rhsa-2014_0815
Vulnerability from csaf_redhat
Published
2014-06-30 17:28
Modified
2024-11-22 08:01
Summary
Red Hat Security Advisory: rhev-hypervisor6 security update
Notes
Topic
An updated rhev-hypervisor6 package that fixes several security issues is
now available.
The Red Hat Security Response Team has rated this update as having
Important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization
Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor
is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes
everything necessary to run and manage virtual machines: a subset of the
Red Hat Enterprise Linux operating environment and the Red Hat Enterprise
Virtualization Agent.
Note: Red Hat Enterprise Virtualization Hypervisor is only available for
the Intel 64 and AMD64 architectures with virtualization extensions.
A flaw was found in the way GnuTLS parsed session IDs from ServerHello
messages of the TLS/SSL handshake. A malicious server could use this flaw
to send an excessively long session ID value, which would trigger a buffer
overflow in a connecting TLS/SSL client application using GnuTLS, causing
the client application to crash or, possibly, execute arbitrary code.
(CVE-2014-3466)
It was discovered that the asn1_get_bit_der() function of the libtasn1
library incorrectly reported the length of ASN.1-encoded data. Specially
crafted ASN.1 input could cause an application using libtasn1 to perform
an out-of-bounds access operation, causing the application to crash or,
possibly, execute arbitrary code. (CVE-2014-3468)
Multiple incorrect buffer boundary check issues were discovered in
libtasn1. Specially crafted ASN.1 input could cause an application using
libtasn1 to crash. (CVE-2014-3467)
Multiple NULL pointer dereference flaws were found in libtasn1's
asn1_read_value() function. Specially crafted ASN.1 input could cause an
application using libtasn1 to crash, if the application used the
aforementioned function in a certain way. (CVE-2014-3469)
Red Hat would like to thank GnuTLS upstream for reporting CVE-2014-3466,
CVE-2014-3468, CVE-2014-3467, and CVE-2014-3469. Upstream acknowledges
Joonas Kuorilehto of Codenomicon as the original reporter of CVE-2014-3466.
This updated package provides an updated kernel component that includes
fixes for various security issues. These issues have no security impact on
Red Hat Enterprise Virtualization Hypervisor itself, however. The security
fixes included in this update address the following CVE numbers:
CVE-2013-6378, CVE-2014-0203, CVE-2014-1737, CVE-2014-1738, CVE-2014-1874,
CVE-2014-2039 and CVE-2014-3153 (kernel issues)
Users of the Red Hat Enterprise Virtualization Hypervisor are advised to
upgrade to this updated package.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An updated rhev-hypervisor6 package that fixes several security issues is\nnow available.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes\neverything necessary to run and manage virtual machines: a subset of the\nRed Hat Enterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nA flaw was found in the way GnuTLS parsed session IDs from ServerHello\nmessages of the TLS/SSL handshake. A malicious server could use this flaw\nto send an excessively long session ID value, which would trigger a buffer\noverflow in a connecting TLS/SSL client application using GnuTLS, causing\nthe client application to crash or, possibly, execute arbitrary code.\n(CVE-2014-3466)\n\nIt was discovered that the asn1_get_bit_der() function of the libtasn1\nlibrary incorrectly reported the length of ASN.1-encoded data. Specially\ncrafted ASN.1 input could cause an application using libtasn1 to perform\nan out-of-bounds access operation, causing the application to crash or,\npossibly, execute arbitrary code. (CVE-2014-3468)\n\nMultiple incorrect buffer boundary check issues were discovered in\nlibtasn1. Specially crafted ASN.1 input could cause an application using\nlibtasn1 to crash. (CVE-2014-3467)\n\nMultiple NULL pointer dereference flaws were found in libtasn1\u0027s\nasn1_read_value() function. Specially crafted ASN.1 input could cause an\napplication using libtasn1 to crash, if the application used the\naforementioned function in a certain way. (CVE-2014-3469)\n\nRed Hat would like to thank GnuTLS upstream for reporting CVE-2014-3466,\nCVE-2014-3468, CVE-2014-3467, and CVE-2014-3469. Upstream acknowledges\nJoonas Kuorilehto of Codenomicon as the original reporter of CVE-2014-3466.\n\nThis updated package provides an updated kernel component that includes\nfixes for various security issues. These issues have no security impact on\nRed Hat Enterprise Virtualization Hypervisor itself, however. The security\nfixes included in this update address the following CVE numbers:\n\nCVE-2013-6378, CVE-2014-0203, CVE-2014-1737, CVE-2014-1738, CVE-2014-1874,\nCVE-2014-2039 and CVE-2014-3153 (kernel issues)\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2014:0815", "url": "https://access.redhat.com/errata/RHSA-2014:0815" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Hypervisor_Deployment_Guide/chap-Deployment_Guide-Upgrading_Red_Hat_Enterprise_Virtualization_Hypervisors.html", "url": "https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Hypervisor_Deployment_Guide/chap-Deployment_Guide-Upgrading_Red_Hat_Enterprise_Virtualization_Hypervisors.html" }, { "category": "external", "summary": "1101932", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1101932" }, { "category": "external", "summary": "1102022", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102022" }, { "category": "external", "summary": "1102323", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102323" }, { "category": "external", "summary": "1102329", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102329" }, { "category": "external", "summary": "1107789", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1107789" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0815.json" } ], "title": "Red Hat Security Advisory: rhev-hypervisor6 security update", "tracking": { "current_release_date": "2024-11-22T08:01:21+00:00", "generator": { "date": "2024-11-22T08:01:21+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2014:0815", "initial_release_date": "2014-06-30T17:28:40+00:00", "revision_history": [ { "date": "2014-06-30T17:28:40+00:00", "number": "1", "summary": "Initial version" }, { "date": "2014-06-30T17:28:41+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T08:01:21+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "RHEV Hypervisor for RHEL-6", "product": { "name": "RHEV Hypervisor for RHEL-6", "product_id": "6Server-RHEV-Hypervisor", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:6::hypervisor" } } } ], "category": "product_family", "name": "Red Hat Virtualization" }, { "branches": [ { "category": "product_version", "name": "rhev-hypervisor6-0:6.5-20140624.0.el6ev.noarch", "product": { "name": "rhev-hypervisor6-0:6.5-20140624.0.el6ev.noarch", "product_id": "rhev-hypervisor6-0:6.5-20140624.0.el6ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhev-hypervisor6@6.5-20140624.0.el6ev?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rhev-hypervisor6-0:6.5-20140624.0.el6ev.noarch as a component of RHEV Hypervisor for RHEL-6", "product_id": "6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.5-20140624.0.el6ev.noarch" }, "product_reference": "rhev-hypervisor6-0:6.5-20140624.0.el6ev.noarch", "relates_to_product_reference": "6Server-RHEV-Hypervisor" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "GnuTLS upstream" ] }, { "names": [ "Joonas Kuorilehto" ], "organization": "Codenomicon", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2014-3466", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2014-05-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1101932" } ], "notes": [ { "category": "description", "text": "A flaw was found in the way GnuTLS parsed session IDs from ServerHello messages of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session ID value, which would trigger a buffer overflow in a connecting TLS/SSL client application using GnuTLS, causing the client application to crash or, possibly, execute arbitrary code.", "title": "Vulnerability description" }, { "category": "summary", "text": "gnutls: insufficient session id length check in _gnutls_read_server_hello (GNUTLS-SA-2014-3)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.5-20140624.0.el6ev.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-3466" }, { "category": "external", "summary": "RHBZ#1101932", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1101932" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-3466", "url": "https://www.cve.org/CVERecord?id=CVE-2014-3466" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-3466", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3466" } ], "release_date": "2014-05-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-06-30T17:28:40+00:00", "details": "This update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258\n\nTo upgrade Hypervisors in Red Hat Enterprise Virtualization environments\nusing the disk image provided by this package, refer to:\n\nhttps://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Hypervisor_Deployment_Guide/chap-Deployment_Guide-Upgrading_Red_Hat_Enterprise_Virtualization_Hypervisors.html", "product_ids": [ "6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.5-20140624.0.el6ev.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0815" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.5-20140624.0.el6ev.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "gnutls: insufficient session id length check in _gnutls_read_server_hello (GNUTLS-SA-2014-3)" }, { "acknowledgments": [ { "names": [ "GnuTLS upstream" ] } ], "cve": "CVE-2014-3467", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2014-05-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1102022" } ], "notes": [ { "category": "description", "text": "Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.", "title": "Vulnerability description" }, { "category": "summary", "text": "libtasn1: multiple boundary check issues", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.5-20140624.0.el6ev.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-3467" }, { "category": "external", "summary": "RHBZ#1102022", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102022" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-3467", "url": "https://www.cve.org/CVERecord?id=CVE-2014-3467" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-3467", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3467" } ], "release_date": "2014-05-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-06-30T17:28:40+00:00", "details": "This update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258\n\nTo upgrade Hypervisors in Red Hat Enterprise Virtualization environments\nusing the disk image provided by this package, refer to:\n\nhttps://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Hypervisor_Deployment_Guide/chap-Deployment_Guide-Upgrading_Red_Hat_Enterprise_Virtualization_Hypervisors.html", "product_ids": [ "6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.5-20140624.0.el6ev.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0815" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.5-20140624.0.el6ev.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "libtasn1: multiple boundary check issues" }, { "acknowledgments": [ { "names": [ "GnuTLS upstream" ] } ], "cve": "CVE-2014-3468", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2014-05-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1102323" } ], "notes": [ { "category": "description", "text": "The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.", "title": "Vulnerability description" }, { "category": "summary", "text": "libtasn1: asn1_get_bit_der() can return negative bit length", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.5-20140624.0.el6ev.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-3468" }, { "category": "external", "summary": "RHBZ#1102323", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102323" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-3468", "url": "https://www.cve.org/CVERecord?id=CVE-2014-3468" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-3468", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3468" } ], "release_date": "2014-05-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-06-30T17:28:40+00:00", "details": "This update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258\n\nTo upgrade Hypervisors in Red Hat Enterprise Virtualization environments\nusing the disk image provided by this package, refer to:\n\nhttps://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Hypervisor_Deployment_Guide/chap-Deployment_Guide-Upgrading_Red_Hat_Enterprise_Virtualization_Hypervisors.html", "product_ids": [ "6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.5-20140624.0.el6ev.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0815" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.5-20140624.0.el6ev.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "libtasn1: asn1_get_bit_der() can return negative bit length" }, { "acknowledgments": [ { "names": [ "GnuTLS upstream" ] } ], "cve": "CVE-2014-3469", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2014-05-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1102329" } ], "notes": [ { "category": "description", "text": "The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.", "title": "Vulnerability description" }, { "category": "summary", "text": "libtasn1: asn1_read_value_type() NULL pointer dereference", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.5-20140624.0.el6ev.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-3469" }, { "category": "external", "summary": "RHBZ#1102329", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102329" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-3469", "url": "https://www.cve.org/CVERecord?id=CVE-2014-3469" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-3469", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3469" } ], "release_date": "2014-05-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-06-30T17:28:40+00:00", "details": "This update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258\n\nTo upgrade Hypervisors in Red Hat Enterprise Virtualization environments\nusing the disk image provided by this package, refer to:\n\nhttps://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Hypervisor_Deployment_Guide/chap-Deployment_Guide-Upgrading_Red_Hat_Enterprise_Virtualization_Hypervisors.html", "product_ids": [ "6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.5-20140624.0.el6ev.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0815" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.5-20140624.0.el6ev.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "libtasn1: asn1_read_value_type() NULL pointer dereference" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.