64"
},
"product_reference": "proftpd-radius-1.3.6c-bp151.4.9.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-radius-1.3.6c-bp151.4.9.1.ppc64le as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:proftpd-radius-1.3.6c-bp151.4.9.1.ppc64le"
},
"product_reference": "proftpd-radius-1.3.6c-bp151.4.9.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-radius-1.3.6c-bp151.4.9.1.s390x as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:proftpd-radius-1.3.6c-bp151.4.9.1.s390x"
},
"product_reference": "proftpd-radius-1.3.6c-bp151.4.9.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-radius-1.3.6c-bp151.4.9.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:proftpd-radius-1.3.6c-bp151.4.9.1.x86_64"
},
"product_reference": "proftpd-radius-1.3.6c-bp151.4.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-sqlite-1.3.6c-bp151.4.9.1.aarch64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:proftpd-sqlite-1.3.6c-bp151.4.9.1.aarch64"
},
"product_reference": "proftpd-sqlite-1.3.6c-bp151.4.9.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-sqlite-1.3.6c-bp151.4.9.1.ppc64le as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:proftpd-sqlite-1.3.6c-bp151.4.9.1.ppc64le"
},
"product_reference": "proftpd-sqlite-1.3.6c-bp151.4.9.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-sqlite-1.3.6c-bp151.4.9.1.s390x as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:proftpd-sqlite-1.3.6c-bp151.4.9.1.s390x"
},
"product_reference": "proftpd-sqlite-1.3.6c-bp151.4.9.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-sqlite-1.3.6c-bp151.4.9.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:proftpd-sqlite-1.3.6c-bp151.4.9.1.x86_64"
},
"product_reference": "proftpd-sqlite-1.3.6c-bp151.4.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-9272",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-9272"
}
],
"notes": [
{
"category": "general",
"text": "ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap via the cap_text.c cap_to_text function.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:proftpd-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15 SP1:proftpd-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15 SP1:proftpd-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15 SP1:proftpd-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15 SP1:proftpd-devel-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15 SP1:proftpd-devel-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15 SP1:proftpd-devel-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15 SP1:proftpd-devel-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15 SP1:proftpd-doc-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15 SP1:proftpd-doc-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15 SP1:proftpd-doc-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15 SP1:proftpd-doc-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15 SP1:proftpd-lang-1.3.6c-bp151.4.9.1.noarch",
"SUSE Package Hub 15 SP1:proftpd-ldap-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15 SP1:proftpd-ldap-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15 SP1:proftpd-ldap-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15 SP1:proftpd-ldap-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15 SP1:proftpd-mysql-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15 SP1:proftpd-mysql-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15 SP1:proftpd-mysql-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15 SP1:proftpd-mysql-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15 SP1:proftpd-pgsql-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15 SP1:proftpd-pgsql-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15 SP1:proftpd-pgsql-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15 SP1:proftpd-pgsql-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15 SP1:proftpd-radius-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15 SP1:proftpd-radius-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15 SP1:proftpd-radius-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15 SP1:proftpd-radius-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15 SP1:proftpd-sqlite-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15 SP1:proftpd-sqlite-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15 SP1:proftpd-sqlite-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15 SP1:proftpd-sqlite-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15:proftpd-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15:proftpd-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15:proftpd-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15:proftpd-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15:proftpd-devel-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15:proftpd-devel-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15:proftpd-devel-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15:proftpd-devel-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15:proftpd-doc-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15:proftpd-doc-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15:proftpd-doc-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15:proftpd-doc-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15:proftpd-lang-1.3.6c-bp151.4.9.1.noarch",
"SUSE Package Hub 15:proftpd-ldap-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15:proftpd-ldap-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15:proftpd-ldap-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15:proftpd-ldap-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15:proftpd-mysql-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15:proftpd-mysql-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15:proftpd-mysql-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15:proftpd-mysql-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15:proftpd-pgsql-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15:proftpd-pgsql-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15:proftpd-pgsql-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15:proftpd-pgsql-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15:proftpd-radius-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15:proftpd-radius-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15:proftpd-radius-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15:proftpd-radius-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15:proftpd-sqlite-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15:proftpd-sqlite-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15:proftpd-sqlite-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15:proftpd-sqlite-1.3.6c-bp151.4.9.1.x86_64",
"openSUSE Leap 15.1:proftpd-1.3.6c-bp151.4.9.1.aarch64",
"openSUSE Leap 15.1:proftpd-1.3.6c-bp151.4.9.1.ppc64le",
"openSUSE Leap 15.1:proftpd-1.3.6c-bp151.4.9.1.s390x",
"openSUSE Leap 15.1:proftpd-1.3.6c-bp151.4.9.1.x86_64",
"openSUSE Leap 15.1:proftpd-devel-1.3.6c-bp151.4.9.1.aarch64",
"openSUSE Leap 15.1:proftpd-devel-1.3.6c-bp151.4.9.1.ppc64le",
"openSUSE Leap 15.1:proftpd-devel-1.3.6c-bp151.4.9.1.s390x",
"openSUSE Leap 15.1:proftpd-devel-1.3.6c-bp151.4.9.1.x86_64",
"openSUSE Leap 15.1:proftpd-doc-1.3.6c-bp151.4.9.1.aarch64",
"openSUSE Leap 15.1:proftpd-doc-1.3.6c-bp151.4.9.1.ppc64le",
"openSUSE Leap 15.1:proftpd-doc-1.3.6c-bp151.4.9.1.s390x",
"openSUSE Leap 15.1:proftpd-doc-1.3.6c-bp151.4.9.1.x86_64",
"openSUSE Leap 15.1:proftpd-lang-1.3.6c-bp151.4.9.1.noarch",
"openSUSE Leap 15.1:proftpd-ldap-1.3.6c-bp151.4.9.1.aarch64",
"openSUSE Leap 15.1:proftpd-ldap-1.3.6c-bp151.4.9.1.ppc64le",
"openSUSE Leap 15.1:proftpd-ldap-1.3.6c-bp151.4.9.1.s390x",
"openSUSE Leap 15.1:proftpd-ldap-1.3.6c-bp151.4.9.1.x86_64",
"openSUSE Leap 15.1:proftpd-mysql-1.3.6c-bp151.4.9.1.aarch64",
"openSUSE Leap 15.1:proftpd-mysql-1.3.6c-bp151.4.9.1.ppc64le",
"openSUSE Leap 15.1:proftpd-mysql-1.3.6c-bp151.4.9.1.s390x",
"openSUSE Leap 15.1:proftpd-mysql-1.3.6c-bp151.4.9.1.x86_64",
"openSUSE Leap 15.1:proftpd-pgsql-1.3.6c-bp151.4.9.1.aarch64",
"openSUSE Leap 15.1:proftpd-pgsql-1.3.6c-bp151.4.9.1.ppc64le",
"openSUSE Leap 15.1:proftpd-pgsql-1.3.6c-bp151.4.9.1.s390x",
"openSUSE Leap 15.1:proftpd-pgsql-1.3.6c-bp151.4.9.1.x86_64",
"openSUSE Leap 15.1:proftpd-radius-1.3.6c-bp151.4.9.1.aarch64",
"openSUSE Leap 15.1:proftpd-radius-1.3.6c-bp151.4.9.1.ppc64le",
"openSUSE Leap 15.1:proftpd-radius-1.3.6c-bp151.4.9.1.s390x",
"openSUSE Leap 15.1:proftpd-radius-1.3.6c-bp151.4.9.1.x86_64",
"openSUSE Leap 15.1:proftpd-sqlite-1.3.6c-bp151.4.9.1.aarch64",
"openSUSE Leap 15.1:proftpd-sqlite-1.3.6c-bp151.4.9.1.ppc64le",
"openSUSE Leap 15.1:proftpd-sqlite-1.3.6c-bp151.4.9.1.s390x",
"openSUSE Leap 15.1:proftpd-sqlite-1.3.6c-bp151.4.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-9272",
"url": "https://www.suse.com/security/cve/CVE-2020-9272"
},
{
"category": "external",
"summary": "SUSE Bug 1164572 for CVE-2020-9272",
"url": "https://bugzilla.suse.com/1164572"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:proftpd-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15 SP1:proftpd-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15 SP1:proftpd-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15 SP1:proftpd-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15 SP1:proftpd-devel-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15 SP1:proftpd-devel-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15 SP1:proftpd-devel-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15 SP1:proftpd-devel-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15 SP1:proftpd-doc-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15 SP1:proftpd-doc-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15 SP1:proftpd-doc-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15 SP1:proftpd-doc-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15 SP1:proftpd-lang-1.3.6c-bp151.4.9.1.noarch",
"SUSE Package Hub 15 SP1:proftpd-ldap-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15 SP1:proftpd-ldap-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15 SP1:proftpd-ldap-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15 SP1:proftpd-ldap-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15 SP1:proftpd-mysql-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15 SP1:proftpd-mysql-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15 SP1:proftpd-mysql-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15 SP1:proftpd-mysql-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15 SP1:proftpd-pgsql-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15 SP1:proftpd-pgsql-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15 SP1:proftpd-pgsql-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15 SP1:proftpd-pgsql-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15 SP1:proftpd-radius-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15 SP1:proftpd-radius-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15 SP1:proftpd-radius-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15 SP1:proftpd-radius-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15 SP1:proftpd-sqlite-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15 SP1:proftpd-sqlite-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15 SP1:proftpd-sqlite-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15 SP1:proftpd-sqlite-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15:proftpd-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15:proftpd-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15:proftpd-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15:proftpd-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15:proftpd-devel-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15:proftpd-devel-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15:proftpd-devel-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15:proftpd-devel-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15:proftpd-doc-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15:proftpd-doc-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15:proftpd-doc-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15:proftpd-doc-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15:proftpd-lang-1.3.6c-bp151.4.9.1.noarch",
"SUSE Package Hub 15:proftpd-ldap-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15:proftpd-ldap-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15:proftpd-ldap-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15:proftpd-ldap-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15:proftpd-mysql-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15:proftpd-mysql-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15:proftpd-mysql-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15:proftpd-mysql-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15:proftpd-pgsql-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15:proftpd-pgsql-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15:proftpd-pgsql-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15:proftpd-pgsql-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15:proftpd-radius-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15:proftpd-radius-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15:proftpd-radius-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15:proftpd-radius-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15:proftpd-sqlite-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15:proftpd-sqlite-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15:proftpd-sqlite-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15:proftpd-sqlite-1.3.6c-bp151.4.9.1.x86_64",
"openSUSE Leap 15.1:proftpd-1.3.6c-bp151.4.9.1.aarch64",
"openSUSE Leap 15.1:proftpd-1.3.6c-bp151.4.9.1.ppc64le",
"openSUSE Leap 15.1:proftpd-1.3.6c-bp151.4.9.1.s390x",
"openSUSE Leap 15.1:proftpd-1.3.6c-bp151.4.9.1.x86_64",
"openSUSE Leap 15.1:proftpd-devel-1.3.6c-bp151.4.9.1.aarch64",
"openSUSE Leap 15.1:proftpd-devel-1.3.6c-bp151.4.9.1.ppc64le",
"openSUSE Leap 15.1:proftpd-devel-1.3.6c-bp151.4.9.1.s390x",
"openSUSE Leap 15.1:proftpd-devel-1.3.6c-bp151.4.9.1.x86_64",
"openSUSE Leap 15.1:proftpd-doc-1.3.6c-bp151.4.9.1.aarch64",
"openSUSE Leap 15.1:proftpd-doc-1.3.6c-bp151.4.9.1.ppc64le",
"openSUSE Leap 15.1:proftpd-doc-1.3.6c-bp151.4.9.1.s390x",
"openSUSE Leap 15.1:proftpd-doc-1.3.6c-bp151.4.9.1.x86_64",
"openSUSE Leap 15.1:proftpd-lang-1.3.6c-bp151.4.9.1.noarch",
"openSUSE Leap 15.1:proftpd-ldap-1.3.6c-bp151.4.9.1.aarch64",
"openSUSE Leap 15.1:proftpd-ldap-1.3.6c-bp151.4.9.1.ppc64le",
"openSUSE Leap 15.1:proftpd-ldap-1.3.6c-bp151.4.9.1.s390x",
"openSUSE Leap 15.1:proftpd-ldap-1.3.6c-bp151.4.9.1.x86_64",
"openSUSE Leap 15.1:proftpd-mysql-1.3.6c-bp151.4.9.1.aarch64",
"openSUSE Leap 15.1:proftpd-mysql-1.3.6c-bp151.4.9.1.ppc64le",
"openSUSE Leap 15.1:proftpd-mysql-1.3.6c-bp151.4.9.1.s390x",
"openSUSE Leap 15.1:proftpd-mysql-1.3.6c-bp151.4.9.1.x86_64",
"openSUSE Leap 15.1:proftpd-pgsql-1.3.6c-bp151.4.9.1.aarch64",
"openSUSE Leap 15.1:proftpd-pgsql-1.3.6c-bp151.4.9.1.ppc64le",
"openSUSE Leap 15.1:proftpd-pgsql-1.3.6c-bp151.4.9.1.s390x",
"openSUSE Leap 15.1:proftpd-pgsql-1.3.6c-bp151.4.9.1.x86_64",
"openSUSE Leap 15.1:proftpd-radius-1.3.6c-bp151.4.9.1.aarch64",
"openSUSE Leap 15.1:proftpd-radius-1.3.6c-bp151.4.9.1.ppc64le",
"openSUSE Leap 15.1:proftpd-radius-1.3.6c-bp151.4.9.1.s390x",
"openSUSE Leap 15.1:proftpd-radius-1.3.6c-bp151.4.9.1.x86_64",
"openSUSE Leap 15.1:proftpd-sqlite-1.3.6c-bp151.4.9.1.aarch64",
"openSUSE Leap 15.1:proftpd-sqlite-1.3.6c-bp151.4.9.1.ppc64le",
"openSUSE Leap 15.1:proftpd-sqlite-1.3.6c-bp151.4.9.1.s390x",
"openSUSE Leap 15.1:proftpd-sqlite-1.3.6c-bp151.4.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:proftpd-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15 SP1:proftpd-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15 SP1:proftpd-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15 SP1:proftpd-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15 SP1:proftpd-devel-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15 SP1:proftpd-devel-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15 SP1:proftpd-devel-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15 SP1:proftpd-devel-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15 SP1:proftpd-doc-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15 SP1:proftpd-doc-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15 SP1:proftpd-doc-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15 SP1:proftpd-doc-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15 SP1:proftpd-lang-1.3.6c-bp151.4.9.1.noarch",
"SUSE Package Hub 15 SP1:proftpd-ldap-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15 SP1:proftpd-ldap-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15 SP1:proftpd-ldap-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15 SP1:proftpd-ldap-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15 SP1:proftpd-mysql-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15 SP1:proftpd-mysql-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15 SP1:proftpd-mysql-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15 SP1:proftpd-mysql-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15 SP1:proftpd-pgsql-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15 SP1:proftpd-pgsql-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15 SP1:proftpd-pgsql-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15 SP1:proftpd-pgsql-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15 SP1:proftpd-radius-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15 SP1:proftpd-radius-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15 SP1:proftpd-radius-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15 SP1:proftpd-radius-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15 SP1:proftpd-sqlite-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15 SP1:proftpd-sqlite-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15 SP1:proftpd-sqlite-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15 SP1:proftpd-sqlite-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15:proftpd-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15:proftpd-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15:proftpd-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15:proftpd-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15:proftpd-devel-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15:proftpd-devel-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15:proftpd-devel-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15:proftpd-devel-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15:proftpd-doc-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15:proftpd-doc-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15:proftpd-doc-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15:proftpd-doc-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15:proftpd-lang-1.3.6c-bp151.4.9.1.noarch",
"SUSE Package Hub 15:proftpd-ldap-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15:proftpd-ldap-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15:proftpd-ldap-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15:proftpd-ldap-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15:proftpd-mysql-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15:proftpd-mysql-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15:proftpd-mysql-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15:proftpd-mysql-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15:proftpd-pgsql-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15:proftpd-pgsql-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15:proftpd-pgsql-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15:proftpd-pgsql-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15:proftpd-radius-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15:proftpd-radius-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15:proftpd-radius-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15:proftpd-radius-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15:proftpd-sqlite-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15:proftpd-sqlite-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15:proftpd-sqlite-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15:proftpd-sqlite-1.3.6c-bp151.4.9.1.x86_64",
"openSUSE Leap 15.1:proftpd-1.3.6c-bp151.4.9.1.aarch64",
"openSUSE Leap 15.1:proftpd-1.3.6c-bp151.4.9.1.ppc64le",
"openSUSE Leap 15.1:proftpd-1.3.6c-bp151.4.9.1.s390x",
"openSUSE Leap 15.1:proftpd-1.3.6c-bp151.4.9.1.x86_64",
"openSUSE Leap 15.1:proftpd-devel-1.3.6c-bp151.4.9.1.aarch64",
"openSUSE Leap 15.1:proftpd-devel-1.3.6c-bp151.4.9.1.ppc64le",
"openSUSE Leap 15.1:proftpd-devel-1.3.6c-bp151.4.9.1.s390x",
"openSUSE Leap 15.1:proftpd-devel-1.3.6c-bp151.4.9.1.x86_64",
"openSUSE Leap 15.1:proftpd-doc-1.3.6c-bp151.4.9.1.aarch64",
"openSUSE Leap 15.1:proftpd-doc-1.3.6c-bp151.4.9.1.ppc64le",
"openSUSE Leap 15.1:proftpd-doc-1.3.6c-bp151.4.9.1.s390x",
"openSUSE Leap 15.1:proftpd-doc-1.3.6c-bp151.4.9.1.x86_64",
"openSUSE Leap 15.1:proftpd-lang-1.3.6c-bp151.4.9.1.noarch",
"openSUSE Leap 15.1:proftpd-ldap-1.3.6c-bp151.4.9.1.aarch64",
"openSUSE Leap 15.1:proftpd-ldap-1.3.6c-bp151.4.9.1.ppc64le",
"openSUSE Leap 15.1:proftpd-ldap-1.3.6c-bp151.4.9.1.s390x",
"openSUSE Leap 15.1:proftpd-ldap-1.3.6c-bp151.4.9.1.x86_64",
"openSUSE Leap 15.1:proftpd-mysql-1.3.6c-bp151.4.9.1.aarch64",
"openSUSE Leap 15.1:proftpd-mysql-1.3.6c-bp151.4.9.1.ppc64le",
"openSUSE Leap 15.1:proftpd-mysql-1.3.6c-bp151.4.9.1.s390x",
"openSUSE Leap 15.1:proftpd-mysql-1.3.6c-bp151.4.9.1.x86_64",
"openSUSE Leap 15.1:proftpd-pgsql-1.3.6c-bp151.4.9.1.aarch64",
"openSUSE Leap 15.1:proftpd-pgsql-1.3.6c-bp151.4.9.1.ppc64le",
"openSUSE Leap 15.1:proftpd-pgsql-1.3.6c-bp151.4.9.1.s390x",
"openSUSE Leap 15.1:proftpd-pgsql-1.3.6c-bp151.4.9.1.x86_64",
"openSUSE Leap 15.1:proftpd-radius-1.3.6c-bp151.4.9.1.aarch64",
"openSUSE Leap 15.1:proftpd-radius-1.3.6c-bp151.4.9.1.ppc64le",
"openSUSE Leap 15.1:proftpd-radius-1.3.6c-bp151.4.9.1.s390x",
"openSUSE Leap 15.1:proftpd-radius-1.3.6c-bp151.4.9.1.x86_64",
"openSUSE Leap 15.1:proftpd-sqlite-1.3.6c-bp151.4.9.1.aarch64",
"openSUSE Leap 15.1:proftpd-sqlite-1.3.6c-bp151.4.9.1.ppc64le",
"openSUSE Leap 15.1:proftpd-sqlite-1.3.6c-bp151.4.9.1.s390x",
"openSUSE Leap 15.1:proftpd-sqlite-1.3.6c-bp151.4.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-03-01T17:13:15Z",
"details": "important"
}
],
"title": "CVE-2020-9272"
},
{
"cve": "CVE-2020-9273",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-9273"
}
],
"notes": [
{
"category": "general",
"text": "In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:proftpd-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15 SP1:proftpd-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15 SP1:proftpd-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15 SP1:proftpd-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15 SP1:proftpd-devel-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15 SP1:proftpd-devel-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15 SP1:proftpd-devel-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15 SP1:proftpd-devel-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15 SP1:proftpd-doc-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15 SP1:proftpd-doc-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15 SP1:proftpd-doc-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15 SP1:proftpd-doc-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15 SP1:proftpd-lang-1.3.6c-bp151.4.9.1.noarch",
"SUSE Package Hub 15 SP1:proftpd-ldap-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15 SP1:proftpd-ldap-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15 SP1:proftpd-ldap-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15 SP1:proftpd-ldap-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15 SP1:proftpd-mysql-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15 SP1:proftpd-mysql-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15 SP1:proftpd-mysql-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15 SP1:proftpd-mysql-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15 SP1:proftpd-pgsql-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15 SP1:proftpd-pgsql-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15 SP1:proftpd-pgsql-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15 SP1:proftpd-pgsql-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15 SP1:proftpd-radius-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15 SP1:proftpd-radius-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15 SP1:proftpd-radius-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15 SP1:proftpd-radius-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15 SP1:proftpd-sqlite-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15 SP1:proftpd-sqlite-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15 SP1:proftpd-sqlite-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15 SP1:proftpd-sqlite-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15:proftpd-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15:proftpd-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15:proftpd-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15:proftpd-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15:proftpd-devel-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15:proftpd-devel-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15:proftpd-devel-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15:proftpd-devel-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15:proftpd-doc-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15:proftpd-doc-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15:proftpd-doc-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15:proftpd-doc-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15:proftpd-lang-1.3.6c-bp151.4.9.1.noarch",
"SUSE Package Hub 15:proftpd-ldap-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15:proftpd-ldap-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15:proftpd-ldap-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15:proftpd-ldap-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15:proftpd-mysql-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15:proftpd-mysql-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15:proftpd-mysql-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15:proftpd-mysql-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15:proftpd-pgsql-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15:proftpd-pgsql-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15:proftpd-pgsql-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15:proftpd-pgsql-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15:proftpd-radius-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15:proftpd-radius-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15:proftpd-radius-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15:proftpd-radius-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15:proftpd-sqlite-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15:proftpd-sqlite-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15:proftpd-sqlite-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15:proftpd-sqlite-1.3.6c-bp151.4.9.1.x86_64",
"openSUSE Leap 15.1:proftpd-1.3.6c-bp151.4.9.1.aarch64",
"openSUSE Leap 15.1:proftpd-1.3.6c-bp151.4.9.1.ppc64le",
"openSUSE Leap 15.1:proftpd-1.3.6c-bp151.4.9.1.s390x",
"openSUSE Leap 15.1:proftpd-1.3.6c-bp151.4.9.1.x86_64",
"openSUSE Leap 15.1:proftpd-devel-1.3.6c-bp151.4.9.1.aarch64",
"openSUSE Leap 15.1:proftpd-devel-1.3.6c-bp151.4.9.1.ppc64le",
"openSUSE Leap 15.1:proftpd-devel-1.3.6c-bp151.4.9.1.s390x",
"openSUSE Leap 15.1:proftpd-devel-1.3.6c-bp151.4.9.1.x86_64",
"openSUSE Leap 15.1:proftpd-doc-1.3.6c-bp151.4.9.1.aarch64",
"openSUSE Leap 15.1:proftpd-doc-1.3.6c-bp151.4.9.1.ppc64le",
"openSUSE Leap 15.1:proftpd-doc-1.3.6c-bp151.4.9.1.s390x",
"openSUSE Leap 15.1:proftpd-doc-1.3.6c-bp151.4.9.1.x86_64",
"openSUSE Leap 15.1:proftpd-lang-1.3.6c-bp151.4.9.1.noarch",
"openSUSE Leap 15.1:proftpd-ldap-1.3.6c-bp151.4.9.1.aarch64",
"openSUSE Leap 15.1:proftpd-ldap-1.3.6c-bp151.4.9.1.ppc64le",
"openSUSE Leap 15.1:proftpd-ldap-1.3.6c-bp151.4.9.1.s390x",
"openSUSE Leap 15.1:proftpd-ldap-1.3.6c-bp151.4.9.1.x86_64",
"openSUSE Leap 15.1:proftpd-mysql-1.3.6c-bp151.4.9.1.aarch64",
"openSUSE Leap 15.1:proftpd-mysql-1.3.6c-bp151.4.9.1.ppc64le",
"openSUSE Leap 15.1:proftpd-mysql-1.3.6c-bp151.4.9.1.s390x",
"openSUSE Leap 15.1:proftpd-mysql-1.3.6c-bp151.4.9.1.x86_64",
"openSUSE Leap 15.1:proftpd-pgsql-1.3.6c-bp151.4.9.1.aarch64",
"openSUSE Leap 15.1:proftpd-pgsql-1.3.6c-bp151.4.9.1.ppc64le",
"openSUSE Leap 15.1:proftpd-pgsql-1.3.6c-bp151.4.9.1.s390x",
"openSUSE Leap 15.1:proftpd-pgsql-1.3.6c-bp151.4.9.1.x86_64",
"openSUSE Leap 15.1:proftpd-radius-1.3.6c-bp151.4.9.1.aarch64",
"openSUSE Leap 15.1:proftpd-radius-1.3.6c-bp151.4.9.1.ppc64le",
"openSUSE Leap 15.1:proftpd-radius-1.3.6c-bp151.4.9.1.s390x",
"openSUSE Leap 15.1:proftpd-radius-1.3.6c-bp151.4.9.1.x86_64",
"openSUSE Leap 15.1:proftpd-sqlite-1.3.6c-bp151.4.9.1.aarch64",
"openSUSE Leap 15.1:proftpd-sqlite-1.3.6c-bp151.4.9.1.ppc64le",
"openSUSE Leap 15.1:proftpd-sqlite-1.3.6c-bp151.4.9.1.s390x",
"openSUSE Leap 15.1:proftpd-sqlite-1.3.6c-bp151.4.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-9273",
"url": "https://www.suse.com/security/cve/CVE-2020-9273"
},
{
"category": "external",
"summary": "SUSE Bug 1164574 for CVE-2020-9273",
"url": "https://bugzilla.suse.com/1164574"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:proftpd-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15 SP1:proftpd-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15 SP1:proftpd-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15 SP1:proftpd-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15 SP1:proftpd-devel-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15 SP1:proftpd-devel-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15 SP1:proftpd-devel-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15 SP1:proftpd-devel-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15 SP1:proftpd-doc-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15 SP1:proftpd-doc-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15 SP1:proftpd-doc-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15 SP1:proftpd-doc-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15 SP1:proftpd-lang-1.3.6c-bp151.4.9.1.noarch",
"SUSE Package Hub 15 SP1:proftpd-ldap-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15 SP1:proftpd-ldap-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15 SP1:proftpd-ldap-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15 SP1:proftpd-ldap-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15 SP1:proftpd-mysql-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15 SP1:proftpd-mysql-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15 SP1:proftpd-mysql-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15 SP1:proftpd-mysql-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15 SP1:proftpd-pgsql-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15 SP1:proftpd-pgsql-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15 SP1:proftpd-pgsql-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15 SP1:proftpd-pgsql-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15 SP1:proftpd-radius-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15 SP1:proftpd-radius-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15 SP1:proftpd-radius-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15 SP1:proftpd-radius-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15 SP1:proftpd-sqlite-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15 SP1:proftpd-sqlite-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15 SP1:proftpd-sqlite-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15 SP1:proftpd-sqlite-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15:proftpd-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15:proftpd-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15:proftpd-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15:proftpd-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15:proftpd-devel-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15:proftpd-devel-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15:proftpd-devel-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15:proftpd-devel-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15:proftpd-doc-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15:proftpd-doc-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15:proftpd-doc-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15:proftpd-doc-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15:proftpd-lang-1.3.6c-bp151.4.9.1.noarch",
"SUSE Package Hub 15:proftpd-ldap-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15:proftpd-ldap-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15:proftpd-ldap-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15:proftpd-ldap-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15:proftpd-mysql-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15:proftpd-mysql-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15:proftpd-mysql-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15:proftpd-mysql-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15:proftpd-pgsql-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15:proftpd-pgsql-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15:proftpd-pgsql-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15:proftpd-pgsql-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15:proftpd-radius-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15:proftpd-radius-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15:proftpd-radius-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15:proftpd-radius-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15:proftpd-sqlite-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15:proftpd-sqlite-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15:proftpd-sqlite-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15:proftpd-sqlite-1.3.6c-bp151.4.9.1.x86_64",
"openSUSE Leap 15.1:proftpd-1.3.6c-bp151.4.9.1.aarch64",
"openSUSE Leap 15.1:proftpd-1.3.6c-bp151.4.9.1.ppc64le",
"openSUSE Leap 15.1:proftpd-1.3.6c-bp151.4.9.1.s390x",
"openSUSE Leap 15.1:proftpd-1.3.6c-bp151.4.9.1.x86_64",
"openSUSE Leap 15.1:proftpd-devel-1.3.6c-bp151.4.9.1.aarch64",
"openSUSE Leap 15.1:proftpd-devel-1.3.6c-bp151.4.9.1.ppc64le",
"openSUSE Leap 15.1:proftpd-devel-1.3.6c-bp151.4.9.1.s390x",
"openSUSE Leap 15.1:proftpd-devel-1.3.6c-bp151.4.9.1.x86_64",
"openSUSE Leap 15.1:proftpd-doc-1.3.6c-bp151.4.9.1.aarch64",
"openSUSE Leap 15.1:proftpd-doc-1.3.6c-bp151.4.9.1.ppc64le",
"openSUSE Leap 15.1:proftpd-doc-1.3.6c-bp151.4.9.1.s390x",
"openSUSE Leap 15.1:proftpd-doc-1.3.6c-bp151.4.9.1.x86_64",
"openSUSE Leap 15.1:proftpd-lang-1.3.6c-bp151.4.9.1.noarch",
"openSUSE Leap 15.1:proftpd-ldap-1.3.6c-bp151.4.9.1.aarch64",
"openSUSE Leap 15.1:proftpd-ldap-1.3.6c-bp151.4.9.1.ppc64le",
"openSUSE Leap 15.1:proftpd-ldap-1.3.6c-bp151.4.9.1.s390x",
"openSUSE Leap 15.1:proftpd-ldap-1.3.6c-bp151.4.9.1.x86_64",
"openSUSE Leap 15.1:proftpd-mysql-1.3.6c-bp151.4.9.1.aarch64",
"openSUSE Leap 15.1:proftpd-mysql-1.3.6c-bp151.4.9.1.ppc64le",
"openSUSE Leap 15.1:proftpd-mysql-1.3.6c-bp151.4.9.1.s390x",
"openSUSE Leap 15.1:proftpd-mysql-1.3.6c-bp151.4.9.1.x86_64",
"openSUSE Leap 15.1:proftpd-pgsql-1.3.6c-bp151.4.9.1.aarch64",
"openSUSE Leap 15.1:proftpd-pgsql-1.3.6c-bp151.4.9.1.ppc64le",
"openSUSE Leap 15.1:proftpd-pgsql-1.3.6c-bp151.4.9.1.s390x",
"openSUSE Leap 15.1:proftpd-pgsql-1.3.6c-bp151.4.9.1.x86_64",
"openSUSE Leap 15.1:proftpd-radius-1.3.6c-bp151.4.9.1.aarch64",
"openSUSE Leap 15.1:proftpd-radius-1.3.6c-bp151.4.9.1.ppc64le",
"openSUSE Leap 15.1:proftpd-radius-1.3.6c-bp151.4.9.1.s390x",
"openSUSE Leap 15.1:proftpd-radius-1.3.6c-bp151.4.9.1.x86_64",
"openSUSE Leap 15.1:proftpd-sqlite-1.3.6c-bp151.4.9.1.aarch64",
"openSUSE Leap 15.1:proftpd-sqlite-1.3.6c-bp151.4.9.1.ppc64le",
"openSUSE Leap 15.1:proftpd-sqlite-1.3.6c-bp151.4.9.1.s390x",
"openSUSE Leap 15.1:proftpd-sqlite-1.3.6c-bp151.4.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:proftpd-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15 SP1:proftpd-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15 SP1:proftpd-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15 SP1:proftpd-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15 SP1:proftpd-devel-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15 SP1:proftpd-devel-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15 SP1:proftpd-devel-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15 SP1:proftpd-devel-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15 SP1:proftpd-doc-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15 SP1:proftpd-doc-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15 SP1:proftpd-doc-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15 SP1:proftpd-doc-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15 SP1:proftpd-lang-1.3.6c-bp151.4.9.1.noarch",
"SUSE Package Hub 15 SP1:proftpd-ldap-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15 SP1:proftpd-ldap-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15 SP1:proftpd-ldap-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15 SP1:proftpd-ldap-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15 SP1:proftpd-mysql-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15 SP1:proftpd-mysql-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15 SP1:proftpd-mysql-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15 SP1:proftpd-mysql-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15 SP1:proftpd-pgsql-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15 SP1:proftpd-pgsql-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15 SP1:proftpd-pgsql-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15 SP1:proftpd-pgsql-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15 SP1:proftpd-radius-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15 SP1:proftpd-radius-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15 SP1:proftpd-radius-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15 SP1:proftpd-radius-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15 SP1:proftpd-sqlite-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15 SP1:proftpd-sqlite-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15 SP1:proftpd-sqlite-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15 SP1:proftpd-sqlite-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15:proftpd-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15:proftpd-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15:proftpd-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15:proftpd-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15:proftpd-devel-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15:proftpd-devel-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15:proftpd-devel-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15:proftpd-devel-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15:proftpd-doc-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15:proftpd-doc-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15:proftpd-doc-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15:proftpd-doc-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15:proftpd-lang-1.3.6c-bp151.4.9.1.noarch",
"SUSE Package Hub 15:proftpd-ldap-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15:proftpd-ldap-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15:proftpd-ldap-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15:proftpd-ldap-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15:proftpd-mysql-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15:proftpd-mysql-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15:proftpd-mysql-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15:proftpd-mysql-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15:proftpd-pgsql-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15:proftpd-pgsql-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15:proftpd-pgsql-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15:proftpd-pgsql-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15:proftpd-radius-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15:proftpd-radius-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15:proftpd-radius-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15:proftpd-radius-1.3.6c-bp151.4.9.1.x86_64",
"SUSE Package Hub 15:proftpd-sqlite-1.3.6c-bp151.4.9.1.aarch64",
"SUSE Package Hub 15:proftpd-sqlite-1.3.6c-bp151.4.9.1.ppc64le",
"SUSE Package Hub 15:proftpd-sqlite-1.3.6c-bp151.4.9.1.s390x",
"SUSE Package Hub 15:proftpd-sqlite-1.3.6c-bp151.4.9.1.x86_64",
"openSUSE Leap 15.1:proftpd-1.3.6c-bp151.4.9.1.aarch64",
"openSUSE Leap 15.1:proftpd-1.3.6c-bp151.4.9.1.ppc64le",
"openSUSE Leap 15.1:proftpd-1.3.6c-bp151.4.9.1.s390x",
"openSUSE Leap 15.1:proftpd-1.3.6c-bp151.4.9.1.x86_64",
"openSUSE Leap 15.1:proftpd-devel-1.3.6c-bp151.4.9.1.aarch64",
"openSUSE Leap 15.1:proftpd-devel-1.3.6c-bp151.4.9.1.ppc64le",
"openSUSE Leap 15.1:proftpd-devel-1.3.6c-bp151.4.9.1.s390x",
"openSUSE Leap 15.1:proftpd-devel-1.3.6c-bp151.4.9.1.x86_64",
"openSUSE Leap 15.1:proftpd-doc-1.3.6c-bp151.4.9.1.aarch64",
"openSUSE Leap 15.1:proftpd-doc-1.3.6c-bp151.4.9.1.ppc64le",
"openSUSE Leap 15.1:proftpd-doc-1.3.6c-bp151.4.9.1.s390x",
"openSUSE Leap 15.1:proftpd-doc-1.3.6c-bp151.4.9.1.x86_64",
"openSUSE Leap 15.1:proftpd-lang-1.3.6c-bp151.4.9.1.noarch",
"openSUSE Leap 15.1:proftpd-ldap-1.3.6c-bp151.4.9.1.aarch64",
"openSUSE Leap 15.1:proftpd-ldap-1.3.6c-bp151.4.9.1.ppc64le",
"openSUSE Leap 15.1:proftpd-ldap-1.3.6c-bp151.4.9.1.s390x",
"openSUSE Leap 15.1:proftpd-ldap-1.3.6c-bp151.4.9.1.x86_64",
"openSUSE Leap 15.1:proftpd-mysql-1.3.6c-bp151.4.9.1.aarch64",
"openSUSE Leap 15.1:proftpd-mysql-1.3.6c-bp151.4.9.1.ppc64le",
"openSUSE Leap 15.1:proftpd-mysql-1.3.6c-bp151.4.9.1.s390x",
"openSUSE Leap 15.1:proftpd-mysql-1.3.6c-bp151.4.9.1.x86_64",
"openSUSE Leap 15.1:proftpd-pgsql-1.3.6c-bp151.4.9.1.aarch64",
"openSUSE Leap 15.1:proftpd-pgsql-1.3.6c-bp151.4.9.1.ppc64le",
"openSUSE Leap 15.1:proftpd-pgsql-1.3.6c-bp151.4.9.1.s390x",
"openSUSE Leap 15.1:proftpd-pgsql-1.3.6c-bp151.4.9.1.x86_64",
"openSUSE Leap 15.1:proftpd-radius-1.3.6c-bp151.4.9.1.aarch64",
"openSUSE Leap 15.1:proftpd-radius-1.3.6c-bp151.4.9.1.ppc64le",
"openSUSE Leap 15.1:proftpd-radius-1.3.6c-bp151.4.9.1.s390x",
"openSUSE Leap 15.1:proftpd-radius-1.3.6c-bp151.4.9.1.x86_64",
"openSUSE Leap 15.1:proftpd-sqlite-1.3.6c-bp151.4.9.1.aarch64",
"openSUSE Leap 15.1:proftpd-sqlite-1.3.6c-bp151.4.9.1.ppc64le",
"openSUSE Leap 15.1:proftpd-sqlite-1.3.6c-bp151.4.9.1.s390x",
"openSUSE Leap 15.1:proftpd-sqlite-1.3.6c-bp151.4.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-03-01T17:13:15Z",
"details": "important"
}
],
"title": "CVE-2020-9273"
}
]
}
opensuse-su-2024:11196-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
proftpd-1.3.6e-1.10 on GA media
Notes
Title of the patch
proftpd-1.3.6e-1.10 on GA media
Description of the patch
These are all security issues fixed in the proftpd-1.3.6e-1.10 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11196
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "proftpd-1.3.6e-1.10 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the proftpd-1.3.6e-1.10 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11196",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11196-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2006-5815 page",
"url": "https://www.suse.com/security/cve/CVE-2006-5815/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7418 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7418/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12815 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12815/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-18217 page",
"url": "https://www.suse.com/security/cve/CVE-2019-18217/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19269 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19269/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-9272 page",
"url": "https://www.suse.com/security/cve/CVE-2020-9272/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-9273 page",
"url": "https://www.suse.com/security/cve/CVE-2020-9273/"
}
],
"title": "proftpd-1.3.6e-1.10 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11196-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "proftpd-1.3.6e-1.10.aarch64",
"product": {
"name": "proftpd-1.3.6e-1.10.aarch64",
"product_id": "proftpd-1.3.6e-1.10.aarch64"
}
},
{
"category": "product_version",
"name": "proftpd-devel-1.3.6e-1.10.aarch64",
"product": {
"name": "proftpd-devel-1.3.6e-1.10.aarch64",
"product_id": "proftpd-devel-1.3.6e-1.10.aarch64"
}
},
{
"category": "product_version",
"name": "proftpd-doc-1.3.6e-1.10.aarch64",
"product": {
"name": "proftpd-doc-1.3.6e-1.10.aarch64",
"product_id": "proftpd-doc-1.3.6e-1.10.aarch64"
}
},
{
"category": "product_version",
"name": "proftpd-lang-1.3.6e-1.10.aarch64",
"product": {
"name": "proftpd-lang-1.3.6e-1.10.aarch64",
"product_id": "proftpd-lang-1.3.6e-1.10.aarch64"
}
},
{
"category": "product_version",
"name": "proftpd-ldap-1.3.6e-1.10.aarch64",
"product": {
"name": "proftpd-ldap-1.3.6e-1.10.aarch64",
"product_id": "proftpd-ldap-1.3.6e-1.10.aarch64"
}
},
{
"category": "product_version",
"name": "proftpd-mysql-1.3.6e-1.10.aarch64",
"product": {
"name": "proftpd-mysql-1.3.6e-1.10.aarch64",
"product_id": "proftpd-mysql-1.3.6e-1.10.aarch64"
}
},
{
"category": "product_version",
"name": "proftpd-pgsql-1.3.6e-1.10.aarch64",
"product": {
"name": "proftpd-pgsql-1.3.6e-1.10.aarch64",
"product_id": "proftpd-pgsql-1.3.6e-1.10.aarch64"
}
},
{
"category": "product_version",
"name": "proftpd-radius-1.3.6e-1.10.aarch64",
"product": {
"name": "proftpd-radius-1.3.6e-1.10.aarch64",
"product_id": "proftpd-radius-1.3.6e-1.10.aarch64"
}
},
{
"category": "product_version",
"name": "proftpd-sqlite-1.3.6e-1.10.aarch64",
"product": {
"name": "proftpd-sqlite-1.3.6e-1.10.aarch64",
"product_id": "proftpd-sqlite-1.3.6e-1.10.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "proftpd-1.3.6e-1.10.ppc64le",
"product": {
"name": "proftpd-1.3.6e-1.10.ppc64le",
"product_id": "proftpd-1.3.6e-1.10.ppc64le"
}
},
{
"category": "product_version",
"name": "proftpd-devel-1.3.6e-1.10.ppc64le",
"product": {
"name": "proftpd-devel-1.3.6e-1.10.ppc64le",
"product_id": "proftpd-devel-1.3.6e-1.10.ppc64le"
}
},
{
"category": "product_version",
"name": "proftpd-doc-1.3.6e-1.10.ppc64le",
"product": {
"name": "proftpd-doc-1.3.6e-1.10.ppc64le",
"product_id": "proftpd-doc-1.3.6e-1.10.ppc64le"
}
},
{
"category": "product_version",
"name": "proftpd-lang-1.3.6e-1.10.ppc64le",
"product": {
"name": "proftpd-lang-1.3.6e-1.10.ppc64le",
"product_id": "proftpd-lang-1.3.6e-1.10.ppc64le"
}
},
{
"category": "product_version",
"name": "proftpd-ldap-1.3.6e-1.10.ppc64le",
"product": {
"name": "proftpd-ldap-1.3.6e-1.10.ppc64le",
"product_id": "proftpd-ldap-1.3.6e-1.10.ppc64le"
}
},
{
"category": "product_version",
"name": "proftpd-mysql-1.3.6e-1.10.ppc64le",
"product": {
"name": "proftpd-mysql-1.3.6e-1.10.ppc64le",
"product_id": "proftpd-mysql-1.3.6e-1.10.ppc64le"
}
},
{
"category": "product_version",
"name": "proftpd-pgsql-1.3.6e-1.10.ppc64le",
"product": {
"name": "proftpd-pgsql-1.3.6e-1.10.ppc64le",
"product_id": "proftpd-pgsql-1.3.6e-1.10.ppc64le"
}
},
{
"category": "product_version",
"name": "proftpd-radius-1.3.6e-1.10.ppc64le",
"product": {
"name": "proftpd-radius-1.3.6e-1.10.ppc64le",
"product_id": "proftpd-radius-1.3.6e-1.10.ppc64le"
}
},
{
"category": "product_version",
"name": "proftpd-sqlite-1.3.6e-1.10.ppc64le",
"product": {
"name": "proftpd-sqlite-1.3.6e-1.10.ppc64le",
"product_id": "proftpd-sqlite-1.3.6e-1.10.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "proftpd-1.3.6e-1.10.s390x",
"product": {
"name": "proftpd-1.3.6e-1.10.s390x",
"product_id": "proftpd-1.3.6e-1.10.s390x"
}
},
{
"category": "product_version",
"name": "proftpd-devel-1.3.6e-1.10.s390x",
"product": {
"name": "proftpd-devel-1.3.6e-1.10.s390x",
"product_id": "proftpd-devel-1.3.6e-1.10.s390x"
}
},
{
"category": "product_version",
"name": "proftpd-doc-1.3.6e-1.10.s390x",
"product": {
"name": "proftpd-doc-1.3.6e-1.10.s390x",
"product_id": "proftpd-doc-1.3.6e-1.10.s390x"
}
},
{
"category": "product_version",
"name": "proftpd-lang-1.3.6e-1.10.s390x",
"product": {
"name": "proftpd-lang-1.3.6e-1.10.s390x",
"product_id": "proftpd-lang-1.3.6e-1.10.s390x"
}
},
{
"category": "product_version",
"name": "proftpd-ldap-1.3.6e-1.10.s390x",
"product": {
"name": "proftpd-ldap-1.3.6e-1.10.s390x",
"product_id": "proftpd-ldap-1.3.6e-1.10.s390x"
}
},
{
"category": "product_version",
"name": "proftpd-mysql-1.3.6e-1.10.s390x",
"product": {
"name": "proftpd-mysql-1.3.6e-1.10.s390x",
"product_id": "proftpd-mysql-1.3.6e-1.10.s390x"
}
},
{
"category": "product_version",
"name": "proftpd-pgsql-1.3.6e-1.10.s390x",
"product": {
"name": "proftpd-pgsql-1.3.6e-1.10.s390x",
"product_id": "proftpd-pgsql-1.3.6e-1.10.s390x"
}
},
{
"category": "product_version",
"name": "proftpd-radius-1.3.6e-1.10.s390x",
"product": {
"name": "proftpd-radius-1.3.6e-1.10.s390x",
"product_id": "proftpd-radius-1.3.6e-1.10.s390x"
}
},
{
"category": "product_version",
"name": "proftpd-sqlite-1.3.6e-1.10.s390x",
"product": {
"name": "proftpd-sqlite-1.3.6e-1.10.s390x",
"product_id": "proftpd-sqlite-1.3.6e-1.10.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "proftpd-1.3.6e-1.10.x86_64",
"product": {
"name": "proftpd-1.3.6e-1.10.x86_64",
"product_id": "proftpd-1.3.6e-1.10.x86_64"
}
},
{
"category": "product_version",
"name": "proftpd-devel-1.3.6e-1.10.x86_64",
"product": {
"name": "proftpd-devel-1.3.6e-1.10.x86_64",
"product_id": "proftpd-devel-1.3.6e-1.10.x86_64"
}
},
{
"category": "product_version",
"name": "proftpd-doc-1.3.6e-1.10.x86_64",
"product": {
"name": "proftpd-doc-1.3.6e-1.10.x86_64",
"product_id": "proftpd-doc-1.3.6e-1.10.x86_64"
}
},
{
"category": "product_version",
"name": "proftpd-lang-1.3.6e-1.10.x86_64",
"product": {
"name": "proftpd-lang-1.3.6e-1.10.x86_64",
"product_id": "proftpd-lang-1.3.6e-1.10.x86_64"
}
},
{
"category": "product_version",
"name": "proftpd-ldap-1.3.6e-1.10.x86_64",
"product": {
"name": "proftpd-ldap-1.3.6e-1.10.x86_64",
"product_id": "proftpd-ldap-1.3.6e-1.10.x86_64"
}
},
{
"category": "product_version",
"name": "proftpd-mysql-1.3.6e-1.10.x86_64",
"product": {
"name": "proftpd-mysql-1.3.6e-1.10.x86_64",
"product_id": "proftpd-mysql-1.3.6e-1.10.x86_64"
}
},
{
"category": "product_version",
"name": "proftpd-pgsql-1.3.6e-1.10.x86_64",
"product": {
"name": "proftpd-pgsql-1.3.6e-1.10.x86_64",
"product_id": "proftpd-pgsql-1.3.6e-1.10.x86_64"
}
},
{
"category": "product_version",
"name": "proftpd-radius-1.3.6e-1.10.x86_64",
"product": {
"name": "proftpd-radius-1.3.6e-1.10.x86_64",
"product_id": "proftpd-radius-1.3.6e-1.10.x86_64"
}
},
{
"category": "product_version",
"name": "proftpd-sqlite-1.3.6e-1.10.x86_64",
"product": {
"name": "proftpd-sqlite-1.3.6e-1.10.x86_64",
"product_id": "proftpd-sqlite-1.3.6e-1.10.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-1.3.6e-1.10.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:proftpd-1.3.6e-1.10.aarch64"
},
"product_reference": "proftpd-1.3.6e-1.10.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-1.3.6e-1.10.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:proftpd-1.3.6e-1.10.ppc64le"
},
"product_reference": "proftpd-1.3.6e-1.10.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-1.3.6e-1.10.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:proftpd-1.3.6e-1.10.s390x"
},
"product_reference": "proftpd-1.3.6e-1.10.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-1.3.6e-1.10.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:proftpd-1.3.6e-1.10.x86_64"
},
"product_reference": "proftpd-1.3.6e-1.10.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-devel-1.3.6e-1.10.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.aarch64"
},
"product_reference": "proftpd-devel-1.3.6e-1.10.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-devel-1.3.6e-1.10.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.ppc64le"
},
"product_reference": "proftpd-devel-1.3.6e-1.10.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-devel-1.3.6e-1.10.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.s390x"
},
"product_reference": "proftpd-devel-1.3.6e-1.10.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-devel-1.3.6e-1.10.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.x86_64"
},
"product_reference": "proftpd-devel-1.3.6e-1.10.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-doc-1.3.6e-1.10.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.aarch64"
},
"product_reference": "proftpd-doc-1.3.6e-1.10.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-doc-1.3.6e-1.10.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.ppc64le"
},
"product_reference": "proftpd-doc-1.3.6e-1.10.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-doc-1.3.6e-1.10.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.s390x"
},
"product_reference": "proftpd-doc-1.3.6e-1.10.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-doc-1.3.6e-1.10.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.x86_64"
},
"product_reference": "proftpd-doc-1.3.6e-1.10.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-lang-1.3.6e-1.10.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.aarch64"
},
"product_reference": "proftpd-lang-1.3.6e-1.10.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-lang-1.3.6e-1.10.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.ppc64le"
},
"product_reference": "proftpd-lang-1.3.6e-1.10.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-lang-1.3.6e-1.10.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.s390x"
},
"product_reference": "proftpd-lang-1.3.6e-1.10.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-lang-1.3.6e-1.10.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.x86_64"
},
"product_reference": "proftpd-lang-1.3.6e-1.10.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-ldap-1.3.6e-1.10.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.aarch64"
},
"product_reference": "proftpd-ldap-1.3.6e-1.10.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-ldap-1.3.6e-1.10.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.ppc64le"
},
"product_reference": "proftpd-ldap-1.3.6e-1.10.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-ldap-1.3.6e-1.10.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.s390x"
},
"product_reference": "proftpd-ldap-1.3.6e-1.10.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-ldap-1.3.6e-1.10.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.x86_64"
},
"product_reference": "proftpd-ldap-1.3.6e-1.10.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-mysql-1.3.6e-1.10.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.aarch64"
},
"product_reference": "proftpd-mysql-1.3.6e-1.10.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-mysql-1.3.6e-1.10.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.ppc64le"
},
"product_reference": "proftpd-mysql-1.3.6e-1.10.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-mysql-1.3.6e-1.10.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.s390x"
},
"product_reference": "proftpd-mysql-1.3.6e-1.10.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-mysql-1.3.6e-1.10.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.x86_64"
},
"product_reference": "proftpd-mysql-1.3.6e-1.10.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-pgsql-1.3.6e-1.10.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.aarch64"
},
"product_reference": "proftpd-pgsql-1.3.6e-1.10.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-pgsql-1.3.6e-1.10.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.ppc64le"
},
"product_reference": "proftpd-pgsql-1.3.6e-1.10.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-pgsql-1.3.6e-1.10.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.s390x"
},
"product_reference": "proftpd-pgsql-1.3.6e-1.10.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-pgsql-1.3.6e-1.10.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.x86_64"
},
"product_reference": "proftpd-pgsql-1.3.6e-1.10.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-radius-1.3.6e-1.10.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.aarch64"
},
"product_reference": "proftpd-radius-1.3.6e-1.10.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-radius-1.3.6e-1.10.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.ppc64le"
},
"product_reference": "proftpd-radius-1.3.6e-1.10.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-radius-1.3.6e-1.10.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.s390x"
},
"product_reference": "proftpd-radius-1.3.6e-1.10.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-radius-1.3.6e-1.10.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.x86_64"
},
"product_reference": "proftpd-radius-1.3.6e-1.10.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-sqlite-1.3.6e-1.10.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.aarch64"
},
"product_reference": "proftpd-sqlite-1.3.6e-1.10.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-sqlite-1.3.6e-1.10.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.ppc64le"
},
"product_reference": "proftpd-sqlite-1.3.6e-1.10.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-sqlite-1.3.6e-1.10.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.s390x"
},
"product_reference": "proftpd-sqlite-1.3.6e-1.10.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "proftpd-sqlite-1.3.6e-1.10.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.x86_64"
},
"product_reference": "proftpd-sqlite-1.3.6e-1.10.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2006-5815",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2006-5815"
}
],
"notes": [
{
"category": "general",
"text": "Stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0 and earlier allows remote attackers, probably authenticated, to cause a denial of service and execute arbitrary code, as demonstrated by vd_proftpd.pm, a \"ProFTPD remote exploit.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2006-5815",
"url": "https://www.suse.com/security/cve/CVE-2006-5815"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2006-5815"
},
{
"cve": "CVE-2017-7418",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7418"
}
],
"notes": [
{
"category": "general",
"text": "ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass the AllowChrootSymlinks control by replacing a path component (other than the last one) with a symbolic link. The threat model includes an attacker who is not granted full filesystem access by a hosting provider, but can reconfigure the home directory of an FTP user.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7418",
"url": "https://www.suse.com/security/cve/CVE-2017-7418"
},
{
"category": "external",
"summary": "SUSE Bug 1032443 for CVE-2017-7418",
"url": "https://bugzilla.suse.com/1032443"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-7418"
},
{
"cve": "CVE-2019-12815",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12815"
}
],
"notes": [
{
"category": "general",
"text": "An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12815",
"url": "https://www.suse.com/security/cve/CVE-2019-12815"
},
{
"category": "external",
"summary": "SUSE Bug 1142281 for CVE-2019-12815",
"url": "https://bugzilla.suse.com/1142281"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2019-12815"
},
{
"cve": "CVE-2019-18217",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-18217"
}
],
"notes": [
{
"category": "general",
"text": "ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauthenticated denial-of-service due to incorrect handling of overly long commands because main.c in a child process enters an infinite loop.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-18217",
"url": "https://www.suse.com/security/cve/CVE-2019-18217"
},
{
"category": "external",
"summary": "SUSE Bug 1154600 for CVE-2019-18217",
"url": "https://bugzilla.suse.com/1154600"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-18217"
},
{
"cve": "CVE-2019-19269",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19269"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL sk_X509_REVOKED_value() function when encountering an empty CRL installed by a system administrator. The dereference occurs when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19269",
"url": "https://www.suse.com/security/cve/CVE-2019-19269"
},
{
"category": "external",
"summary": "SUSE Bug 1157803 for CVE-2019-19269",
"url": "https://bugzilla.suse.com/1157803"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-19269"
},
{
"cve": "CVE-2020-9272",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-9272"
}
],
"notes": [
{
"category": "general",
"text": "ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap via the cap_text.c cap_to_text function.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-9272",
"url": "https://www.suse.com/security/cve/CVE-2020-9272"
},
{
"category": "external",
"summary": "SUSE Bug 1164572 for CVE-2020-9272",
"url": "https://bugzilla.suse.com/1164572"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-9272"
},
{
"cve": "CVE-2020-9273",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-9273"
}
],
"notes": [
{
"category": "general",
"text": "In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-9273",
"url": "https://www.suse.com/security/cve/CVE-2020-9273"
},
{
"category": "external",
"summary": "SUSE Bug 1164574 for CVE-2020-9273",
"url": "https://bugzilla.suse.com/1164574"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-devel-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-doc-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-lang-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-ldap-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-mysql-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-pgsql-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-radius-1.3.6e-1.10.x86_64",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.aarch64",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.ppc64le",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.s390x",
"openSUSE Tumbleweed:proftpd-sqlite-1.3.6e-1.10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-9273"
}
]
}
gsd-2020-9273
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-9273",
"description": "In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution.",
"id": "GSD-2020-9273",
"references": [
"https://www.suse.com/security/cve/CVE-2020-9273.html",
"https://www.debian.org/security/2020/dsa-4635",
"https://advisories.mageia.org/CVE-2020-9273.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-9273"
],
"details": "In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution.",
"id": "GSD-2020-9273",
"modified": "2023-12-13T01:21:52.846021Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-9273",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES",
"refsource": "CONFIRM",
"url": "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES"
},
{
"name": "https://github.com/proftpd/proftpd/issues/903",
"refsource": "CONFIRM",
"url": "https://github.com/proftpd/proftpd/issues/903"
},
{
"name": "[debian-lts-announce] 20200221 [SECURITY] [DLA 2115-1] proftpd-dfsg security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00022.html"
},
{
"name": "DSA-4635",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4635"
},
{
"name": "FEDORA-2020-76c707cff0",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XHO3S5WPRRP7VGKIAHLYQVEYW5HRYIJN/"
},
{
"name": "FEDORA-2020-876b1f664e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCUPRYSJR7XOM3HQ6H5M4OGDU7OHCHBF/"
},
{
"name": "openSUSE-SU-2020:0273",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00002.html"
},
{
"name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2115-2] proftpd-dfsg regression update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00002.html"
},
{
"name": "GLSA-202003-35",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-35"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-679335.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-679335.pdf"
},
{
"name": "[oss-security] 20210824 Possible memory leak on getspnam / getspnam_r",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/08/25/1"
},
{
"name": "[oss-security] 20210906 Re: Possible memory leak on getspnam / getspnam_r",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/09/06/2"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:proftpd:proftpd:1.3.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:opensuse:backports_sle:15.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_net_cp_1545-1_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_net_cp_1545-1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_net_cp_1543-1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_net_cp_1543-1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-9273"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES",
"refsource": "CONFIRM",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES"
},
{
"name": "https://github.com/proftpd/proftpd/issues/903",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/proftpd/proftpd/issues/903"
},
{
"name": "[debian-lts-announce] 20200221 [SECURITY] [DLA 2115-1] proftpd-dfsg security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00022.html"
},
{
"name": "DSA-4635",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4635"
},
{
"name": "FEDORA-2020-76c707cff0",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XHO3S5WPRRP7VGKIAHLYQVEYW5HRYIJN/"
},
{
"name": "FEDORA-2020-876b1f664e",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCUPRYSJR7XOM3HQ6H5M4OGDU7OHCHBF/"
},
{
"name": "openSUSE-SU-2020:0273",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00002.html"
},
{
"name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2115-2] proftpd-dfsg regression update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00002.html"
},
{
"name": "GLSA-202003-35",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202003-35"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-679335.pdf",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-679335.pdf"
},
{
"name": "[oss-security] 20210824 Possible memory leak on getspnam / getspnam_r",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/08/25/1"
},
{
"name": "[oss-security] 20210906 Re: Possible memory leak on getspnam / getspnam_r",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/09/06/2"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2021-09-14T12:43Z",
"publishedDate": "2020-02-20T16:15Z"
}
}
}
fkie_cve-2020-9273
Vulnerability from fkie_nvd
Published
2020-02-20 16:15
Modified
2024-11-21 05:40
Severity ?
Summary
In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00002.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2021/08/25/1 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2021/09/06/2 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://cert-portal.siemens.com/productcert/pdf/ssa-679335.pdf | Third Party Advisory | |
| cve@mitre.org | https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES | Release Notes, Third Party Advisory | |
| cve@mitre.org | https://github.com/proftpd/proftpd/issues/903 | Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2020/02/msg00022.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2020/03/msg00002.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCUPRYSJR7XOM3HQ6H5M4OGDU7OHCHBF/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XHO3S5WPRRP7VGKIAHLYQVEYW5HRYIJN/ | ||
| cve@mitre.org | https://security.gentoo.org/glsa/202003-35 | Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2020/dsa-4635 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00002.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2021/08/25/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2021/09/06/2 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-679335.pdf | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/proftpd/proftpd/issues/903 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2020/02/msg00022.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2020/03/msg00002.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCUPRYSJR7XOM3HQ6H5M4OGDU7OHCHBF/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XHO3S5WPRRP7VGKIAHLYQVEYW5HRYIJN/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202003-35 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2020/dsa-4635 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| proftpd | proftpd | 1.3.7 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 30 | |
| fedoraproject | fedora | 31 | |
| opensuse | backports_sle | 15.0 | |
| opensuse | backports_sle | 15.0 | |
| opensuse | leap | 15.1 | |
| siemens | simatic_net_cp_1545-1_firmware | - | |
| siemens | simatic_net_cp_1545-1 | - | |
| siemens | simatic_net_cp_1543-1_firmware | * | |
| siemens | simatic_net_cp_1543-1 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:proftpd:proftpd:1.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9840D8DB-F09B-47C2-871E-89247B841871",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:-:*:*:*:*:*:*",
"matchCriteriaId": "D83DA865-E4A6-4FBF-AA1B-A969EBA6B2AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "40513095-7E6E-46B3-B604-C926F1BA3568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_net_cp_1545-1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A46FF27-6B0D-4606-9D7B-45912556416F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_net_cp_1545-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1256EB4B-DD8A-4F99-AE69-F74E8F789C63",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_net_cp_1543-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "572DFEC6-64D6-4187-91AB-571504E3F571",
"versionEndExcluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_net_cp_1543-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F56C2BDC-928E-491A-8E7C-F976B3787C7A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution."
},
{
"lang": "es",
"value": "En ProFTPD versi\u00f3n 1.3.7, es posible corromper los grupos de memoria mediante la interrupci\u00f3n del canal de transferencia de datos. Esto conlleva a un uso de la memoria previamente liberada en la funci\u00f3n alloc_pool en el archivo pool.c, y una posible ejecuci\u00f3n de c\u00f3digo remota."
}
],
"id": "CVE-2020-9273",
"lastModified": "2024-11-21T05:40:19.713",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-20T16:15:11.950",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00002.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/08/25/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/09/06/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-679335.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/proftpd/proftpd/issues/903"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00022.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCUPRYSJR7XOM3HQ6H5M4OGDU7OHCHBF/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XHO3S5WPRRP7VGKIAHLYQVEYW5HRYIJN/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202003-35"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4635"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/08/25/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/09/06/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-679335.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/proftpd/proftpd/issues/903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCUPRYSJR7XOM3HQ6H5M4OGDU7OHCHBF/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XHO3S5WPRRP7VGKIAHLYQVEYW5HRYIJN/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202003-35"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4635"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
ghsa-j879-hg9w-v5qv
Vulnerability from github
Published
2022-05-24 17:09
Modified
2022-05-24 17:09
VLAI Severity ?
Details
In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution.
{
"affected": [],
"aliases": [
"CVE-2020-9273"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-02-20T16:15:00Z",
"severity": "HIGH"
},
"details": "In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution.",
"id": "GHSA-j879-hg9w-v5qv",
"modified": "2022-05-24T17:09:25Z",
"published": "2022-05-24T17:09:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9273"
},
{
"type": "WEB",
"url": "https://github.com/proftpd/proftpd/issues/903"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-679335.pdf"
},
{
"type": "WEB",
"url": "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00022.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00002.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCUPRYSJR7XOM3HQ6H5M4OGDU7OHCHBF"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XHO3S5WPRRP7VGKIAHLYQVEYW5HRYIJN"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202003-35"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2020/dsa-4635"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00002.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2021/08/25/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2021/09/06/2"
}
],
"schema_version": "1.4.0",
"severity": []
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…