var-201801-0885
Vulnerability from variot

A vulnerability was found in the implementation of DNSSEC in Dnsmasq up to and including 2.78. Wildcard synthesized NSEC records could be improperly interpreted to prove the non-existence of hostnames that actually exist. Dnsmasq Contains an access control vulnerability.Information may be tampered with. Dnsmasq is prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. ========================================================================== Ubuntu Security Notice USN-4924-1 April 22, 2021

dnsmasq vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in Dnsmasq.

Software Description: - dnsmasq: Small caching DNS proxy and DHCP/TFTP server

Details:

It was discovered that Dnsmasq incorrectly handled certain wildcard synthesized NSEC records. (CVE-2017-15107)

It was discovered that Dnsmasq incorrectly handled certain large DNS packets. A remote attacker could possibly use this issue to cause Dnsmasq to crash, resulting in a denial of service. (CVE-2019-14513)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS: dnsmasq 2.75-1ubuntu0.16.04.10 dnsmasq-base 2.75-1ubuntu0.16.04.10 dnsmasq-utils 2.75-1ubuntu0.16.04.10

After a standard system update you need to reboot your computer to make all the necessary changes.

References: https://ubuntu.com/security/notices/USN-4924-1 CVE-2017-15107, CVE-2019-14513

Package Information: https://launchpad.net/ubuntu/+source/dnsmasq/2.75-1ubuntu0.16.04.10

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-201801-0885",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "dnsmasq",
            scope: "lte",
            trust: 1.8,
            vendor: "thekelleys",
            version: "2.78",
         },
         {
            model: "dnsmasq",
            scope: "eq",
            trust: 0.6,
            vendor: "thekelleys",
            version: "2.78",
         },
         {
            model: "dnsmasq",
            scope: "eq",
            trust: 0.3,
            vendor: "dnsmasq",
            version: "2.78",
         },
         {
            model: "dnsmasq",
            scope: "eq",
            trust: 0.3,
            vendor: "dnsmasq",
            version: "2.62",
         },
         {
            model: "dnsmasq",
            scope: "eq",
            trust: 0.3,
            vendor: "dnsmasq",
            version: "2.50",
         },
         {
            model: "dnsmasq",
            scope: "eq",
            trust: 0.3,
            vendor: "dnsmasq",
            version: "2.49",
         },
         {
            model: "dnsmasq",
            scope: "eq",
            trust: 0.3,
            vendor: "dnsmasq",
            version: "2.48",
         },
         {
            model: "dnsmasq",
            scope: "eq",
            trust: 0.3,
            vendor: "dnsmasq",
            version: "2.47",
         },
         {
            model: "dnsmasq",
            scope: "eq",
            trust: 0.3,
            vendor: "dnsmasq",
            version: "2.46",
         },
         {
            model: "dnsmasq",
            scope: "eq",
            trust: 0.3,
            vendor: "dnsmasq",
            version: "2.45",
         },
         {
            model: "dnsmasq",
            scope: "eq",
            trust: 0.3,
            vendor: "dnsmasq",
            version: "2.44",
         },
         {
            model: "dnsmasq",
            scope: "eq",
            trust: 0.3,
            vendor: "dnsmasq",
            version: "2.43",
         },
         {
            model: "dnsmasq",
            scope: "eq",
            trust: 0.3,
            vendor: "dnsmasq",
            version: "2.42",
         },
         {
            model: "dnsmasq",
            scope: "eq",
            trust: 0.3,
            vendor: "dnsmasq",
            version: "2.41",
         },
         {
            model: "dnsmasq",
            scope: "eq",
            trust: 0.3,
            vendor: "dnsmasq",
            version: "2.40",
         },
         {
            model: "dnsmasq",
            scope: "eq",
            trust: 0.3,
            vendor: "dnsmasq",
            version: "2.35",
         },
         {
            model: "dnsmasq",
            scope: "eq",
            trust: 0.3,
            vendor: "dnsmasq",
            version: "2.30",
         },
      ],
      sources: [
         {
            db: "BID",
            id: "102812",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2017-012223",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201801-879",
         },
         {
            db: "NVD",
            id: "CVE-2017-15107",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  cpe_match: [
                     {
                        cpe22Uri: "cpe:/a:thekelleys:dnsmasq",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
            ],
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2017-012223",
         },
      ],
   },
   credits: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/credits#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Ubuntu",
      sources: [
         {
            db: "PACKETSTORM",
            id: "162315",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201801-879",
         },
      ],
      trust: 0.7,
   },
   cve: "CVE-2017-15107",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "nvd@nist.gov",
                  availabilityImpact: "NONE",
                  baseScore: 5,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 10,
                  id: "CVE-2017-15107",
                  impactScore: 2.9,
                  integrityImpact: "PARTIAL",
                  severity: "MEDIUM",
                  trust: 1.9,
                  vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                  version: "2.0",
               },
            ],
            cvssV3: [
               {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  author: "nvd@nist.gov",
                  availabilityImpact: "NONE",
                  baseScore: 7.5,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 3.9,
                  id: "CVE-2017-15107",
                  impactScore: 3.6,
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  trust: 1.8,
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                  version: "3.0",
               },
            ],
            severity: [
               {
                  author: "nvd@nist.gov",
                  id: "CVE-2017-15107",
                  trust: 1,
                  value: "HIGH",
               },
               {
                  author: "NVD",
                  id: "CVE-2017-15107",
                  trust: 0.8,
                  value: "High",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-201801-879",
                  trust: 0.6,
                  value: "HIGH",
               },
               {
                  author: "VULMON",
                  id: "CVE-2017-15107",
                  trust: 0.1,
                  value: "MEDIUM",
               },
            ],
         },
      ],
      sources: [
         {
            db: "VULMON",
            id: "CVE-2017-15107",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2017-012223",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201801-879",
         },
         {
            db: "NVD",
            id: "CVE-2017-15107",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "A vulnerability was found in the implementation of DNSSEC in Dnsmasq up to and including 2.78. Wildcard synthesized NSEC records could be improperly interpreted to prove the non-existence of hostnames that actually exist. Dnsmasq Contains an access control vulnerability.Information may be tampered with. Dnsmasq is prone to a security-bypass vulnerability. \nAttackers can exploit this issue to bypass certain security restrictions  to perform unauthorized actions. ==========================================================================\nUbuntu Security Notice USN-4924-1\nApril 22, 2021\n\ndnsmasq vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Dnsmasq. \n\nSoftware Description:\n- dnsmasq: Small caching DNS proxy and DHCP/TFTP server\n\nDetails:\n\nIt was discovered that Dnsmasq incorrectly handled certain wildcard\nsynthesized NSEC records. \n(CVE-2017-15107)\n\nIt was discovered that Dnsmasq incorrectly handled certain large DNS\npackets. A remote attacker could possibly use this issue to cause Dnsmasq\nto crash, resulting in a denial of service. (CVE-2019-14513)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n  dnsmasq                         2.75-1ubuntu0.16.04.10\n  dnsmasq-base                    2.75-1ubuntu0.16.04.10\n  dnsmasq-utils                   2.75-1ubuntu0.16.04.10\n\nAfter a standard system update you need to reboot your computer to make all\nthe necessary changes. \n\nReferences:\n  https://ubuntu.com/security/notices/USN-4924-1\n  CVE-2017-15107, CVE-2019-14513\n\nPackage Information:\n  https://launchpad.net/ubuntu/+source/dnsmasq/2.75-1ubuntu0.16.04.10\n\n",
      sources: [
         {
            db: "NVD",
            id: "CVE-2017-15107",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2017-012223",
         },
         {
            db: "BID",
            id: "102812",
         },
         {
            db: "VULMON",
            id: "CVE-2017-15107",
         },
         {
            db: "PACKETSTORM",
            id: "162315",
         },
      ],
      trust: 2.07,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2017-15107",
            trust: 2.9,
         },
         {
            db: "BID",
            id: "102812",
            trust: 2,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2017-012223",
            trust: 0.8,
         },
         {
            db: "PACKETSTORM",
            id: "162315",
            trust: 0.7,
         },
         {
            db: "AUSCERT",
            id: "ESB-2019.4570",
            trust: 0.6,
         },
         {
            db: "AUSCERT",
            id: "ESB-2021.1383",
            trust: 0.6,
         },
         {
            db: "AUSCERT",
            id: "ESB-2019.2421",
            trust: 0.6,
         },
         {
            db: "AUSCERT",
            id: "ESB-2019.3767",
            trust: 0.6,
         },
         {
            db: "CNNVD",
            id: "CNNVD-201801-879",
            trust: 0.6,
         },
         {
            db: "VULMON",
            id: "CVE-2017-15107",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "VULMON",
            id: "CVE-2017-15107",
         },
         {
            db: "BID",
            id: "102812",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2017-012223",
         },
         {
            db: "PACKETSTORM",
            id: "162315",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201801-879",
         },
         {
            db: "NVD",
            id: "CVE-2017-15107",
         },
      ],
   },
   id: "VAR-201801-0885",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "VARIoT devices database",
            id: null,
         },
      ],
      trust: 0.25396827,
   },
   last_update_date: "2024-11-23T19:31:51.795000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "DNSSEC security fix.",
            trust: 0.8,
            url: "http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2018q1/011896.html",
         },
         {
            title: "Dnsmasq Security vulnerabilities",
            trust: 0.6,
            url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78031",
         },
         {
            title: "Debian CVElist Bug Report Logs: dnsmasq: CVE-2017-15107",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=22416c383c2adcd1f93233f99ce94e13",
         },
         {
            title: "Arch Linux Advisories: [ASA-201801-32] dnsmasq: insufficient validation",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201801-32",
         },
         {
            title: "Red Hat: CVE-2017-15107",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2017-15107",
         },
         {
            title: "Arch Linux Issues: ",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2017-15107",
         },
         {
            title: "router-config",
            trust: 0.1,
            url: "https://github.com/lesinh97/router-config ",
         },
         {
            title: "nixos-issue-db-example",
            trust: 0.1,
            url: "https://github.com/andir/nixos-issue-db-example ",
         },
      ],
      sources: [
         {
            db: "VULMON",
            id: "CVE-2017-15107",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2017-012223",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201801-879",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-358",
            trust: 1,
         },
         {
            problemtype: "NVD-CWE-noinfo",
            trust: 1,
         },
         {
            problemtype: "CWE-284",
            trust: 0.8,
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2017-012223",
         },
         {
            db: "NVD",
            id: "CVE-2017-15107",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 2,
            url: "http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2018q1/011896.html",
         },
         {
            trust: 1.7,
            url: "http://www.securityfocus.com/bid/102812",
         },
         {
            trust: 1.1,
            url: "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00027.html",
         },
         {
            trust: 0.9,
            url: "https://nvd.nist.gov/vuln/detail/cve-2017-15107",
         },
         {
            trust: 0.8,
            url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-15107",
         },
         {
            trust: 0.6,
            url: "https://www.suse.com/support/update/announcement/2019/suse-su-20193189-1.html",
         },
         {
            trust: 0.6,
            url: "https://www.suse.com/support/update/announcement/2019/suse-su-20193188-1.html",
         },
         {
            trust: 0.6,
            url: "https://www.suse.com/support/update/announcement/2019/suse-su-201914190-1.html",
         },
         {
            trust: 0.6,
            url: "https://www.suse.com/support/update/announcement/2019/suse-su-20191721-1.html",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/esb-2021.1383",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/esb-2019.4570/",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/esb-2019.3767/",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/esb-2019.2421/",
         },
         {
            trust: 0.6,
            url: "https://packetstormsecurity.com/files/162315/ubuntu-security-notice-usn-4924-1.html",
         },
         {
            trust: 0.4,
            url: "https://access.redhat.com/security/cve/cve-2017-15107",
         },
         {
            trust: 0.3,
            url: "https://bugzilla.redhat.com/show_bug.cgi?id=1510570",
         },
         {
            trust: 0.3,
            url: "http://www.thekelleys.org.uk/dnsmasq/doc.html",
         },
         {
            trust: 0.3,
            url: "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=4fe6744a220eddd3f1749b40cac3dfc510787de6",
         },
         {
            trust: 0.1,
            url: "https://cwe.mitre.org/data/definitions/.html",
         },
         {
            trust: 0.1,
            url: "https://www.rapid7.com/db/vulnerabilities/alpine-linux-cve-2017-15107",
         },
         {
            trust: 0.1,
            url: "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888200",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov",
         },
         {
            trust: 0.1,
            url: "https://launchpad.net/ubuntu/+source/dnsmasq/2.75-1ubuntu0.16.04.10",
         },
         {
            trust: 0.1,
            url: "https://ubuntu.com/security/notices/usn-4924-1",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2019-14513",
         },
      ],
      sources: [
         {
            db: "VULMON",
            id: "CVE-2017-15107",
         },
         {
            db: "BID",
            id: "102812",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2017-012223",
         },
         {
            db: "PACKETSTORM",
            id: "162315",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201801-879",
         },
         {
            db: "NVD",
            id: "CVE-2017-15107",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "VULMON",
            id: "CVE-2017-15107",
         },
         {
            db: "BID",
            id: "102812",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2017-012223",
         },
         {
            db: "PACKETSTORM",
            id: "162315",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201801-879",
         },
         {
            db: "NVD",
            id: "CVE-2017-15107",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2018-01-23T00:00:00",
            db: "VULMON",
            id: "CVE-2017-15107",
         },
         {
            date: "2018-01-19T00:00:00",
            db: "BID",
            id: "102812",
         },
         {
            date: "2018-02-27T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2017-012223",
         },
         {
            date: "2021-04-23T15:36:14",
            db: "PACKETSTORM",
            id: "162315",
         },
         {
            date: "2018-01-24T00:00:00",
            db: "CNNVD",
            id: "CNNVD-201801-879",
         },
         {
            date: "2018-01-23T16:29:00.477000",
            db: "NVD",
            id: "CVE-2017-15107",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2019-10-09T00:00:00",
            db: "VULMON",
            id: "CVE-2017-15107",
         },
         {
            date: "2018-01-19T00:00:00",
            db: "BID",
            id: "102812",
         },
         {
            date: "2018-02-27T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2017-012223",
         },
         {
            date: "2021-04-25T00:00:00",
            db: "CNNVD",
            id: "CNNVD-201801-879",
         },
         {
            date: "2024-11-21T03:14:05.250000",
            db: "NVD",
            id: "CVE-2017-15107",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "PACKETSTORM",
            id: "162315",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201801-879",
         },
      ],
      trust: 0.7,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Dnsmasq Access control vulnerability",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2017-012223",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "lack of information",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-201801-879",
         },
      ],
      trust: 0.6,
   },
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.