gsd-2019-13117
Vulnerability from gsd
Modified
2019-10-31 00:00
Details
Nokogiri v1.10.5 has been released.
This is a security release. It addresses three CVEs in upstream libxml2,
for which details are below.
If you're using your distro's system libraries, rather than Nokogiri's
vendored libraries, there's no security need to upgrade at this time,
though you may want to check with your distro whether they've patched this
(Canonical has patched Ubuntu packages). Note that libxslt 1.1.34 addresses
these vulnerabilities.
Full details about the security update are available in Github Issue
[#1943] https://github.com/sparklemotion/nokogiri/issues/1943.
---
CVE-2019-13117
https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13117.html
Priority: Low
Description: In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings
could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This
could allow an attacker to discern whether a byte on the stack contains the
characters A, a, I, i, or 0, or any other character.
Patched with commit https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1
---
CVE-2019-13118
https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13118.html
Priority: Low
Description: In numbers.c in libxslt 1.1.33, a type holding grouping characters of an
xsl:number instruction was too narrow and an invalid character/length
combination could be passed to xsltNumberFormatDecimal, leading to a read
of uninitialized stack data
Patched with commit https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b
---
CVE-2019-18197
https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18197.html
Priority: Medium
Description: In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't
reset under certain circumstances. If the relevant memory area happened to
be freed and reused in a certain way, a bounds check could fail and memory
outside a buffer could be written to, or uninitialized data could be
disclosed.
Patched with commit https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-13117",
"description": "In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.",
"id": "GSD-2019-13117",
"references": [
"https://www.suse.com/security/cve/CVE-2019-13117.html",
"https://ubuntu.com/security/CVE-2019-13117",
"https://advisories.mageia.org/CVE-2019-13117.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "nokogiri",
"purl": "pkg:gem/nokogiri"
}
}
],
"aliases": [
"CVE-2019-13117"
],
"details": "Nokogiri v1.10.5 has been released.\n\nThis is a security release. It addresses three CVEs in upstream libxml2,\nfor which details are below.\n\nIf you\u0027re using your distro\u0027s system libraries, rather than Nokogiri\u0027s\nvendored libraries, there\u0027s no security need to upgrade at this time,\nthough you may want to check with your distro whether they\u0027ve patched this\n(Canonical has patched Ubuntu packages). Note that libxslt 1.1.34 addresses\nthese vulnerabilities.\n\nFull details about the security update are available in Github Issue\n[#1943] https://github.com/sparklemotion/nokogiri/issues/1943.\n\n---\n\nCVE-2019-13117\n\nhttps://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13117.html\n\nPriority: Low\n\nDescription: In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings\ncould lead to a uninitialized read in xsltNumberFormatInsertNumbers. This\ncould allow an attacker to discern whether a byte on the stack contains the\ncharacters A, a, I, i, or 0, or any other character.\n\nPatched with commit https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1\n\n---\n\nCVE-2019-13118\n\nhttps://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13118.html\n\nPriority: Low\n\nDescription: In numbers.c in libxslt 1.1.33, a type holding grouping characters of an\nxsl:number instruction was too narrow and an invalid character/length\ncombination could be passed to xsltNumberFormatDecimal, leading to a read\nof uninitialized stack data\n\nPatched with commit https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b\n\n---\n\nCVE-2019-18197\n\nhttps://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18197.html\n\nPriority: Medium\n\nDescription: In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn\u0027t\nreset under certain circumstances. If the relevant memory area happened to\nbe freed and reused in a certain way, a bounds check could fail and memory\noutside a buffer could be written to, or uninitialized data could be\ndisclosed.\n\nPatched with commit https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285\n",
"id": "GSD-2019-13117",
"modified": "2019-10-31T00:00:00.000Z",
"published": "2019-10-31T00:00:00.000Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/sparklemotion/nokogiri/issues/1943"
},
{
"type": "WEB",
"url": "https://groups.google.com/d/msg/ruby-security-ann/-Wq4aouIA3Q/yc76ZHemBgAJ"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4164-1/"
},
{
"type": "WEB",
"url": "https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1"
},
{
"type": "WEB",
"url": "https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b"
},
{
"type": "WEB",
"url": "https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285"
}
],
"related": [
"CVE-2019-13118",
"CVE-2019-18197"
],
"schema_version": "1.4.0",
"summary": "Nokogiri gem, via libxslt, is affected by multiple vulnerabilities"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13117",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1",
"refsource": "MISC",
"url": "https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1"
},
{
"name": "https://oss-fuzz.com/testcase-detail/5631739747106816",
"refsource": "MISC",
"url": "https://oss-fuzz.com/testcase-detail/5631739747106816"
},
{
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471"
},
{
"name": "[debian-lts-announce] 20190722 [SECURITY] [DLA 1860-1] libxslt security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190806-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190806-0004/"
},
{
"name": "USN-4164-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4164-1/"
},
{
"name": "FEDORA-2019-fdf6ec39b4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/"
},
{
"name": "[oss-security] 20191117 Nokogiri security update v1.10.5",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/11/17/2"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200122-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
},
{
"name": "openSUSE-SU-2020:0731",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
}
]
}
},
"github.com/rubysec/ruby-advisory-db": {
"cve": "2019-13117",
"date": "2019-10-31",
"description": "Nokogiri v1.10.5 has been released.\n\nThis is a security release. It addresses three CVEs in upstream libxml2,\nfor which details are below.\n\nIf you\u0027re using your distro\u0027s system libraries, rather than Nokogiri\u0027s\nvendored libraries, there\u0027s no security need to upgrade at this time,\nthough you may want to check with your distro whether they\u0027ve patched this\n(Canonical has patched Ubuntu packages). Note that libxslt 1.1.34 addresses\nthese vulnerabilities.\n\nFull details about the security update are available in Github Issue\n[#1943] https://github.com/sparklemotion/nokogiri/issues/1943.\n\n---\n\nCVE-2019-13117\n\nhttps://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13117.html\n\nPriority: Low\n\nDescription: In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings\ncould lead to a uninitialized read in xsltNumberFormatInsertNumbers. This\ncould allow an attacker to discern whether a byte on the stack contains the\ncharacters A, a, I, i, or 0, or any other character.\n\nPatched with commit https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1\n\n---\n\nCVE-2019-13118\n\nhttps://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13118.html\n\nPriority: Low\n\nDescription: In numbers.c in libxslt 1.1.33, a type holding grouping characters of an\nxsl:number instruction was too narrow and an invalid character/length\ncombination could be passed to xsltNumberFormatDecimal, leading to a read\nof uninitialized stack data\n\nPatched with commit https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b\n\n---\n\nCVE-2019-18197\n\nhttps://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18197.html\n\nPriority: Medium\n\nDescription: In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn\u0027t\nreset under certain circumstances. If the relevant memory area happened to\nbe freed and reused in a certain way, a bounds check could fail and memory\noutside a buffer could be written to, or uninitialized data could be\ndisclosed.\n\nPatched with commit https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285\n",
"gem": "nokogiri",
"patched_versions": [
"\u003e= 1.10.5"
],
"related": {
"cve": [
"2019-13118",
"2019-18197"
],
"url": [
"https://groups.google.com/d/msg/ruby-security-ann/-Wq4aouIA3Q/yc76ZHemBgAJ",
"https://usn.ubuntu.com/4164-1/",
"https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1",
"https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b",
"https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285"
]
},
"title": "Nokogiri gem, via libxslt, is affected by multiple vulnerabilities",
"url": "https://github.com/sparklemotion/nokogiri/issues/1943"
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c1.10.5",
"affected_versions": "All versions before 1.10.5",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-908",
"CWE-937"
],
"date": "2019-07-22",
"description": "In `numbers.c` in libxslt, which is used by nokogiri, an `xsl:number` with certain format strings could lead to an uninitialized read in `xsltNumberFormatInsertNumbers`. This could allow an attacker to discern whether a byte on the stack contains the characters `[AaIi0]`, or any other character.",
"fixed_versions": [
"1.10.5"
],
"identifier": "CVE-2019-13117",
"identifiers": [
"CVE-2019-13117"
],
"not_impacted": "All versions starting from 1.10.5",
"package_slug": "gem/nokogiri",
"pubdate": "2019-06-30",
"solution": "Upgrade to version 1.10.5 or above.",
"title": "Improper Input Validation",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2019-13117",
"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471"
],
"uuid": "0f3c3d7c-8e3c-4bc7-8b8d-a3a6703fff7d"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:xmlsoft:libxslt:1.1.33:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13117"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-908"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471"
},
{
"name": "https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1"
},
{
"name": "https://oss-fuzz.com/testcase-detail/5631739747106816",
"refsource": "MISC",
"tags": [
"Permissions Required"
],
"url": "https://oss-fuzz.com/testcase-detail/5631739747106816"
},
{
"name": "[debian-lts-announce] 20190722 [SECURITY] [DLA 1860-1] libxslt security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190806-0004/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190806-0004/"
},
{
"name": "USN-4164-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4164-1/"
},
{
"name": "FEDORA-2019-fdf6ec39b4",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/"
},
{
"name": "[oss-security] 20191117 Nokogiri security update v1.10.5",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/11/17/2"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200122-0003/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
},
{
"name": "openSUSE-SU-2020:0731",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
},
"lastModifiedDate": "2023-04-06T19:30Z",
"publishedDate": "2019-07-01T02:15Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.