cvelistv5 - cve-2018-0644

CVE-2018-0644 (GCVE-0-2018-0644)

Vulnerability from cvelistv5

Published

2018-09-07 14:00

Modified

2024-08-05 03:35

Severity ?

CWE

Buffer Overflow

Summary

References

URL

	Vendor	Product	Version
	ORCA Management Organization Co., Ltd.	Ubuntu14.04 ORCA(Online Receipt Computer Advantage)4.8.0(panda-client2) 1:1.4.9+p41-u4jma1 and earlier, Ubuntu14.04 ORCA(Online Receipt Computer Advantage)5.0.0(panda-client2) 1:2.0.0+p48-u4jma1 and earlier, and Ubuntu16.04 ORCA(Online Receipt Computer Advantage)5.0.0(panda-client2) 1:2.0.0+p48-u5jma1 and earlier	Version: unspecified

ghsa-4hv9-v5p5-w4mc

Vulnerability from github

Published

2022-05-14 01:58

Modified

2022-05-14 01:58

Severity ?

6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-0644"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-09-07T14:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Buffer overflow in Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 4.8.0 (panda-client2) 1:1.4.9+p41-u4jma1 and earlier, Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 5.0.0 (panda-client2) 1:2.0.0+p48-u4jma1 and earlier, and Ubuntu16.04 ORCA (Online Receipt Computer Advantage) 5.0.0 (panda-client2) 1:2.0.0+p48-u5jma1 and earlier allows authenticated attackers to cause denial-of-service (DoS) condition via unspecified vectors.",
  "id": "GHSA-4hv9-v5p5-w4mc",
  "modified": "2022-05-14T01:58:44Z",
  "published": "2022-05-14T01:58:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0644"
    },
    {
      "type": "WEB",
      "url": "https://www.orca.med.or.jp/news/vulnerability_2018-07-18-1.html"
    },
    {
      "type": "WEB",
      "url": "http://jvn.jp/en/jp/JVN37376131/index.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

gsd-2018-0644

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2018-0644

Aliases

CVE-2018-0644

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-0644",
    "description": "Buffer overflow in Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 4.8.0 (panda-client2) 1:1.4.9+p41-u4jma1 and earlier, Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 5.0.0 (panda-client2) 1:2.0.0+p48-u4jma1 and earlier, and Ubuntu16.04 ORCA (Online Receipt Computer Advantage) 5.0.0 (panda-client2) 1:2.0.0+p48-u5jma1 and earlier allows authenticated attackers to cause denial-of-service (DoS) condition via unspecified vectors.",
    "id": "GSD-2018-0644"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-0644"
      ],
      "details": "Buffer overflow in Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 4.8.0 (panda-client2) 1:1.4.9+p41-u4jma1 and earlier, Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 5.0.0 (panda-client2) 1:2.0.0+p48-u4jma1 and earlier, and Ubuntu16.04 ORCA (Online Receipt Computer Advantage) 5.0.0 (panda-client2) 1:2.0.0+p48-u5jma1 and earlier allows authenticated attackers to cause denial-of-service (DoS) condition via unspecified vectors.",
      "id": "GSD-2018-0644",
      "modified": "2023-12-13T01:22:24.773333Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2018-0644",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Ubuntu14.04 ORCA(Online Receipt Computer Advantage)4.8.0(panda-client2) 1:1.4.9+p41-u4jma1 and earlier, Ubuntu14.04 ORCA(Online Receipt Computer Advantage)5.0.0(panda-client2) 1:2.0.0+p48-u4jma1 and earlier, and Ubuntu16.04 ORCA(Online Receipt Computer Advantage)5.0.0(panda-client2) 1:2.0.0+p48-u5jma1 and earlier",
                    "version": {
                      "version_data": [
                        {
                          "version_value": ""
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "ORCA Management Organization Co., Ltd."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Buffer overflow in Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 4.8.0 (panda-client2) 1:1.4.9+p41-u4jma1 and earlier, Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 5.0.0 (panda-client2) 1:2.0.0+p48-u4jma1 and earlier, and Ubuntu16.04 ORCA (Online Receipt Computer Advantage) 5.0.0 (panda-client2) 1:2.0.0+p48-u5jma1 and earlier allows authenticated attackers to cause denial-of-service (DoS) condition via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Buffer Overflow"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "JVN#37376131",
            "refsource": "JVN",
            "url": "http://jvn.jp/en/jp/JVN37376131/index.html"
          },
          {
            "name": "https://www.orca.med.or.jp/news/vulnerability_2018-07-18-1.html",
            "refsource": "CONFIRM",
            "url": "https://www.orca.med.or.jp/news/vulnerability_2018-07-18-1.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2018-0644"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Buffer overflow in Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 4.8.0 (panda-client2) 1:1.4.9+p41-u4jma1 and earlier, Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 5.0.0 (panda-client2) 1:2.0.0+p48-u4jma1 and earlier, and Ubuntu16.04 ORCA (Online Receipt Computer Advantage) 5.0.0 (panda-client2) 1:2.0.0+p48-u5jma1 and earlier allows authenticated attackers to cause denial-of-service (DoS) condition via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.orca.med.or.jp/news/vulnerability_2018-07-18-1.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.orca.med.or.jp/news/vulnerability_2018-07-18-1.html"
            },
            {
              "name": "JVN#37376131",
              "refsource": "JVN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://jvn.jp/en/jp/JVN37376131/index.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2018-11-16T15:34Z",
      "publishedDate": "2018-09-07T14:29Z"
    }
  }
}

Buffer overflow in Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 4.8.0 (panda-client2) 1:1.4.9+p41-u4jma1 and earlier, Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 5.0.0 (panda-client2) 1:2.0.0+p48-u4jma1 and earlier, and Ubuntu16.04 ORCA (Online Receipt Computer Advantage) 5.0.0 (panda-client2) 1:2.0.0+p48-u5jma1 and earlier allows authenticated attackers to cause denial-of-service (DoS) condition via unspecified vectors. * OS command injection (CWE-78) - CVE-2018-0643 * Buffer overflow (CWE-119) - CVE-2018-0644 IoT x Security Hackathon 2016 all participants reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.The possible impact of each vulnerability is as follows: * A user with access to the network that is connected to the affected product may execute an arbitrary command on the product - CVE-2018-0643 * If a user opens a specially crafted file while logged into the affected product, that may result in a denial-of-service (DoS) condition - CVE-2018-0644. The software supports functions such as electronic medical record management and collaboration software extensions.

A buffer overflow vulnerability exists in ORCA, which can be exploited by an attacker to cause a denial of service

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201809-0641",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "canonical",
        "version": "14.04"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "canonical",
        "version": "16.04"
      },
      {
        "model": "ubuntu14.04 orca",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "orca management organization",
        "version": "4.8.0(panda-client2) 1:1.4.9+p41-u4jma1  (cve-2018-0644)"
      },
      {
        "model": "ubuntu14.04 orca",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "orca management organization",
        "version": "4.8.0(panda-server) 1:1.4.9+p41-u4jma1  (cve-2018-0643)"
      },
      {
        "model": "ubuntu14.04 orca",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "orca management organization",
        "version": "5.0.0(panda-client2) 1:2.0.0+p48-u4jma1  (cve-2018-0644)"
      },
      {
        "model": "ubuntu16.04 orca",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "orca management organization",
        "version": "5.0.0(panda-client2) 1:2.0.0+p48-u5jma1  (cve-2018-0644)"
      },
      {
        "model": "online receipt computer advantage 1:1.4.9+p41-u4jma1",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "orca management organization",
        "version": "\u003c=4.8.0"
      },
      {
        "model": "online receipt computer advantage 1:2.0.0+p48-u4jma1",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "orca management organization",
        "version": "\u003c=5.0.0"
      },
      {
        "model": "online receipt computer advantage 1:2.0.0+p48-u5jma1",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "orca management organization",
        "version": "\u003c=5.0.0"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-18603"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000081"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-416"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0644"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:orcamo:ubuntu_14.04_online_receipt_computer_advantage",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:orcamo:ubuntu_16.04_online_receipt_computer_advantage",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000081"
      }
    ]
  },
  "cve": "CVE-2018-0644",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.0,
            "id": "CVE-2018-0644",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.0,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Adjacent Network",
            "authentication": "Single",
            "author": "IPA",
            "availabilityImpact": "Partial",
            "baseScore": 5.2,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000081",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Adjacent Network",
            "authentication": "Single",
            "author": "IPA",
            "availabilityImpact": "Partial",
            "baseScore": 4.9,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000081",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "SINGLE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.2,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 5.1,
            "id": "CNVD-2018-18603",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.8,
            "id": "CVE-2018-0644",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Adjacent Network",
            "author": "IPA",
            "availabilityImpact": "Low",
            "baseScore": 5.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000081",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Adjacent Network",
            "author": "IPA",
            "availabilityImpact": "Low",
            "baseScore": 4.1,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000081",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "IPA",
            "id": "JVNDB-2018-000081",
            "trust": 1.6,
            "value": "Medium"
          },
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-0644",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-18603",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201809-416",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-18603"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000081"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000081"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-416"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0644"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Buffer overflow in Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 4.8.0 (panda-client2) 1:1.4.9+p41-u4jma1 and earlier, Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 5.0.0 (panda-client2) 1:2.0.0+p48-u4jma1 and earlier, and Ubuntu16.04 ORCA (Online Receipt Computer Advantage) 5.0.0 (panda-client2) 1:2.0.0+p48-u5jma1 and earlier allows authenticated attackers to cause denial-of-service (DoS) condition via unspecified vectors. * OS command injection (CWE-78) - CVE-2018-0643 * Buffer overflow (CWE-119) - CVE-2018-0644 IoT x Security Hackathon 2016 all participants reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.The possible impact of each vulnerability is as follows: * A user with access to the network that is connected to the affected product may execute an arbitrary command on the product - CVE-2018-0643 * If a user opens a specially crafted file while logged into the affected product, that may result in a denial-of-service (DoS) condition - CVE-2018-0644. The software supports functions such as electronic medical record management and collaboration software extensions. \r\n\r\n\r\nA buffer overflow vulnerability exists in ORCA, which can be exploited by an attacker to cause a denial of service",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-0644"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000081"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-18603"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "JVN",
        "id": "JVN37376131",
        "trust": 3.0
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0644",
        "trust": 3.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000081",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-18603",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-416",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-18603"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000081"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-416"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0644"
      }
    ]
  },
  "id": "VAR-201809-0641",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-18603"
      }
    ],
    "trust": 1.6
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-18603"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:45:14.673000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "ORCA Management Organization Co., Ltd. website",
        "trust": 0.8,
        "url": "https://www.orca.med.or.jp/news/vulnerability_2018-07-18-1.html"
      },
      {
        "title": "Patch for Online Receipt Computer Advantage Buffer Overflow Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/139969"
      },
      {
        "title": "Online Receipt Computer Advantage Buffer error vulnerability fix",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84710"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-18603"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000081"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-416"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.8
      },
      {
        "problemtype": "CWE-78",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000081"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0644"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.0,
        "url": "http://jvn.jp/en/jp/jvn37376131/index.html"
      },
      {
        "trust": 2.2,
        "url": "https://www.orca.med.or.jp/news/vulnerability_2018-07-18-1.html"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0643"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0644"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0644"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0643"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-18603"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000081"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-416"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0644"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-18603"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000081"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-416"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0644"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-09-12T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-18603"
      },
      {
        "date": "2018-07-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-000081"
      },
      {
        "date": "2018-09-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201809-416"
      },
      {
        "date": "2018-09-07T14:29:01.087000",
        "db": "NVD",
        "id": "CVE-2018-0644"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-09-12T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-18603"
      },
      {
        "date": "2019-07-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-000081"
      },
      {
        "date": "2018-09-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201809-416"
      },
      {
        "date": "2024-11-21T03:38:39.200000",
        "db": "NVD",
        "id": "CVE-2018-0644"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-416"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple vulnerabilities in ORCA(Online Receipt Computer Advantage)",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000081"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-416"
      }
    ],
    "trust": 0.6
  }
}

cnvd-2018-18603

Vulnerability from cnvd

Title

Online Receipt Computer Advantage缓冲区溢出漏洞

Description

Online Receipt Computer Advantage（CRCA）是日本ORCA Management Organization公司的一套医疗会计软件。该软件支持电子病历管理和协作软件扩展等功能。 ORCA中存在缓冲区溢出漏洞，攻击者可利用该漏洞造成拒绝服务。

Severity

中

Patch Name

Online Receipt Computer Advantage缓冲区溢出漏洞的补丁

Patch Description

Online Receipt Computer Advantage（CRCA）是日本ORCA Management Organization公司的一套医疗会计软件。该软件支持电子病历管理和协作软件扩展等功能。 ORCA中存在缓冲区溢出漏洞，攻击者可利用该漏洞造成拒绝服务。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.orca.med.or.jp/news/vulnerability_2018-07-18-1.html

Reference

http://jvn.jp/en/jp/JVN37376131/index.html https://www.orca.med.or.jp/news/vulnerability_2018-07-18-1.html

Impacted products

Name
['ORCA Management Organization Co., Ltd. Online Receipt Computer Advantage（CRCA） <=4.8.0 (panda-client2) 1:1.4.9+p41-u4jma1', 'ORCA Management Organization Co., Ltd. Online Receipt Computer Advantage（CRCA） <=5.0.0 (panda-client2) 1:2.0.0+p48-u4jma1', 'ORCA Management Organization Co., Ltd. Online Receipt Computer Advantage（CRCA） <=5.0.0 (panda-client2) 1:2.0.0+p48-u5jma1']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-0644"
    }
  },
  "description": "Online Receipt Computer Advantage\uff08CRCA\uff09\u662f\u65e5\u672cORCA Management Organization\u516c\u53f8\u7684\u4e00\u5957\u533b\u7597\u4f1a\u8ba1\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u652f\u6301\u7535\u5b50\u75c5\u5386\u7ba1\u7406\u548c\u534f\u4f5c\u8f6f\u4ef6\u6269\u5c55\u7b49\u529f\u80fd\u3002\r\n\r\nORCA\u4e2d\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
  "discovererName": "IoT x Security Hackathon 2016 all participants",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.orca.med.or.jp/news/vulnerability_2018-07-18-1.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-18603",
  "openTime": "2018-09-12",
  "patchDescription": "Online Receipt Computer Advantage\uff08CRCA\uff09\u662f\u65e5\u672cORCA Management Organization\u516c\u53f8\u7684\u4e00\u5957\u533b\u7597\u4f1a\u8ba1\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u652f\u6301\u7535\u5b50\u75c5\u5386\u7ba1\u7406\u548c\u534f\u4f5c\u8f6f\u4ef6\u6269\u5c55\u7b49\u529f\u80fd\u3002\r\n\r\nORCA\u4e2d\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Online Receipt Computer Advantage\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "ORCA Management Organization Co., Ltd. Online Receipt Computer Advantage\uff08CRCA\uff09 \u003c=4.8.0 (panda-client2) 1:1.4.9+p41-u4jma1",
      "ORCA Management Organization Co., Ltd. Online Receipt Computer Advantage\uff08CRCA\uff09 \u003c=5.0.0 (panda-client2) 1:2.0.0+p48-u4jma1",
      "ORCA Management Organization Co., Ltd. Online Receipt Computer Advantage\uff08CRCA\uff09 \u003c=5.0.0 (panda-client2) 1:2.0.0+p48-u5jma1"
    ]
  },
  "referenceLink": "http://jvn.jp/en/jp/JVN37376131/index.html\r\nhttps://www.orca.med.or.jp/news/vulnerability_2018-07-18-1.html",
  "serverity": "\u4e2d",
  "submitTime": "2018-09-11",
  "title": "Online Receipt Computer Advantage\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}

fkie_cve-2018-0644

Vulnerability from fkie_nvd

Published

2018-09-07 14:29

Modified

2024-11-21 03:38

Severity ?

6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
vultures@jpcert.or.jp	http://jvn.jp/en/jp/JVN37376131/index.html	Third Party Advisory
vultures@jpcert.or.jp	https://www.orca.med.or.jp/news/vulnerability_2018-07-18-1.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://jvn.jp/en/jp/JVN37376131/index.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.orca.med.or.jp/news/vulnerability_2018-07-18-1.html	Vendor Advisory

Impacted products

	Vendor	Product	Version
	canonical	ubuntu_linux	14.04
	canonical	ubuntu_linux	16.04

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 4.8.0 (panda-client2) 1:1.4.9+p41-u4jma1 and earlier, Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 5.0.0 (panda-client2) 1:2.0.0+p48-u4jma1 and earlier, and Ubuntu16.04 ORCA (Online Receipt Computer Advantage) 5.0.0 (panda-client2) 1:2.0.0+p48-u5jma1 and earlier allows authenticated attackers to cause denial-of-service (DoS) condition via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer en Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 4.8.0 (panda-client2) 1:1.4.9+p41-u4jma1 y anteriores, Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 5.0.0 (panda-client2) 1:2.0.0+p48-u4jma1 y anteriores y Ubuntu16.04 ORCA (Online Receipt Computer Advantage) 5.0.0 (panda-client2) 1:2.0.0+p48-u5jma1 y anteriores permite que atacantes autenticados provoquen una condici\u00f3n de denegaci\u00f3n de servicio (DoS) mediante vectores sin especificar."
    }
  ],
  "id": "CVE-2018-0644",
  "lastModified": "2024-11-21T03:38:39.200",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-09-07T14:29:01.087",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://jvn.jp/en/jp/JVN37376131/index.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.orca.med.or.jp/news/vulnerability_2018-07-18-1.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://jvn.jp/en/jp/JVN37376131/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.orca.med.or.jp/news/vulnerability_2018-07-18-1.html"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2018-0644

Vulnerability from jvndb

Published

2018-07-18 15:35

Modified

2019-07-25 16:59

Severity ?

5.5 (Medium) - cvssV3_0 - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Summary

Multiple vulnerabilities in ORCA(Online Receipt Computer Advantage)

Details

ORCA(Online Receipt Computer Advantage) provided by ORCA Management Organization Co., Ltd contains vulnerabilities listed below. * OS command injection (CWE-78) - CVE-2018-0643 * Buffer overflow (CWE-119) - CVE-2018-0644 IoT x Security Hackathon 2016 all participants reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type

URL

	JVN	http://jvn.jp/en/jp/JVN37376131/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0643
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0644
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-0643
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-0644
	Buffer Errors(CWE-119)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	OS Command Injection(CWE-78)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

	ORCA Management Organization Co., Ltd	Ubuntu14.04 ORCA(Online Receipt Computer Advantage)
	ORCA Management Organization Co., Ltd	Ubuntu16.04 ORCA(Online Receipt Computer Advantage)

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000081.html",
  "dc:date": "2019-07-25T16:59+09:00",
  "dcterms:issued": "2018-07-18T15:35+09:00",
  "dcterms:modified": "2019-07-25T16:59+09:00",
  "description": "ORCA(Online Receipt Computer Advantage) provided by ORCA Management Organization Co., Ltd contains vulnerabilities listed below.\r\n* OS command injection (CWE-78) - CVE-2018-0643\r\n* Buffer overflow (CWE-119) - CVE-2018-0644\r\n\r\nIoT x Security Hackathon 2016 all participants reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000081.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:orcamo:ubuntu_14.04_online_receipt_computer_advantage",
      "@product": "Ubuntu14.04 ORCA(Online Receipt Computer Advantage)",
      "@vendor": "ORCA Management Organization Co., Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:orcamo:ubuntu_16.04_online_receipt_computer_advantage",
      "@product": "Ubuntu16.04 ORCA(Online Receipt Computer Advantage)",
      "@vendor": "ORCA Management Organization Co., Ltd",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "5.2",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "5.5",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2018-000081",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN37376131/index.html",
      "@id": "JVN#37376131",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0643",
      "@id": "CVE-2018-0643",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0644",
      "@id": "CVE-2018-0644",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0643",
      "@id": "CVE-2018-0643",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0644",
      "@id": "CVE-2018-0644",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-119",
      "@title": "Buffer Errors(CWE-119)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-78",
      "@title": "OS Command Injection(CWE-78)"
    }
  ],
  "title": "Multiple vulnerabilities in ORCA(Online Receipt Computer Advantage)"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2018-0644 (GCVE-0-2018-0644)

Vulnerability from cvelistv5

ghsa-4hv9-v5p5-w4mc

Vulnerability from github

gsd-2018-0644

Vulnerability from gsd

var-201809-0641

Vulnerability from variot

cnvd-2018-18603

Vulnerability from cnvd

fkie_cve-2018-0644

Vulnerability from fkie_nvd

cve-2018-0644

Vulnerability from jvndb

Tags

Sightings

Nomenclature