Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2015-0225 (GCVE-0-2015-0225)
Vulnerability from cvelistv5
Published
2015-04-03 14:00
Modified
2024-08-06 04:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:03:10.365Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[user] 20150401 [SECURITY ANNOUNCEMENT] CVE-2015-0225",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.mail-archive.com/user%40cassandra.apache.org/msg41819.html"
},
{
"name": "RHSA-2015:1947",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1947.html"
},
{
"name": "73478",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/73478"
},
{
"name": "20150401 [SECURITY ANNOUNCEMENT] CVE-2015-0225",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/535154/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/131249/Apache-Cassandra-Remote-Code-Execution.html"
},
{
"name": "1034002",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034002"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[user] 20150401 [SECURITY ANNOUNCEMENT] CVE-2015-0225",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.mail-archive.com/user%40cassandra.apache.org/msg41819.html"
},
{
"name": "RHSA-2015:1947",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1947.html"
},
{
"name": "73478",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/73478"
},
{
"name": "20150401 [SECURITY ANNOUNCEMENT] CVE-2015-0225",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/535154/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/131249/Apache-Cassandra-Remote-Code-Execution.html"
},
{
"name": "1034002",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034002"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-0225",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[user] 20150401 [SECURITY ANNOUNCEMENT] CVE-2015-0225",
"refsource": "MLIST",
"url": "http://www.mail-archive.com/user@cassandra.apache.org/msg41819.html"
},
{
"name": "RHSA-2015:1947",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1947.html"
},
{
"name": "73478",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73478"
},
{
"name": "20150401 [SECURITY ANNOUNCEMENT] CVE-2015-0225",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/535154/100/0/threaded"
},
{
"name": "http://packetstormsecurity.com/files/131249/Apache-Cassandra-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/131249/Apache-Cassandra-Remote-Code-Execution.html"
},
{
"name": "1034002",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034002"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-0225",
"datePublished": "2015-04-03T14:00:00",
"dateReserved": "2014-11-18T00:00:00",
"dateUpdated": "2024-08-06T04:03:10.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2015-0225\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2015-04-03T14:59:00.070\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request.\"},{\"lang\":\"es\",\"value\":\"La configuraci\u00f3n por defecto en Apache Cassandra 1.2.0 hasta 1.2.19, 2.0.0 hasta 2.0.13, y 2.1.0 hasta 2.1.3 vincula una interfaz JMX/RMI no autenticada a todas las interfaces de la red, lo que permite a atacantes remotos ejecutar c\u00f3digo Java arbitrario a trav\u00e9s de una solicitud RMI.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-77\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:cassandra:1.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7185D5BD-A761-47FF-864C-62AFF17C4C4C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:cassandra:1.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E2826C5-55D8-49DF-8942-73B7AA52F686\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:cassandra:1.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2D4F6C4-8607-4D9F-ACA0-E892BEB9E4EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:cassandra:1.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7FEF6FBA-E9D3-4A59-A0EC-AB4A17D71774\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:cassandra:1.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3CF35EAD-4253-408E-8638-C515D7D3AE9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:cassandra:1.2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5419E2E7-8FA7-4E39-8E61-690EF2C16A77\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:cassandra:1.2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7DC42624-F2C2-4536-BFA9-E0CDB72FC3CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:cassandra:1.2.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB393CE4-7F70-49F9-99A4-AB81A1276A5E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:cassandra:1.2.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"960EA495-02C4-4A38-852B-195900CA6476\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:cassandra:1.2.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4CBBF756-B34A-4173-B099-D8AAE105D824\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:cassandra:1.2.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10D70F77-3328-4C47-AAD2-9B0CCECF4165\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:cassandra:1.2.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E98FFA5D-191A-442D-9234-7DCA6F7C8CAB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:cassandra:1.2.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"50B85966-303D-4777-B0BB-2B9E79CF2782\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:cassandra:1.2.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB9714C5-3350-48AF-B41A-3053741160E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:cassandra:1.2.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B272E975-E46C-423C-B45A-058C266F37BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:cassandra:1.2.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5B8A3A3-CA78-42CB-8F2A-F5E489E19702\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:cassandra:1.2.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E00D6FD4-F798-4571-B3A0-A68DB9D06F63\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:cassandra:1.2.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A226328-6E53-4ADD-9CD6-B562BE8CE9E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:cassandra:1.2.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ECD6D2FB-6E23-48A4-827A-7B0BF1E88203\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:cassandra:1.2.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"233A5008-288C-418C-8279-1DF105680CF8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:cassandra:2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0D4E328-2DF0-4713-831C-08825B02B4E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:cassandra:2.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"05258E84-74AA-429E-BFE9-4B760D5F1140\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:cassandra:2.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9035E5B6-E31F-4A35-A3A7-2515DD954A81\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:cassandra:2.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE5C2B18-2BE9-4DC3-AF58-91455ED7C062\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:cassandra:2.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"484E0A74-0DD7-43F2-82E6-1C20D9FC266E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:cassandra:2.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA76DB09-274F-4147-99BA-FDBED1BA14EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:cassandra:2.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A901804-DDC9-4F51-AAA2-F780E058F2E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:cassandra:2.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"82EEFC7E-8349-49A4-B445-D054ECA48BD7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:cassandra:2.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0314AC6E-A7C1-4887-A9A2-C87B4E164F13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:cassandra:2.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"20A9F0A4-F953-416B-B58A-50A5CB0C6222\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:cassandra:2.0.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"59EB2539-B2C4-4A9A-B7AF-60898616655B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:cassandra:2.0.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1967C9CD-1B2C-44E6-A57A-F3EDD196E3E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:cassandra:2.0.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D4D32C1-EA18-4E81-A8A8-0580A0284000\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:cassandra:2.0.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A5DD03D-6865-4000-9BFA-5CC40B34EDFE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:cassandra:2.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25C30E12-552B-4E30-B66C-9B17720025B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:cassandra:2.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC90CB20-81D6-4BE8-B5D8-6084953AE98A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:cassandra:2.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D5F1CFC-1F17-4D37-9DA8-FD0D6F67E5F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:cassandra:2.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E147A84-CDA1-4B6F-AEA2-20117C0FDBDF\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/131249/Apache-Cassandra-Remote-Code-Execution.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-1947.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.mail-archive.com/user%40cassandra.apache.org/msg41819.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/535154/100/0/threaded\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/73478\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securitytracker.com/id/1034002\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://packetstormsecurity.com/files/131249/Apache-Cassandra-Remote-Code-Execution.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-1947.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mail-archive.com/user%40cassandra.apache.org/msg41819.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/535154/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/73478\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1034002\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
rhsa-2015:1947
Vulnerability from csaf_redhat
Published
2015-10-28 14:36
Modified
2025-10-09 15:52
Summary
Red Hat Security Advisory: Red Hat JBoss Operations Network 3.3.4 update
Notes
Topic
Red Hat JBoss Operations Network 3.3 update 4, which fixes one security
issue and several bugs, is now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having Important security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.
Details
Red Hat JBoss Operations Network is a Middleware management solution that
provides a single point of control to deploy, manage, and monitor JBoss
Enterprise Middleware, applications, and services.
This JBoss Operations Network 3.3.4 release serves as a replacement for
JBoss Operations Network 3.3.3, and includes several bug fixes. Refer to
the Customer Portal page linked in the References section for information
on the most significant of these changes.
The following security issue is also fixed with this release:
It was found that Apache Cassandra bound an unauthenticated JMX/RMI interface to all network interfaces. A remote attacker able to access the RMI, an API for the transport and remote execution of serialized Java, could use this flaw to execute arbitrary code as the user running Cassandra. (CVE-2015-0225)
All users of JBoss Operations Network 3.3.3 as provided from the Red Hat
Customer Portal are advised to upgrade to JBoss Operations Network 3.3.4.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat JBoss Operations Network 3.3 update 4, which fixes one security\nissue and several bugs, is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having Important security\nimpact. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available from the CVE link in the\nReferences section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Operations Network is a Middleware management solution that\nprovides a single point of control to deploy, manage, and monitor JBoss\nEnterprise Middleware, applications, and services.\n\nThis JBoss Operations Network 3.3.4 release serves as a replacement for\nJBoss Operations Network 3.3.3, and includes several bug fixes. Refer to\nthe Customer Portal page linked in the References section for information\non the most significant of these changes.\n\nThe following security issue is also fixed with this release:\n\nIt was found that Apache Cassandra bound an unauthenticated JMX/RMI interface to all network interfaces. A remote attacker able to access the RMI, an API for the transport and remote execution of serialized Java, could use this flaw to execute arbitrary code as the user running Cassandra. (CVE-2015-0225)\n\nAll users of JBoss Operations Network 3.3.3 as provided from the Red Hat\nCustomer Portal are advised to upgrade to JBoss Operations Network 3.3.4.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2015:1947",
"url": "https://access.redhat.com/errata/RHSA-2015:1947"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=em\u0026downloadType=securityPatches\u0026version=3.3",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=em\u0026downloadType=securityPatches\u0026version=3.3"
},
{
"category": "external",
"summary": "1035481",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1035481"
},
{
"category": "external",
"summary": "1208181",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1208181"
},
{
"category": "external",
"summary": "1212407",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1212407"
},
{
"category": "external",
"summary": "1230411",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1230411"
},
{
"category": "external",
"summary": "1232847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232847"
},
{
"category": "external",
"summary": "1234651",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1234651"
},
{
"category": "external",
"summary": "1234912",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1234912"
},
{
"category": "external",
"summary": "1243545",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243545"
},
{
"category": "external",
"summary": "1244941",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1244941"
},
{
"category": "external",
"summary": "1247311",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1247311"
},
{
"category": "external",
"summary": "1251503",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1251503"
},
{
"category": "external",
"summary": "1252136",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252136"
},
{
"category": "external",
"summary": "1252142",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252142"
},
{
"category": "external",
"summary": "1252458",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252458"
},
{
"category": "external",
"summary": "1255821",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1255821"
},
{
"category": "external",
"summary": "1256329",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1256329"
},
{
"category": "external",
"summary": "1258870",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1258870"
},
{
"category": "external",
"summary": "1259555",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1259555"
},
{
"category": "external",
"summary": "1265309",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1265309"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_1947.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Operations Network 3.3.4 update",
"tracking": {
"current_release_date": "2025-10-09T15:52:52+00:00",
"generator": {
"date": "2025-10-09T15:52:52+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2015:1947",
"initial_release_date": "2015-10-28T14:36:15+00:00",
"revision_history": [
{
"date": "2015-10-28T14:36:15+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-02-20T12:36:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-09T15:52:52+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Operations Network 3.3",
"product": {
"name": "Red Hat JBoss Operations Network 3.3",
"product_id": "Red Hat JBoss Operations Network 3.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_operations_network:3.3"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Operations Network"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-0225",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"discovery_date": "2015-04-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1208181"
}
],
"notes": [
{
"category": "description",
"text": "It was found that Apache Cassandra bound an unauthenticated JMX/RMI interface to all network interfaces. A remote attacker able to access the RMI, an API for the transport and remote execution of serialized Java, could use this flaw to execute arbitrary code as the user running Cassandra.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Cassandra: remote code execution via unauthenticated JMX/RMI interface",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Operations Network 3.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-0225"
},
{
"category": "external",
"summary": "RHBZ#1208181",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1208181"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-0225",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0225"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-0225",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0225"
}
],
"release_date": "2015-04-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-10-28T14:36:15+00:00",
"details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting JBoss Operations Network installation (including its databases,\napplications, configuration files, the JBoss Operations Network server\u0027s\nfile system directory, and so on).\n\nRefer to the JBoss Operations Network 3.3.4 Release Notes for\ninstallation information.",
"product_ids": [
"Red Hat JBoss Operations Network 3.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1947"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"Red Hat JBoss Operations Network 3.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Cassandra: remote code execution via unauthenticated JMX/RMI interface"
}
]
}
RHSA-2015:1947
Vulnerability from csaf_redhat
Published
2015-10-28 14:36
Modified
2025-10-09 15:52
Summary
Red Hat Security Advisory: Red Hat JBoss Operations Network 3.3.4 update
Notes
Topic
Red Hat JBoss Operations Network 3.3 update 4, which fixes one security
issue and several bugs, is now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having Important security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.
Details
Red Hat JBoss Operations Network is a Middleware management solution that
provides a single point of control to deploy, manage, and monitor JBoss
Enterprise Middleware, applications, and services.
This JBoss Operations Network 3.3.4 release serves as a replacement for
JBoss Operations Network 3.3.3, and includes several bug fixes. Refer to
the Customer Portal page linked in the References section for information
on the most significant of these changes.
The following security issue is also fixed with this release:
It was found that Apache Cassandra bound an unauthenticated JMX/RMI interface to all network interfaces. A remote attacker able to access the RMI, an API for the transport and remote execution of serialized Java, could use this flaw to execute arbitrary code as the user running Cassandra. (CVE-2015-0225)
All users of JBoss Operations Network 3.3.3 as provided from the Red Hat
Customer Portal are advised to upgrade to JBoss Operations Network 3.3.4.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat JBoss Operations Network 3.3 update 4, which fixes one security\nissue and several bugs, is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having Important security\nimpact. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available from the CVE link in the\nReferences section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Operations Network is a Middleware management solution that\nprovides a single point of control to deploy, manage, and monitor JBoss\nEnterprise Middleware, applications, and services.\n\nThis JBoss Operations Network 3.3.4 release serves as a replacement for\nJBoss Operations Network 3.3.3, and includes several bug fixes. Refer to\nthe Customer Portal page linked in the References section for information\non the most significant of these changes.\n\nThe following security issue is also fixed with this release:\n\nIt was found that Apache Cassandra bound an unauthenticated JMX/RMI interface to all network interfaces. A remote attacker able to access the RMI, an API for the transport and remote execution of serialized Java, could use this flaw to execute arbitrary code as the user running Cassandra. (CVE-2015-0225)\n\nAll users of JBoss Operations Network 3.3.3 as provided from the Red Hat\nCustomer Portal are advised to upgrade to JBoss Operations Network 3.3.4.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2015:1947",
"url": "https://access.redhat.com/errata/RHSA-2015:1947"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=em\u0026downloadType=securityPatches\u0026version=3.3",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=em\u0026downloadType=securityPatches\u0026version=3.3"
},
{
"category": "external",
"summary": "1035481",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1035481"
},
{
"category": "external",
"summary": "1208181",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1208181"
},
{
"category": "external",
"summary": "1212407",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1212407"
},
{
"category": "external",
"summary": "1230411",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1230411"
},
{
"category": "external",
"summary": "1232847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232847"
},
{
"category": "external",
"summary": "1234651",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1234651"
},
{
"category": "external",
"summary": "1234912",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1234912"
},
{
"category": "external",
"summary": "1243545",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243545"
},
{
"category": "external",
"summary": "1244941",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1244941"
},
{
"category": "external",
"summary": "1247311",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1247311"
},
{
"category": "external",
"summary": "1251503",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1251503"
},
{
"category": "external",
"summary": "1252136",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252136"
},
{
"category": "external",
"summary": "1252142",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252142"
},
{
"category": "external",
"summary": "1252458",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252458"
},
{
"category": "external",
"summary": "1255821",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1255821"
},
{
"category": "external",
"summary": "1256329",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1256329"
},
{
"category": "external",
"summary": "1258870",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1258870"
},
{
"category": "external",
"summary": "1259555",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1259555"
},
{
"category": "external",
"summary": "1265309",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1265309"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_1947.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Operations Network 3.3.4 update",
"tracking": {
"current_release_date": "2025-10-09T15:52:52+00:00",
"generator": {
"date": "2025-10-09T15:52:52+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2015:1947",
"initial_release_date": "2015-10-28T14:36:15+00:00",
"revision_history": [
{
"date": "2015-10-28T14:36:15+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-02-20T12:36:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-09T15:52:52+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Operations Network 3.3",
"product": {
"name": "Red Hat JBoss Operations Network 3.3",
"product_id": "Red Hat JBoss Operations Network 3.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_operations_network:3.3"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Operations Network"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-0225",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"discovery_date": "2015-04-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1208181"
}
],
"notes": [
{
"category": "description",
"text": "It was found that Apache Cassandra bound an unauthenticated JMX/RMI interface to all network interfaces. A remote attacker able to access the RMI, an API for the transport and remote execution of serialized Java, could use this flaw to execute arbitrary code as the user running Cassandra.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Cassandra: remote code execution via unauthenticated JMX/RMI interface",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Operations Network 3.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-0225"
},
{
"category": "external",
"summary": "RHBZ#1208181",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1208181"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-0225",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0225"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-0225",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0225"
}
],
"release_date": "2015-04-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-10-28T14:36:15+00:00",
"details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting JBoss Operations Network installation (including its databases,\napplications, configuration files, the JBoss Operations Network server\u0027s\nfile system directory, and so on).\n\nRefer to the JBoss Operations Network 3.3.4 Release Notes for\ninstallation information.",
"product_ids": [
"Red Hat JBoss Operations Network 3.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1947"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"Red Hat JBoss Operations Network 3.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Cassandra: remote code execution via unauthenticated JMX/RMI interface"
}
]
}
rhsa-2015_1947
Vulnerability from csaf_redhat
Published
2015-10-28 14:36
Modified
2024-11-22 09:32
Summary
Red Hat Security Advisory: Red Hat JBoss Operations Network 3.3.4 update
Notes
Topic
Red Hat JBoss Operations Network 3.3 update 4, which fixes one security
issue and several bugs, is now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having Important security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.
Details
Red Hat JBoss Operations Network is a Middleware management solution that
provides a single point of control to deploy, manage, and monitor JBoss
Enterprise Middleware, applications, and services.
This JBoss Operations Network 3.3.4 release serves as a replacement for
JBoss Operations Network 3.3.3, and includes several bug fixes. Refer to
the Customer Portal page linked in the References section for information
on the most significant of these changes.
The following security issue is also fixed with this release:
It was found that Apache Cassandra bound an unauthenticated JMX/RMI interface to all network interfaces. A remote attacker able to access the RMI, an API for the transport and remote execution of serialized Java, could use this flaw to execute arbitrary code as the user running Cassandra. (CVE-2015-0225)
All users of JBoss Operations Network 3.3.3 as provided from the Red Hat
Customer Portal are advised to upgrade to JBoss Operations Network 3.3.4.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat JBoss Operations Network 3.3 update 4, which fixes one security\nissue and several bugs, is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having Important security\nimpact. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available from the CVE link in the\nReferences section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Operations Network is a Middleware management solution that\nprovides a single point of control to deploy, manage, and monitor JBoss\nEnterprise Middleware, applications, and services.\n\nThis JBoss Operations Network 3.3.4 release serves as a replacement for\nJBoss Operations Network 3.3.3, and includes several bug fixes. Refer to\nthe Customer Portal page linked in the References section for information\non the most significant of these changes.\n\nThe following security issue is also fixed with this release:\n\nIt was found that Apache Cassandra bound an unauthenticated JMX/RMI interface to all network interfaces. A remote attacker able to access the RMI, an API for the transport and remote execution of serialized Java, could use this flaw to execute arbitrary code as the user running Cassandra. (CVE-2015-0225)\n\nAll users of JBoss Operations Network 3.3.3 as provided from the Red Hat\nCustomer Portal are advised to upgrade to JBoss Operations Network 3.3.4.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2015:1947",
"url": "https://access.redhat.com/errata/RHSA-2015:1947"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=em\u0026downloadType=securityPatches\u0026version=3.3",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=em\u0026downloadType=securityPatches\u0026version=3.3"
},
{
"category": "external",
"summary": "1035481",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1035481"
},
{
"category": "external",
"summary": "1208181",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1208181"
},
{
"category": "external",
"summary": "1212407",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1212407"
},
{
"category": "external",
"summary": "1230411",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1230411"
},
{
"category": "external",
"summary": "1232847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232847"
},
{
"category": "external",
"summary": "1234651",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1234651"
},
{
"category": "external",
"summary": "1234912",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1234912"
},
{
"category": "external",
"summary": "1243545",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243545"
},
{
"category": "external",
"summary": "1244941",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1244941"
},
{
"category": "external",
"summary": "1247311",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1247311"
},
{
"category": "external",
"summary": "1251503",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1251503"
},
{
"category": "external",
"summary": "1252136",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252136"
},
{
"category": "external",
"summary": "1252142",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252142"
},
{
"category": "external",
"summary": "1252458",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252458"
},
{
"category": "external",
"summary": "1255821",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1255821"
},
{
"category": "external",
"summary": "1256329",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1256329"
},
{
"category": "external",
"summary": "1258870",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1258870"
},
{
"category": "external",
"summary": "1259555",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1259555"
},
{
"category": "external",
"summary": "1265309",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1265309"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_1947.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Operations Network 3.3.4 update",
"tracking": {
"current_release_date": "2024-11-22T09:32:48+00:00",
"generator": {
"date": "2024-11-22T09:32:48+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2015:1947",
"initial_release_date": "2015-10-28T14:36:15+00:00",
"revision_history": [
{
"date": "2015-10-28T14:36:15+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-02-20T12:36:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T09:32:48+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Operations Network 3.3",
"product": {
"name": "Red Hat JBoss Operations Network 3.3",
"product_id": "Red Hat JBoss Operations Network 3.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_operations_network:3.3"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Operations Network"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-0225",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"discovery_date": "2015-04-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1208181"
}
],
"notes": [
{
"category": "description",
"text": "It was found that Apache Cassandra bound an unauthenticated JMX/RMI interface to all network interfaces. A remote attacker able to access the RMI, an API for the transport and remote execution of serialized Java, could use this flaw to execute arbitrary code as the user running Cassandra.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Cassandra: remote code execution via unauthenticated JMX/RMI interface",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Operations Network 3.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-0225"
},
{
"category": "external",
"summary": "RHBZ#1208181",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1208181"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-0225",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0225"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-0225",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0225"
}
],
"release_date": "2015-04-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-10-28T14:36:15+00:00",
"details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting JBoss Operations Network installation (including its databases,\napplications, configuration files, the JBoss Operations Network server\u0027s\nfile system directory, and so on).\n\nRefer to the JBoss Operations Network 3.3.4 Release Notes for\ninstallation information.",
"product_ids": [
"Red Hat JBoss Operations Network 3.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1947"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"Red Hat JBoss Operations Network 3.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Cassandra: remote code execution via unauthenticated JMX/RMI interface"
}
]
}
gsd-2015-0225
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2015-0225",
"description": "The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request.",
"id": "GSD-2015-0225",
"references": [
"https://www.suse.com/security/cve/CVE-2015-0225.html",
"https://access.redhat.com/errata/RHSA-2015:1947"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2015-0225"
],
"details": "The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request.",
"id": "GSD-2015-0225",
"modified": "2023-12-13T01:19:58.802778Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-0225",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[user] 20150401 [SECURITY ANNOUNCEMENT] CVE-2015-0225",
"refsource": "MLIST",
"url": "http://www.mail-archive.com/user@cassandra.apache.org/msg41819.html"
},
{
"name": "RHSA-2015:1947",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1947.html"
},
{
"name": "73478",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73478"
},
{
"name": "20150401 [SECURITY ANNOUNCEMENT] CVE-2015-0225",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/535154/100/0/threaded"
},
{
"name": "http://packetstormsecurity.com/files/131249/Apache-Cassandra-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/131249/Apache-Cassandra-Remote-Code-Execution.html"
},
{
"name": "1034002",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034002"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "[1.2.0,2.0.14),[2.1.0,2.1.4)",
"affected_versions": "All versions starting from 1.2.0 before 2.0.14, all versions starting from 2.1.0 before 2.1.4",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"cwe_ids": [
"CWE-1035",
"CWE-77",
"CWE-78",
"CWE-937"
],
"date": "2022-07-06",
"description": "The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request.",
"fixed_versions": [
"2.0.14",
"2.1.4"
],
"identifier": "CVE-2015-0225",
"identifiers": [
"GHSA-w7f2-gjxf-2gm9",
"CVE-2015-0225"
],
"not_impacted": "All versions before 1.2.0, all versions starting from 2.0.14 before 2.1.0, all versions starting from 2.1.4",
"package_slug": "maven/org.apache.cassandra/apache-cassandra",
"pubdate": "2022-05-14",
"solution": "Upgrade to versions 2.0.14, 2.1.4 or above.",
"title": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2015-0225",
"http://packetstormsecurity.com/files/131249/Apache-Cassandra-Remote-Code-Execution.html",
"http://rhn.redhat.com/errata/RHSA-2015-1947.html",
"http://www.mail-archive.com/user@cassandra.apache.org/msg41819.html",
"https://github.com/advisories/GHSA-w7f2-gjxf-2gm9"
],
"uuid": "c44be7d6-6b58-4977-a90e-a6effd8c5ae0"
},
{
"affected_range": "[1.2-alpha0,1.2.19],[2.0-alpha0,2.0.13],[2.1-alpha0,2.1.3]",
"affected_versions": "All versions starting from 1.2-alpha0 up to 1.2.19, all versions starting from 2.0-alpha0 up to 2.0.13, all versions starting from 2.1-alpha0 up to 2.1.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"cwe_ids": [
"CWE-1035",
"CWE-77",
"CWE-937"
],
"date": "2018-10-09",
"description": "The default configuration in this package binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request.",
"fixed_versions": [
"2.0.14",
"2.1.4"
],
"identifier": "CVE-2015-0225",
"identifiers": [
"CVE-2015-0225"
],
"package_slug": "maven/org.apache.cassandra/cassandra-all",
"pubdate": "2015-04-03",
"solution": "Upgrade to versions 2.0.14, 2.1.4 or above.",
"title": "Remote code execution via unauthenticated JMX/RMI interface",
"urls": [
"https://wiki.apache.org/cassandra/JmxSecurity"
],
"uuid": "75b3fd9e-1ed6-4dec-865c-7bc8b6a49bbc"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:cassandra:1.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:cassandra:1.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:cassandra:1.2.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:cassandra:1.2.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:cassandra:1.2.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:cassandra:1.2.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:cassandra:2.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:cassandra:2.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:cassandra:2.0.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:cassandra:2.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:cassandra:1.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:cassandra:1.2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:cassandra:1.2.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:cassandra:1.2.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:cassandra:1.2.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:cassandra:2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:cassandra:2.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:cassandra:2.0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:cassandra:2.0.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:cassandra:2.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:cassandra:1.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:cassandra:1.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:cassandra:1.2.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:cassandra:1.2.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:cassandra:1.2.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:cassandra:2.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:cassandra:2.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:cassandra:2.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:cassandra:2.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:cassandra:2.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:cassandra:1.2.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:cassandra:1.2.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:cassandra:1.2.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:cassandra:1.2.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:cassandra:2.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:cassandra:2.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:cassandra:2.0.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:cassandra:2.0.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-0225"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/131249/Apache-Cassandra-Remote-Code-Execution.html",
"refsource": "MISC",
"tags": [],
"url": "http://packetstormsecurity.com/files/131249/Apache-Cassandra-Remote-Code-Execution.html"
},
{
"name": "[user] 20150401 [SECURITY ANNOUNCEMENT] CVE-2015-0225",
"refsource": "MLIST",
"tags": [],
"url": "http://www.mail-archive.com/user@cassandra.apache.org/msg41819.html"
},
{
"name": "73478",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/73478"
},
{
"name": "1034002",
"refsource": "SECTRACK",
"tags": [],
"url": "http://www.securitytracker.com/id/1034002"
},
{
"name": "RHSA-2015:1947",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1947.html"
},
{
"name": "20150401 [SECURITY ANNOUNCEMENT] CVE-2015-0225",
"refsource": "BUGTRAQ",
"tags": [],
"url": "http://www.securityfocus.com/archive/1/535154/100/0/threaded"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2018-10-09T19:55Z",
"publishedDate": "2015-04-03T14:59Z"
}
}
}
cnvd-2015-02190
Vulnerability from cnvd
Title
Apache Cassandra远程任意代码执行漏洞
Description
Apache Cassandra是一套开源分布式数据库管理系统,由Facebook开发,用于储存特别大的数据。
Cassandra默认配置中,对所有网络接口绑定了未经身份验证的JMX/RMI接口,由于RMI是传输及远程执行序列化Java的API,那么只要可以访问该接口。攻击者即可用当前用户权限执行任意代码。
Severity
高
VLAI Severity ?
Patch Name
Apache Cassandra远程任意代码执行漏洞的补丁
Patch Description
Apache Cassandra是一套开源分布式数据库管理系统,由Facebook开发,用于储存特别大的数据。Cassandra默认配置中,对所有网络接口绑定了未经身份验证的JMX/RMI接口,由于RMI是传输及远程执行序列化Java的API,那么只要可以访问该接口。攻击者即可用当前用户权限执行任意代码。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: https://wiki.apache.org/cassandra/JmxSecurity
Reference
http://secunia.com/advisories/63739/
https://wiki.apache.org/cassandra/JmxSecurity
Impacted products
| Name | ['Apache Cassandra 1.2.0-1.2.19', 'Apache Cassandra 2.0.0-2.0.13', 'Apache Cassandra 2.1.0-2.1.3'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2015-0225"
}
},
"description": "Apache Cassandra\u662f\u4e00\u5957\u5f00\u6e90\u5206\u5e03\u5f0f\u6570\u636e\u5e93\u7ba1\u7406\u7cfb\u7edf\uff0c\u7531Facebook\u5f00\u53d1\uff0c\u7528\u4e8e\u50a8\u5b58\u7279\u522b\u5927\u7684\u6570\u636e\u3002\r\n\r\nCassandra\u9ed8\u8ba4\u914d\u7f6e\u4e2d\uff0c\u5bf9\u6240\u6709\u7f51\u7edc\u63a5\u53e3\u7ed1\u5b9a\u4e86\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684JMX/RMI\u63a5\u53e3\uff0c\u7531\u4e8eRMI\u662f\u4f20\u8f93\u53ca\u8fdc\u7a0b\u6267\u884c\u5e8f\u5217\u5316Java\u7684API\uff0c\u90a3\u4e48\u53ea\u8981\u53ef\u4ee5\u8bbf\u95ee\u8be5\u63a5\u53e3\u3002\u653b\u51fb\u8005\u5373\u53ef\u7528\u5f53\u524d\u7528\u6237\u6743\u9650\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
"discovererName": "Apache",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttps://wiki.apache.org/cassandra/JmxSecurity",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2015-02190",
"openTime": "2015-04-08",
"patchDescription": "Apache Cassandra\u662f\u4e00\u5957\u5f00\u6e90\u5206\u5e03\u5f0f\u6570\u636e\u5e93\u7ba1\u7406\u7cfb\u7edf\uff0c\u7531Facebook\u5f00\u53d1\uff0c\u7528\u4e8e\u50a8\u5b58\u7279\u522b\u5927\u7684\u6570\u636e\u3002Cassandra\u9ed8\u8ba4\u914d\u7f6e\u4e2d\uff0c\u5bf9\u6240\u6709\u7f51\u7edc\u63a5\u53e3\u7ed1\u5b9a\u4e86\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684JMX/RMI\u63a5\u53e3\uff0c\u7531\u4e8eRMI\u662f\u4f20\u8f93\u53ca\u8fdc\u7a0b\u6267\u884c\u5e8f\u5217\u5316Java\u7684API\uff0c\u90a3\u4e48\u53ea\u8981\u53ef\u4ee5\u8bbf\u95ee\u8be5\u63a5\u53e3\u3002\u653b\u51fb\u8005\u5373\u53ef\u7528\u5f53\u524d\u7528\u6237\u6743\u9650\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Apache Cassandra\u8fdc\u7a0b\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Apache Cassandra 1.2.0-1.2.19",
"Apache Cassandra 2.0.0-2.0.13",
"Apache Cassandra 2.1.0-2.1.3"
]
},
"referenceLink": "http://secunia.com/advisories/63739/\r\nhttps://wiki.apache.org/cassandra/JmxSecurity",
"serverity": "\u9ad8",
"submitTime": "2015-04-03",
"title": "Apache Cassandra\u8fdc\u7a0b\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}
fkie_cve-2015-0225
Vulnerability from fkie_nvd
Published
2015-04-03 14:59
Modified
2025-04-12 10:46
Severity ?
Summary
The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | http://packetstormsecurity.com/files/131249/Apache-Cassandra-Remote-Code-Execution.html | ||
| secalert@redhat.com | http://rhn.redhat.com/errata/RHSA-2015-1947.html | ||
| secalert@redhat.com | http://www.mail-archive.com/user%40cassandra.apache.org/msg41819.html | ||
| secalert@redhat.com | http://www.securityfocus.com/archive/1/535154/100/0/threaded | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/73478 | ||
| secalert@redhat.com | http://www.securitytracker.com/id/1034002 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/131249/Apache-Cassandra-Remote-Code-Execution.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2015-1947.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mail-archive.com/user%40cassandra.apache.org/msg41819.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/535154/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/73478 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1034002 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | cassandra | 1.2.0 | |
| apache | cassandra | 1.2.1 | |
| apache | cassandra | 1.2.2 | |
| apache | cassandra | 1.2.3 | |
| apache | cassandra | 1.2.4 | |
| apache | cassandra | 1.2.5 | |
| apache | cassandra | 1.2.6 | |
| apache | cassandra | 1.2.7 | |
| apache | cassandra | 1.2.8 | |
| apache | cassandra | 1.2.9 | |
| apache | cassandra | 1.2.10 | |
| apache | cassandra | 1.2.11 | |
| apache | cassandra | 1.2.12 | |
| apache | cassandra | 1.2.13 | |
| apache | cassandra | 1.2.14 | |
| apache | cassandra | 1.2.15 | |
| apache | cassandra | 1.2.16 | |
| apache | cassandra | 1.2.17 | |
| apache | cassandra | 1.2.18 | |
| apache | cassandra | 1.2.19 | |
| apache | cassandra | 2.0.0 | |
| apache | cassandra | 2.0.1 | |
| apache | cassandra | 2.0.2 | |
| apache | cassandra | 2.0.3 | |
| apache | cassandra | 2.0.4 | |
| apache | cassandra | 2.0.5 | |
| apache | cassandra | 2.0.6 | |
| apache | cassandra | 2.0.7 | |
| apache | cassandra | 2.0.8 | |
| apache | cassandra | 2.0.9 | |
| apache | cassandra | 2.0.10 | |
| apache | cassandra | 2.0.11 | |
| apache | cassandra | 2.0.12 | |
| apache | cassandra | 2.0.13 | |
| apache | cassandra | 2.1.0 | |
| apache | cassandra | 2.1.1 | |
| apache | cassandra | 2.1.2 | |
| apache | cassandra | 2.1.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cassandra:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7185D5BD-A761-47FF-864C-62AFF17C4C4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E2826C5-55D8-49DF-8942-73B7AA52F686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B2D4F6C4-8607-4D9F-ACA0-E892BEB9E4EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7FEF6FBA-E9D3-4A59-A0EC-AB4A17D71774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3CF35EAD-4253-408E-8638-C515D7D3AE9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5419E2E7-8FA7-4E39-8E61-690EF2C16A77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7DC42624-F2C2-4536-BFA9-E0CDB72FC3CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CB393CE4-7F70-49F9-99A4-AB81A1276A5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "960EA495-02C4-4A38-852B-195900CA6476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4CBBF756-B34A-4173-B099-D8AAE105D824",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "10D70F77-3328-4C47-AAD2-9B0CCECF4165",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E98FFA5D-191A-442D-9234-7DCA6F7C8CAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:1.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "50B85966-303D-4777-B0BB-2B9E79CF2782",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:1.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "FB9714C5-3350-48AF-B41A-3053741160E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:1.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "B272E975-E46C-423C-B45A-058C266F37BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:1.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "F5B8A3A3-CA78-42CB-8F2A-F5E489E19702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:1.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "E00D6FD4-F798-4571-B3A0-A68DB9D06F63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:1.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "9A226328-6E53-4ADD-9CD6-B562BE8CE9E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:1.2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "ECD6D2FB-6E23-48A4-827A-7B0BF1E88203",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:1.2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "233A5008-288C-418C-8279-1DF105680CF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C0D4E328-2DF0-4713-831C-08825B02B4E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "05258E84-74AA-429E-BFE9-4B760D5F1140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9035E5B6-E31F-4A35-A3A7-2515DD954A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DE5C2B18-2BE9-4DC3-AF58-91455ED7C062",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "484E0A74-0DD7-43F2-82E6-1C20D9FC266E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BA76DB09-274F-4147-99BA-FDBED1BA14EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6A901804-DDC9-4F51-AAA2-F780E058F2E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "82EEFC7E-8349-49A4-B445-D054ECA48BD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0314AC6E-A7C1-4887-A9A2-C87B4E164F13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "20A9F0A4-F953-416B-B58A-50A5CB0C6222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "59EB2539-B2C4-4A9A-B7AF-60898616655B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "1967C9CD-1B2C-44E6-A57A-F3EDD196E3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0D4D32C1-EA18-4E81-A8A8-0580A0284000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "4A5DD03D-6865-4000-9BFA-5CC40B34EDFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "25C30E12-552B-4E30-B66C-9B17720025B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CC90CB20-81D6-4BE8-B5D8-6084953AE98A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0D5F1CFC-1F17-4D37-9DA8-FD0D6F67E5F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0E147A84-CDA1-4B6F-AEA2-20117C0FDBDF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request."
},
{
"lang": "es",
"value": "La configuraci\u00f3n por defecto en Apache Cassandra 1.2.0 hasta 1.2.19, 2.0.0 hasta 2.0.13, y 2.1.0 hasta 2.1.3 vincula una interfaz JMX/RMI no autenticada a todas las interfaces de la red, lo que permite a atacantes remotos ejecutar c\u00f3digo Java arbitrario a trav\u00e9s de una solicitud RMI."
}
],
"id": "CVE-2015-0225",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-04-03T14:59:00.070",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://packetstormsecurity.com/files/131249/Apache-Cassandra-Remote-Code-Execution.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1947.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mail-archive.com/user%40cassandra.apache.org/msg41819.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/535154/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/73478"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id/1034002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/131249/Apache-Cassandra-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1947.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mail-archive.com/user%40cassandra.apache.org/msg41819.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/535154/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/73478"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034002"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CERTFR-2022-AVI-267
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Juniper Networks Junos Space. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | Junos Space | Juniper Networks Junos Space versions antérieures à 21.1R1 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Juniper Networks Junos Space versions ant\u00e9rieures \u00e0 21.1R1",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-13078",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13078"
},
{
"name": "CVE-2017-13077",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13077"
},
{
"name": "CVE-2017-13080",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13080"
},
{
"name": "CVE-2017-13082",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13082"
},
{
"name": "CVE-2017-13088",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13088"
},
{
"name": "CVE-2017-13086",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13086"
},
{
"name": "CVE-2017-13087",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13087"
},
{
"name": "CVE-2017-5715",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5715"
},
{
"name": "CVE-2018-3639",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3639"
},
{
"name": "CVE-2007-1351",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-1351"
},
{
"name": "CVE-2007-1352",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-1352"
},
{
"name": "CVE-2007-6284",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-6284"
},
{
"name": "CVE-2008-2935",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2935"
},
{
"name": "CVE-2008-3281",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3281"
},
{
"name": "CVE-2008-3529",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3529"
},
{
"name": "CVE-2008-4226",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4226"
},
{
"name": "CVE-2008-4225",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4225"
},
{
"name": "CVE-2009-2414",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2414"
},
{
"name": "CVE-2009-2416",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2416"
},
{
"name": "CVE-2008-5161",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5161"
},
{
"name": "CVE-2010-4008",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4008"
},
{
"name": "CVE-2011-0411",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0411"
},
{
"name": "CVE-2011-1720",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1720"
},
{
"name": "CVE-2011-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0216"
},
{
"name": "CVE-2011-2834",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2834"
},
{
"name": "CVE-2011-2895",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2895"
},
{
"name": "CVE-2011-3905",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3905"
},
{
"name": "CVE-2011-3919",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3919"
},
{
"name": "CVE-2012-0841",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0841"
},
{
"name": "CVE-2011-1944",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1944"
},
{
"name": "CVE-2012-2807",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2807"
},
{
"name": "CVE-2012-2870",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2870"
},
{
"name": "CVE-2012-5134",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5134"
},
{
"name": "CVE-2011-3102",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3102"
},
{
"name": "CVE-2013-2877",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2877"
},
{
"name": "CVE-2013-0338",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0338"
},
{
"name": "CVE-2012-6139",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6139"
},
{
"name": "CVE-2013-2566",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2566"
},
{
"name": "CVE-2013-6462",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6462"
},
{
"name": "CVE-2014-0211",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0211"
},
{
"name": "CVE-2014-3660",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3660"
},
{
"name": "CVE-2015-1803",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1803"
},
{
"name": "CVE-2015-1804",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1804"
},
{
"name": "CVE-2015-1802",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1802"
},
{
"name": "CVE-2015-2716",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2716"
},
{
"name": "CVE-2015-5352",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5352"
},
{
"name": "CVE-2015-2808",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2808"
},
{
"name": "CVE-2014-8991",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8991"
},
{
"name": "CVE-2014-7185",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7185"
},
{
"name": "CVE-2014-9365",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9365"
},
{
"name": "CVE-2015-6838",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6838"
},
{
"name": "CVE-2015-6837",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6837"
},
{
"name": "CVE-2015-7995",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7995"
},
{
"name": "CVE-2015-8035",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8035"
},
{
"name": "CVE-2015-7499",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7499"
},
{
"name": "CVE-2015-8242",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8242"
},
{
"name": "CVE-2015-7500",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7500"
},
{
"name": "CVE-2016-1762",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1762"
},
{
"name": "CVE-2015-5312",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5312"
},
{
"name": "CVE-2016-1839",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1839"
},
{
"name": "CVE-2016-1833",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1833"
},
{
"name": "CVE-2016-1837",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1837"
},
{
"name": "CVE-2016-1834",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1834"
},
{
"name": "CVE-2016-1840",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1840"
},
{
"name": "CVE-2016-1836",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1836"
},
{
"name": "CVE-2016-1838",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1838"
},
{
"name": "CVE-2016-1684",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1684"
},
{
"name": "CVE-2016-1683",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1683"
},
{
"name": "CVE-2016-4448",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4448"
},
{
"name": "CVE-2016-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4447"
},
{
"name": "CVE-2016-4449",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4449"
},
{
"name": "CVE-2016-5131",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5131"
},
{
"name": "CVE-2015-0975",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0975"
},
{
"name": "CVE-2016-4658",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4658"
},
{
"name": "CVE-2016-2183",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2183"
},
{
"name": "CVE-2016-3627",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3627"
},
{
"name": "CVE-2016-3115",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3115"
},
{
"name": "CVE-2016-5636",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5636"
},
{
"name": "CVE-2017-7375",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7375"
},
{
"name": "CVE-2017-7376",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7376"
},
{
"name": "CVE-2017-7773",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7773"
},
{
"name": "CVE-2017-7772",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7772"
},
{
"name": "CVE-2017-7778",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7778"
},
{
"name": "CVE-2017-7771",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7771"
},
{
"name": "CVE-2017-7774",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7774"
},
{
"name": "CVE-2017-7776",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7776"
},
{
"name": "CVE-2017-7777",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7777"
},
{
"name": "CVE-2017-7775",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7775"
},
{
"name": "CVE-2017-6463",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6463"
},
{
"name": "CVE-2017-6462",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6462"
},
{
"name": "CVE-2017-6464",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6464"
},
{
"name": "CVE-2017-14492",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14492"
},
{
"name": "CVE-2017-14496",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14496"
},
{
"name": "CVE-2017-14491",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14491"
},
{
"name": "CVE-2017-14493",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14493"
},
{
"name": "CVE-2017-14494",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14494"
},
{
"name": "CVE-2017-14495",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14495"
},
{
"name": "CVE-2017-5130",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5130"
},
{
"name": "CVE-2017-3736",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3736"
},
{
"name": "CVE-2017-3735",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3735"
},
{
"name": "CVE-2017-15412",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15412"
},
{
"name": "CVE-2017-3738",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3738"
},
{
"name": "CVE-2017-3737",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3737"
},
{
"name": "CVE-2017-17807",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17807"
},
{
"name": "CVE-2018-0739",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0739"
},
{
"name": "CVE-2017-16931",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16931"
},
{
"name": "CVE-2018-11214",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11214"
},
{
"name": "CVE-2015-9019",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9019"
},
{
"name": "CVE-2017-18258",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18258"
},
{
"name": "CVE-2017-16932",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16932"
},
{
"name": "CVE-2016-9318",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9318"
},
{
"name": "CVE-2018-1000120",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000120"
},
{
"name": "CVE-2018-1000007",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000007"
},
{
"name": "CVE-2018-1000121",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000121"
},
{
"name": "CVE-2018-1000122",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000122"
},
{
"name": "CVE-2018-0732",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0732"
},
{
"name": "CVE-2018-6914",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6914"
},
{
"name": "CVE-2017-0898",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0898"
},
{
"name": "CVE-2018-8778",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8778"
},
{
"name": "CVE-2017-14033",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14033"
},
{
"name": "CVE-2018-8780",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8780"
},
{
"name": "CVE-2017-17742",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17742"
},
{
"name": "CVE-2017-10784",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10784"
},
{
"name": "CVE-2017-17405",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17405"
},
{
"name": "CVE-2018-8779",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8779"
},
{
"name": "CVE-2017-14064",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14064"
},
{
"name": "CVE-2018-8777",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8777"
},
{
"name": "CVE-2018-16395",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16395"
},
{
"name": "CVE-2018-0737",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0737"
},
{
"name": "CVE-2018-16396",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16396"
},
{
"name": "CVE-2018-0495",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0495"
},
{
"name": "CVE-2018-0734",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0734"
},
{
"name": "CVE-2018-5407",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5407"
},
{
"name": "CVE-2018-1126",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1126"
},
{
"name": "CVE-2018-7858",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7858"
},
{
"name": "CVE-2018-1124",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1124"
},
{
"name": "CVE-2018-10897",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10897"
},
{
"name": "CVE-2018-1064",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1064"
},
{
"name": "CVE-2018-5683",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5683"
},
{
"name": "CVE-2017-13672",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13672"
},
{
"name": "CVE-2018-11212",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11212"
},
{
"name": "CVE-2017-18267",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18267"
},
{
"name": "CVE-2018-13988",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13988"
},
{
"name": "CVE-2018-20169",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20169"
},
{
"name": "CVE-2018-19985",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19985"
},
{
"name": "CVE-2019-1559",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
},
{
"name": "CVE-2019-6133",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6133"
},
{
"name": "CVE-2018-18311",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18311"
},
{
"name": "CVE-2018-12127",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12127"
},
{
"name": "CVE-2018-12130",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12130"
},
{
"name": "CVE-2019-11091",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11091"
},
{
"name": "CVE-2018-12126",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12126"
},
{
"name": "CVE-2019-9503",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9503"
},
{
"name": "CVE-2019-10132",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10132"
},
{
"name": "CVE-2019-11190",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11190"
},
{
"name": "CVE-2019-11884",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11884"
},
{
"name": "CVE-2019-11487",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11487"
},
{
"name": "CVE-2019-12382",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12382"
},
{
"name": "CVE-2018-7191",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7191"
},
{
"name": "CVE-2019-5953",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5953"
},
{
"name": "CVE-2019-12614",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12614"
},
{
"name": "CVE-2019-11729",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11729"
},
{
"name": "CVE-2019-11727",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11727"
},
{
"name": "CVE-2019-11719",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11719"
},
{
"name": "CVE-2018-1060",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1060"
},
{
"name": "CVE-2018-12327",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12327"
},
{
"name": "CVE-2018-1061",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1061"
},
{
"name": "CVE-2019-10639",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10639"
},
{
"name": "CVE-2019-10638",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10638"
},
{
"name": "CVE-2018-20836",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20836"
},
{
"name": "CVE-2019-13233",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13233"
},
{
"name": "CVE-2019-14283",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14283"
},
{
"name": "CVE-2019-13648",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13648"
},
{
"name": "CVE-2019-10207",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10207"
},
{
"name": "CVE-2015-9289",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9289"
},
{
"name": "CVE-2019-14816",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14816"
},
{
"name": "CVE-2019-15239",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15239"
},
{
"name": "CVE-2019-15917",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15917"
},
{
"name": "CVE-2017-18551",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18551"
},
{
"name": "CVE-2019-15217",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15217"
},
{
"name": "CVE-2019-14821",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14821"
},
{
"name": "CVE-2019-11068",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11068"
},
{
"name": "CVE-2018-18066",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18066"
},
{
"name": "CVE-2019-15903",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15903"
},
{
"name": "CVE-2019-17666",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17666"
},
{
"name": "CVE-2019-17133",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17133"
},
{
"name": "CVE-2018-12207",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12207"
},
{
"name": "CVE-2019-11135",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11135"
},
{
"name": "CVE-2019-0154",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0154"
},
{
"name": "CVE-2019-17055",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17055"
},
{
"name": "CVE-2019-17053",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17053"
},
{
"name": "CVE-2019-16746",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16746"
},
{
"name": "CVE-2019-0155",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0155"
},
{
"name": "CVE-2019-16233",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16233"
},
{
"name": "CVE-2019-15807",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15807"
},
{
"name": "CVE-2019-16231",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16231"
},
{
"name": "CVE-2019-11756",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11756"
},
{
"name": "CVE-2019-11745",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11745"
},
{
"name": "CVE-2019-19058",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19058"
},
{
"name": "CVE-2019-14895",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14895"
},
{
"name": "CVE-2019-19046",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19046"
},
{
"name": "CVE-2019-15916",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15916"
},
{
"name": "CVE-2019-18660",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18660"
},
{
"name": "CVE-2019-19063",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19063"
},
{
"name": "CVE-2019-19062",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19062"
},
{
"name": "CVE-2018-14526",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14526"
},
{
"name": "CVE-2019-13734",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13734"
},
{
"name": "CVE-2019-19530",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19530"
},
{
"name": "CVE-2019-19534",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19534"
},
{
"name": "CVE-2019-19524",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19524"
},
{
"name": "CVE-2019-14901",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14901"
},
{
"name": "CVE-2019-19537",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19537"
},
{
"name": "CVE-2019-19523",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19523"
},
{
"name": "CVE-2019-19338",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19338"
},
{
"name": "CVE-2019-19332",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19332"
},
{
"name": "CVE-2019-19527",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19527"
},
{
"name": "CVE-2019-18808",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18808"
},
{
"name": "CVE-2019-19767",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19767"
},
{
"name": "CVE-2019-19807",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19807"
},
{
"name": "CVE-2019-19055",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19055"
},
{
"name": "CVE-2019-17023",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17023"
},
{
"name": "CVE-2019-9824",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9824"
},
{
"name": "CVE-2019-9636",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9636"
},
{
"name": "CVE-2019-12749",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12749"
},
{
"name": "CVE-2019-19447",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19447"
},
{
"name": "CVE-2019-20095",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20095"
},
{
"name": "CVE-2019-20054",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20054"
},
{
"name": "CVE-2019-18634",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18634"
},
{
"name": "CVE-2019-14898",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14898"
},
{
"name": "CVE-2019-16994",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16994"
},
{
"name": "CVE-2019-18282",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18282"
},
{
"name": "CVE-2020-2732",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2732"
},
{
"name": "CVE-2019-19059",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19059"
},
{
"name": "CVE-2019-3901",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3901"
},
{
"name": "CVE-2020-9383",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9383"
},
{
"name": "CVE-2020-8647",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8647"
},
{
"name": "CVE-2020-8649",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8649"
},
{
"name": "CVE-2020-1749",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1749"
},
{
"name": "CVE-2019-9458",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9458"
},
{
"name": "CVE-2020-10942",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10942"
},
{
"name": "CVE-2019-9454",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9454"
},
{
"name": "CVE-2020-11565",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11565"
},
{
"name": "CVE-2020-10690",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10690"
},
{
"name": "CVE-2020-10751",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10751"
},
{
"name": "CVE-2020-12826",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12826"
},
{
"name": "CVE-2020-12654",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12654"
},
{
"name": "CVE-2020-10732",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10732"
},
{
"name": "CVE-2019-20636",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20636"
},
{
"name": "CVE-2019-20811",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20811"
},
{
"name": "CVE-2020-12653",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12653"
},
{
"name": "CVE-2020-10757",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10757"
},
{
"name": "CVE-2020-12770",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12770"
},
{
"name": "CVE-2020-12888",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12888"
},
{
"name": "CVE-2020-12402",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12402"
},
{
"name": "CVE-2018-16881",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16881"
},
{
"name": "CVE-2018-19519",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19519"
},
{
"name": "CVE-2020-10713",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10713"
},
{
"name": "CVE-2020-14311",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14311"
},
{
"name": "CVE-2020-14309",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14309"
},
{
"name": "CVE-2020-15706",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15706"
},
{
"name": "CVE-2020-14308",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14308"
},
{
"name": "CVE-2020-14310",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14310"
},
{
"name": "CVE-2020-15705",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15705"
},
{
"name": "CVE-2020-15707",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15707"
},
{
"name": "CVE-2020-14331",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14331"
},
{
"name": "CVE-2020-10769",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10769"
},
{
"name": "CVE-2020-14364",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14364"
},
{
"name": "CVE-2020-12400",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12400"
},
{
"name": "CVE-2020-12401",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12401"
},
{
"name": "CVE-2020-6829",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6829"
},
{
"name": "CVE-2020-14314",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14314"
},
{
"name": "CVE-2020-24394",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24394"
},
{
"name": "CVE-2020-25212",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25212"
},
{
"name": "CVE-2020-14305",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14305"
},
{
"name": "CVE-2020-10742",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10742"
},
{
"name": "CVE-2020-14385",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14385"
},
{
"name": "CVE-2020-25643",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25643"
},
{
"name": "CVE-2020-15999",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15999"
},
{
"name": "CVE-2018-20843",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20843"
},
{
"name": "CVE-2018-5729",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5729"
},
{
"name": "CVE-2018-5730",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5730"
},
{
"name": "CVE-2020-13817",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13817"
},
{
"name": "CVE-2020-11868",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11868"
},
{
"name": "CVE-2021-3156",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3156"
},
{
"name": "CVE-2019-17006",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17006"
},
{
"name": "CVE-2019-13232",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13232"
},
{
"name": "CVE-2020-10531",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10531"
},
{
"name": "CVE-2019-8696",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8696"
},
{
"name": "CVE-2019-20907",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20907"
},
{
"name": "CVE-2019-8675",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8675"
},
{
"name": "CVE-2017-12652",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12652"
},
{
"name": "CVE-2019-12450",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12450"
},
{
"name": "CVE-2020-12825",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12825"
},
{
"name": "CVE-2020-12243",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12243"
},
{
"name": "CVE-2019-14866",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14866"
},
{
"name": "CVE-2020-1983",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1983"
},
{
"name": "CVE-2019-5188",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5188"
},
{
"name": "CVE-2019-5094",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5094"
},
{
"name": "CVE-2020-10754",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10754"
},
{
"name": "CVE-2020-12049",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12049"
},
{
"name": "CVE-2019-14822",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14822"
},
{
"name": "CVE-2020-14363",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14363"
},
{
"name": "CVE-2019-9924",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9924"
},
{
"name": "CVE-2018-18751",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18751"
},
{
"name": "CVE-2019-9948",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9948"
},
{
"name": "CVE-2019-20386",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20386"
},
{
"name": "CVE-2017-13722",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13722"
},
{
"name": "CVE-2014-0210",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0210"
},
{
"name": "CVE-2018-16403",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16403"
},
{
"name": "CVE-2018-15746",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15746"
},
{
"name": "CVE-2014-6272",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6272"
},
{
"name": "CVE-2019-7638",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7638"
},
{
"name": "CVE-2015-8241",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8241"
},
{
"name": "CVE-2019-10155",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10155"
},
{
"name": "CVE-2018-11813",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11813"
},
{
"name": "CVE-2018-18310",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18310"
},
{
"name": "CVE-2018-1084",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1084"
},
{
"name": "CVE-2020-12662",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12662"
},
{
"name": "CVE-2012-4423",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4423"
},
{
"name": "CVE-2017-0902",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0902"
},
{
"name": "CVE-2018-8945",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8945"
},
{
"name": "CVE-2017-0899",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0899"
},
{
"name": "CVE-2010-2239",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2239"
},
{
"name": "CVE-2010-2242",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2242"
},
{
"name": "CVE-2017-14167",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14167"
},
{
"name": "CVE-2015-0225",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0225"
},
{
"name": "CVE-2019-11324",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11324"
},
{
"name": "CVE-2013-6458",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6458"
},
{
"name": "CVE-2018-1000075",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000075"
},
{
"name": "CVE-2018-15857",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15857"
},
{
"name": "CVE-2018-16062",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16062"
},
{
"name": "CVE-2018-10534",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10534"
},
{
"name": "CVE-2014-0179",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0179"
},
{
"name": "CVE-2018-18384",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18384"
},
{
"name": "CVE-2013-1766",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1766"
},
{
"name": "CVE-2016-6580",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6580"
},
{
"name": "CVE-2018-12697",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12697"
},
{
"name": "CVE-2018-1000301",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000301"
},
{
"name": "CVE-2019-11236",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11236"
},
{
"name": "CVE-2019-12155",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12155"
},
{
"name": "CVE-2017-0900",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0900"
},
{
"name": "CVE-2014-3598",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3598"
},
{
"name": "CVE-2017-1000050",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000050"
},
{
"name": "CVE-2018-10535",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10535"
},
{
"name": "CVE-2019-3820",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3820"
},
{
"name": "CVE-2018-16402",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16402"
},
{
"name": "CVE-2018-1116",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1116"
},
{
"name": "CVE-2018-15853",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15853"
},
{
"name": "CVE-2019-14378",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14378"
},
{
"name": "CVE-2016-1494",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1494"
},
{
"name": "CVE-2019-12312",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12312"
},
{
"name": "CVE-2013-0339",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0339"
},
{
"name": "CVE-2019-16935",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16935"
},
{
"name": "CVE-2015-6525",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6525"
},
{
"name": "CVE-2016-6581",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6581"
},
{
"name": "CVE-2013-4520",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4520"
},
{
"name": "CVE-2014-3633",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3633"
},
{
"name": "CVE-2014-3004",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3004"
},
{
"name": "CVE-2015-9381",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9381"
},
{
"name": "CVE-2016-5361",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5361"
},
{
"name": "CVE-2018-14598",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14598"
},
{
"name": "CVE-2014-1447",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1447"
},
{
"name": "CVE-2018-20852",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20852"
},
{
"name": "CVE-2012-2693",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2693"
},
{
"name": "CVE-2018-7208",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7208"
},
{
"name": "CVE-2018-12910",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12910"
},
{
"name": "CVE-2019-8325",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8325"
},
{
"name": "CVE-2015-7497",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7497"
},
{
"name": "CVE-2019-7665",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7665"
},
{
"name": "CVE-2018-15854",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15854"
},
{
"name": "CVE-2019-13404",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13404"
},
{
"name": "CVE-2015-5160",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5160"
},
{
"name": "CVE-2018-10767",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10767"
},
{
"name": "CVE-2018-7550",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7550"
},
{
"name": "CVE-2016-3076",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3076"
},
{
"name": "CVE-2018-14404",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14404"
},
{
"name": "CVE-2018-18521",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18521"
},
{
"name": "CVE-2018-19788",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19788"
},
{
"name": "CVE-2019-8322",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8322"
},
{
"name": "CVE-2019-3840",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3840"
},
{
"name": "CVE-2016-9189",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9189"
},
{
"name": "CVE-2015-9262",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9262"
},
{
"name": "CVE-2018-14647",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14647"
},
{
"name": "CVE-2019-17041",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17041"
},
{
"name": "CVE-2019-14906",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14906"
},
{
"name": "CVE-2018-1000073",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000073"
},
{
"name": "CVE-2019-9947",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9947"
},
{
"name": "CVE-2017-1000158",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000158"
},
{
"name": "CVE-2019-7635",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7635"
},
{
"name": "CVE-2019-7576",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7576"
},
{
"name": "CVE-2019-14834",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14834"
},
{
"name": "CVE-2018-15855",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15855"
},
{
"name": "CVE-2019-7149",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7149"
},
{
"name": "CVE-2018-7642",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7642"
},
{
"name": "CVE-2019-5010",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5010"
},
{
"name": "CVE-2018-12641",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12641"
},
{
"name": "CVE-2021-3396",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3396"
},
{
"name": "CVE-2020-12403",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12403"
},
{
"name": "CVE-2017-15268",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15268"
},
{
"name": "CVE-2018-15587",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15587"
},
{
"name": "CVE-2016-10746",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10746"
},
{
"name": "CVE-2017-13711",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13711"
},
{
"name": "CVE-2014-8131",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8131"
},
{
"name": "CVE-2014-9601",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9601"
},
{
"name": "CVE-2014-3657",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3657"
},
{
"name": "CVE-2018-10373",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10373"
},
{
"name": "CVE-2017-17790",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17790"
},
{
"name": "CVE-2011-2511",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2511"
},
{
"name": "CVE-2018-1000802",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000802"
},
{
"name": "CVE-2017-7555",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7555"
},
{
"name": "CVE-2016-9015",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9015"
},
{
"name": "CVE-2017-13720",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13720"
},
{
"name": "CVE-2018-11782",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11782"
},
{
"name": "CVE-2017-11671",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11671"
},
{
"name": "CVE-2017-10664",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10664"
},
{
"name": "CVE-2018-11213",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11213"
},
{
"name": "CVE-2013-6457",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6457"
},
{
"name": "CVE-2019-10138",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10138"
},
{
"name": "CVE-2019-7578",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7578"
},
{
"name": "CVE-2020-7039",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7039"
},
{
"name": "CVE-2017-11368",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11368"
},
{
"name": "CVE-2018-0494",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0494"
},
{
"name": "CVE-2019-20485",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20485"
},
{
"name": "CVE-2003-1418",
"url": "https://www.cve.org/CVERecord?id=CVE-2003-1418"
},
{
"name": "CVE-2017-15289",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15289"
},
{
"name": "CVE-2016-5391",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5391"
},
{
"name": "CVE-2017-2810",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2810"
},
{
"name": "CVE-2018-15864",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15864"
},
{
"name": "CVE-2017-18207",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18207"
},
{
"name": "CVE-2019-12761",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12761"
},
{
"name": "CVE-2013-5651",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5651"
},
{
"name": "CVE-2017-17522",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17522"
},
{
"name": "CVE-2019-20382",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20382"
},
{
"name": "CVE-2016-2533",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2533"
},
{
"name": "CVE-2019-14287",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14287"
},
{
"name": "CVE-2018-18520",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18520"
},
{
"name": "CVE-2019-9740",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9740"
},
{
"name": "CVE-2019-7575",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7575"
},
{
"name": "CVE-2015-5652",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5652"
},
{
"name": "CVE-2019-7572",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7572"
},
{
"name": "CVE-2017-6519",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6519"
},
{
"name": "CVE-2018-10906",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10906"
},
{
"name": "CVE-2018-15863",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15863"
},
{
"name": "CVE-2018-15862",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15862"
},
{
"name": "CVE-2018-1000079",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000079"
},
{
"name": "CVE-2019-7664",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7664"
},
{
"name": "CVE-2017-5992",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5992"
},
{
"name": "CVE-2019-16865",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16865"
},
{
"name": "CVE-2019-8324",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8324"
},
{
"name": "CVE-2018-1000076",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000076"
},
{
"name": "CVE-2018-1000030",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000030"
},
{
"name": "CVE-2018-1000074",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000074"
},
{
"name": "CVE-2017-0901",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0901"
},
{
"name": "CVE-2018-7568",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7568"
},
{
"name": "CVE-2016-0775",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0775"
},
{
"name": "CVE-2018-15688",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15688"
},
{
"name": "CVE-2018-14599",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14599"
},
{
"name": "CVE-2018-10733",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10733"
},
{
"name": "CVE-2016-9396",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9396"
},
{
"name": "CVE-2019-10160",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10160"
},
{
"name": "CVE-2017-7562",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7562"
},
{
"name": "CVE-2016-1000032",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000032"
},
{
"name": "CVE-2017-15124",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15124"
},
{
"name": "CVE-2018-1113",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1113"
},
{
"name": "CVE-2013-4399",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4399"
},
{
"name": "CVE-2019-7636",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7636"
},
{
"name": "CVE-2014-3672",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3672"
},
{
"name": "CVE-2018-4700",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4700"
},
{
"name": "CVE-2017-0903",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0903"
},
{
"name": "CVE-2018-15856",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15856"
},
{
"name": "CVE-2018-1000078",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000078"
},
{
"name": "CVE-2019-7573",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7573"
},
{
"name": "CVE-2018-1000077",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000077"
},
{
"name": "CVE-2010-2237",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2237"
},
{
"name": "CVE-2018-1000876",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000876"
},
{
"name": "CVE-2018-14348",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14348"
},
{
"name": "CVE-2019-3890",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3890"
},
{
"name": "CVE-2015-7498",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7498"
},
{
"name": "CVE-2019-7577",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7577"
},
{
"name": "CVE-2016-0740",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0740"
},
{
"name": "CVE-2018-4180",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4180"
},
{
"name": "CVE-2013-4297",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4297"
},
{
"name": "CVE-2010-2238",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2238"
},
{
"name": "CVE-2018-14600",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14600"
},
{
"name": "CVE-2017-13090",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13090"
},
{
"name": "CVE-2013-7336",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-7336"
},
{
"name": "CVE-2018-10372",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10372"
},
{
"name": "CVE-2019-7637",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7637"
},
{
"name": "CVE-2018-11806",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11806"
},
{
"name": "CVE-2018-7643",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7643"
},
{
"name": "CVE-2015-0236",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0236"
},
{
"name": "CVE-2018-1000117",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000117"
},
{
"name": "CVE-2014-0209",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0209"
},
{
"name": "CVE-2013-2230",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2230"
},
{
"name": "CVE-2018-1122",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1122"
},
{
"name": "CVE-2014-3960",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3960"
},
{
"name": "CVE-2019-16056",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16056"
},
{
"name": "CVE-2020-12663",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12663"
},
{
"name": "CVE-2018-10768",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10768"
},
{
"name": "CVE-2017-16611",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16611"
},
{
"name": "CVE-2014-7823",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7823"
},
{
"name": "CVE-2020-10703",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10703"
},
{
"name": "CVE-2018-7569",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7569"
},
{
"name": "CVE-2013-4154",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4154"
},
{
"name": "CVE-2018-20060",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20060"
},
{
"name": "CVE-2015-9382",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9382"
},
{
"name": "CVE-2017-18190",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18190"
},
{
"name": "CVE-2016-4009",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4009"
},
{
"name": "CVE-2018-13033",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13033"
},
{
"name": "CVE-2016-9190",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9190"
},
{
"name": "CVE-2019-7574",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7574"
},
{
"name": "CVE-2016-0772",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0772"
},
{
"name": "CVE-2016-5699",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5699"
},
{
"name": "CVE-2011-1486",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1486"
},
{
"name": "CVE-2020-5208",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-5208"
},
{
"name": "CVE-2019-6778",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6778"
},
{
"name": "CVE-2020-10772",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10772"
},
{
"name": "CVE-2020-25637",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25637"
},
{
"name": "CVE-2018-10360",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10360"
},
{
"name": "CVE-2018-15859",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15859"
},
{
"name": "CVE-2017-13089",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13089"
},
{
"name": "CVE-2019-12779",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12779"
},
{
"name": "CVE-2019-1010238",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1010238"
},
{
"name": "CVE-2019-6690",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6690"
},
{
"name": "CVE-2015-8317",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8317"
},
{
"name": "CVE-2018-4181",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4181"
},
{
"name": "CVE-2019-8323",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8323"
},
{
"name": "CVE-2016-3616",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3616"
},
{
"name": "CVE-2018-14498",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14498"
},
{
"name": "CVE-2018-15861",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15861"
},
{
"name": "CVE-2019-7150",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7150"
},
{
"name": "CVE-2019-17042",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17042"
},
{
"name": "CVE-2016-5008",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5008"
},
{
"name": "CVE-2014-4616",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4616"
}
],
"initial_release_date": "2022-03-23T00:00:00",
"last_revision_date": "2022-03-23T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-267",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-03-23T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Juniper Networks\nJunos Space. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Juniper Networks Junos Space",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11176 du 22 mars 2022",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11176\u0026cat=SIRT_1\u0026actp=LIST"
}
]
}
ghsa-w7f2-gjxf-2gm9
Vulnerability from github
Published
2022-05-14 02:49
Modified
2022-07-06 20:40
VLAI Severity ?
Summary
Improper Neutralization of Special Elements used in a Command in Apache Cassandra
Details
The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.cassandra:apache-cassandra"
},
"ranges": [
{
"events": [
{
"introduced": "1.2.0"
},
{
"fixed": "2.0.14"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.cassandra:apache-cassandra"
},
"ranges": [
{
"events": [
{
"introduced": "2.1.0"
},
{
"fixed": "2.1.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2015-0225"
],
"database_specific": {
"cwe_ids": [
"CWE-77"
],
"github_reviewed": true,
"github_reviewed_at": "2022-07-06T20:40:57Z",
"nvd_published_at": "2015-04-03T14:59:00Z",
"severity": "HIGH"
},
"details": "The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request.",
"id": "GHSA-w7f2-gjxf-2gm9",
"modified": "2022-07-06T20:40:57Z",
"published": "2022-05-14T02:49:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0225"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/131249/Apache-Cassandra-Remote-Code-Execution.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1947.html"
},
{
"type": "WEB",
"url": "http://www.mail-archive.com/user@cassandra.apache.org/msg41819.html"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Improper Neutralization of Special Elements used in a Command in Apache Cassandra"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…