var-201901-1019
Vulnerability from variot
In macOS High Sierra before 10.13.5, an access issue was addressed with additional sandbox restrictions on CUPS. macOS High Sierra Contains an access vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. CUPS is one of the open source printing system components for OS X and Unix-like systems. An attacker could exploit this vulnerability to bypass sandbox restrictions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Debian Security Advisory DSA-4243-1 security@debian.org https://www.debian.org/security/ Luciano Bello July 11, 2018 https://www.debian.org/security/faq
Package : cups CVE ID : CVE-2017-15400 CVE-2018-4180 CVE-2018-4181 CVE-2018-4182 CVE-2018-4183 CVE-2018-6553
Several vulnerabilities were discovered in CUPS, the Common UNIX Printing System. These issues have been identified with the following CVE ids:
CVE-2017-15400
Rory McNamara discovered that an attacker is able to execute arbitrary
commands (with the privilege of the CUPS daemon) by setting a
malicious IPP server with a crafted PPD file.
CVE-2018-4180
Dan Bastone of Gotham Digital Science discovered that a local
attacker with access to cupsctl could escalate privileges by setting
an environment variable.
CVE-2018-4181
Eric Rafaloff and John Dunlap of Gotham Digital Science discovered
that a local attacker can perform limited reads of arbitrary files
as root by manipulating cupsd.conf.
CVE-2018-4182
Dan Bastone of Gotham Digital Science discovered that an attacker
with sandboxed root access can execute backends without a sandbox
profile by provoking an error in CUPS' profile creation.
CVE-2018-4183
Dan Bastone and Eric Rafaloff of Gotham Digital Science discovered
that an attacker with sandboxed root access can execute arbitrary
commands as unsandboxed root by modifying /etc/cups/cups-files.conf
CVE-2018-6553
Dan Bastone of Gotham Digital Science discovered that an attacker
can bypass the AppArmor cupsd sandbox by invoking the dnssd backend
using an alternate name that has been hard linked to dnssd.
For the stable distribution (stretch), these problems have been fixed in version 2.2.1-8+deb9u2.
We recommend that you upgrade your cups packages.
For the detailed security status of cups please refer to its security tracker page at: https://security-tracker.debian.org/tracker/cups
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEayzFlnvRveqeWJspbsLe9o/+N3QFAltGE+0ACgkQbsLe9o/+ N3RzTBAAog31K8+nfhrds2NQZeWaz0rGevs6hHj5wuf40FemG0IoHYfl7xba66Fx gVTZSDbpOuFnG1YQet0UpfsXsogTuaPv6/qP89YASEM8ncLSgBUTKS1bK7VM6SyP NZCWUmjmfsyf0yv7tvnWnq0k5I6MwHRRX6l0fI+treXz0nwjXDIPnKH1Xbv4zW1Y TTpmxD4FknyzkXJGxJoBwMcclPGCkT6W1IrBPQrjscUJvFBWiNW3umAoiuv+aCCr sM+raoK0SJTLFJ289AhrXajKilt0SfTHly12mpxUKnyevPCAz5o+nbtQMhQrALLQ foRuTAfI3WhubZFd7bTUjhrVo1nhS4khnmriyRxsCL7o19dc5rfQd1fO1IvCDQCb YtnWhDD7Tfzspetpr5kUk/pbB1U//uyWDFji73ZURFPbn5Pa+Z80OUGIRd9IIlNg ODJsNq5X/bjwoJgwJwi3W6SieyNWKBaTR5Ktk2iqBOJQ++KqV3BmsCVI/B/5NFnV /heBZYugaknsmdQVbdKa9jv3GIr4TE4frqJJrAsZ0KGnlKNNzoe3pQIk6nA0f/4d z3JalPDGwfL+Qq2AAJlqx2346ro0bViHUAGXJc1zsx44LHBVaRotV+a0gTXsh3z/ 3tQIHs2KZ4KRzczK7pbDDbeSEsaL6XsWb0vXbG2ZNAHoGxV7jQo= =g0fa -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201908-08
https://security.gentoo.org/
Severity: Normal Title: CUPS: Multiple vulnerabilities Date: August 15, 2019 Bugs: #660954 ID: 201908-08
Synopsis
Multiple vulnerabilities have been found in CUPS, the worst of which could result in the arbitrary execution of code.
Background
CUPS, the Common Unix Printing System, is a full-featured print server.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-print/cups < 2.2.8 >= 2.2.8
Description
Multiple vulnerabilities have been discovered in CUPS. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All CUPS users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-print/cups-2.2.8"
References
[ 1 ] CVE-2017-15400 https://nvd.nist.gov/vuln/detail/CVE-2017-15400 [ 2 ] CVE-2018-4180 https://nvd.nist.gov/vuln/detail/CVE-2018-4180 [ 3 ] CVE-2018-4181 https://nvd.nist.gov/vuln/detail/CVE-2018-4181 [ 4 ] CVE-2018-4182 https://nvd.nist.gov/vuln/detail/CVE-2018-4182 [ 5 ] CVE-2018-4183 https://nvd.nist.gov/vuln/detail/CVE-2018-4183 [ 6 ] CVE-2018-6553 https://nvd.nist.gov/vuln/detail/CVE-2018-6553
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201908-08
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2019 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201901-1019",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.13.5"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.13.4"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.0.4"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.0.0"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.1.0"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.0.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": null
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.1.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.0"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.0.3"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.0.2"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013601"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-395"
},
{
"db": "NVD",
"id": "CVE-2018-4182"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013601"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "154076"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-395"
}
],
"trust": 0.7
},
"cve": "CVE-2018-4182",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-4182",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-134213",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.5,
"id": "CVE-2018-4182",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-4182",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-4182",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201901-395",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-134213",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-4182",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134213"
},
{
"db": "VULMON",
"id": "CVE-2018-4182"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013601"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-395"
},
{
"db": "NVD",
"id": "CVE-2018-4182"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In macOS High Sierra before 10.13.5, an access issue was addressed with additional sandbox restrictions on CUPS. macOS High Sierra Contains an access vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. CUPS is one of the open source printing system components for OS X and Unix-like systems. An attacker could exploit this vulnerability to bypass sandbox restrictions. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4243-1 security@debian.org\nhttps://www.debian.org/security/ Luciano Bello\nJuly 11, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : cups\nCVE ID : CVE-2017-15400 CVE-2018-4180 CVE-2018-4181 CVE-2018-4182 \n CVE-2018-4183 CVE-2018-6553\n\nSeveral vulnerabilities were discovered in CUPS, the Common UNIX Printing\nSystem. These issues have been identified with the following CVE ids:\n\nCVE-2017-15400\n\n Rory McNamara discovered that an attacker is able to execute arbitrary\n commands (with the privilege of the CUPS daemon) by setting a\n malicious IPP server with a crafted PPD file. \n\nCVE-2018-4180\n\n Dan Bastone of Gotham Digital Science discovered that a local\n attacker with access to cupsctl could escalate privileges by setting\n an environment variable. \n\nCVE-2018-4181\n\n Eric Rafaloff and John Dunlap of Gotham Digital Science discovered\n that a local attacker can perform limited reads of arbitrary files\n as root by manipulating cupsd.conf. \n\nCVE-2018-4182\n\n Dan Bastone of Gotham Digital Science discovered that an attacker\n with sandboxed root access can execute backends without a sandbox\n profile by provoking an error in CUPS\u0027 profile creation. \n\nCVE-2018-4183\n\n Dan Bastone and Eric Rafaloff of Gotham Digital Science discovered\n that an attacker with sandboxed root access can execute arbitrary\n commands as unsandboxed root by modifying /etc/cups/cups-files.conf\n\nCVE-2018-6553\n\n Dan Bastone of Gotham Digital Science discovered that an attacker\n can bypass the AppArmor cupsd sandbox by invoking the dnssd backend\n using an alternate name that has been hard linked to dnssd. \n\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 2.2.1-8+deb9u2. \n\nWe recommend that you upgrade your cups packages. \n\nFor the detailed security status of cups please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/cups\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEayzFlnvRveqeWJspbsLe9o/+N3QFAltGE+0ACgkQbsLe9o/+\nN3RzTBAAog31K8+nfhrds2NQZeWaz0rGevs6hHj5wuf40FemG0IoHYfl7xba66Fx\ngVTZSDbpOuFnG1YQet0UpfsXsogTuaPv6/qP89YASEM8ncLSgBUTKS1bK7VM6SyP\nNZCWUmjmfsyf0yv7tvnWnq0k5I6MwHRRX6l0fI+treXz0nwjXDIPnKH1Xbv4zW1Y\nTTpmxD4FknyzkXJGxJoBwMcclPGCkT6W1IrBPQrjscUJvFBWiNW3umAoiuv+aCCr\nsM+raoK0SJTLFJ289AhrXajKilt0SfTHly12mpxUKnyevPCAz5o+nbtQMhQrALLQ\nfoRuTAfI3WhubZFd7bTUjhrVo1nhS4khnmriyRxsCL7o19dc5rfQd1fO1IvCDQCb\nYtnWhDD7Tfzspetpr5kUk/pbB1U//uyWDFji73ZURFPbn5Pa+Z80OUGIRd9IIlNg\nODJsNq5X/bjwoJgwJwi3W6SieyNWKBaTR5Ktk2iqBOJQ++KqV3BmsCVI/B/5NFnV\n/heBZYugaknsmdQVbdKa9jv3GIr4TE4frqJJrAsZ0KGnlKNNzoe3pQIk6nA0f/4d\nz3JalPDGwfL+Qq2AAJlqx2346ro0bViHUAGXJc1zsx44LHBVaRotV+a0gTXsh3z/\n3tQIHs2KZ4KRzczK7pbDDbeSEsaL6XsWb0vXbG2ZNAHoGxV7jQo=\n=g0fa\n-----END PGP SIGNATURE-----\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201908-08\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: CUPS: Multiple vulnerabilities\n Date: August 15, 2019\n Bugs: #660954\n ID: 201908-08\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in CUPS, the worst of which\ncould result in the arbitrary execution of code. \n\nBackground\n==========\n\nCUPS, the Common Unix Printing System, is a full-featured print server. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-print/cups \u003c 2.2.8 \u003e= 2.2.8 \n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in CUPS. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll CUPS users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-print/cups-2.2.8\"\n\nReferences\n==========\n\n[ 1 ] CVE-2017-15400\n https://nvd.nist.gov/vuln/detail/CVE-2017-15400\n[ 2 ] CVE-2018-4180\n https://nvd.nist.gov/vuln/detail/CVE-2018-4180\n[ 3 ] CVE-2018-4181\n https://nvd.nist.gov/vuln/detail/CVE-2018-4181\n[ 4 ] CVE-2018-4182\n https://nvd.nist.gov/vuln/detail/CVE-2018-4182\n[ 5 ] CVE-2018-4183\n https://nvd.nist.gov/vuln/detail/CVE-2018-4183\n[ 6 ] CVE-2018-6553\n https://nvd.nist.gov/vuln/detail/CVE-2018-6553\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201908-08\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2019 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-4182"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013601"
},
{
"db": "VULHUB",
"id": "VHN-134213"
},
{
"db": "VULMON",
"id": "CVE-2018-4182"
},
{
"db": "PACKETSTORM",
"id": "148503"
},
{
"db": "PACKETSTORM",
"id": "154076"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-4182",
"trust": 2.8
},
{
"db": "JVN",
"id": "JVNVU98864649",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013601",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201901-395",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "154076",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-134213",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-4182",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148503",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134213"
},
{
"db": "VULMON",
"id": "CVE-2018-4182"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013601"
},
{
"db": "PACKETSTORM",
"id": "148503"
},
{
"db": "PACKETSTORM",
"id": "154076"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-395"
},
{
"db": "NVD",
"id": "CVE-2018-4182"
}
]
},
"id": "VAR-201901-1019",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-134213"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:14:18.922000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT208849",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT208849"
},
{
"title": "HT208849",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT208849"
},
{
"title": "Apple macOS High Sierra CUPS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88559"
},
{
"title": "Debian CVElist Bug Report Logs: cups: CVE-2018-6553",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=6c21552f0cd7f35a80acbcf87758caaf"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-4182"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013601"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-395"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-285",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134213"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013601"
},
{
"db": "NVD",
"id": "CVE-2018-4182"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/201908-08"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht208849"
},
{
"trust": 1.8,
"url": "https://www.debian.org/security/2018/dsa-4243"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/security/cve/cve-2018-4182"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4182"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4182"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98864649/index.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/154076/gentoo-linux-security-advisory-201908-08.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4183"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-6553"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4180"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4181"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15400"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903605"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/cups"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134213"
},
{
"db": "VULMON",
"id": "CVE-2018-4182"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013601"
},
{
"db": "PACKETSTORM",
"id": "148503"
},
{
"db": "PACKETSTORM",
"id": "154076"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-395"
},
{
"db": "NVD",
"id": "CVE-2018-4182"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-134213"
},
{
"db": "VULMON",
"id": "CVE-2018-4182"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013601"
},
{
"db": "PACKETSTORM",
"id": "148503"
},
{
"db": "PACKETSTORM",
"id": "154076"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-395"
},
{
"db": "NVD",
"id": "CVE-2018-4182"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-11T00:00:00",
"db": "VULHUB",
"id": "VHN-134213"
},
{
"date": "2019-01-11T00:00:00",
"db": "VULMON",
"id": "CVE-2018-4182"
},
{
"date": "2019-02-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013601"
},
{
"date": "2018-07-11T15:36:35",
"db": "PACKETSTORM",
"id": "148503"
},
{
"date": "2019-08-15T20:22:49",
"db": "PACKETSTORM",
"id": "154076"
},
{
"date": "2019-01-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-395"
},
{
"date": "2019-01-11T18:29:01.127000",
"db": "NVD",
"id": "CVE-2018-4182"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-134213"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2018-4182"
},
{
"date": "2019-02-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013601"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-395"
},
{
"date": "2024-11-21T04:06:55.307000",
"db": "NVD",
"id": "CVE-2018-4182"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-395"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "macOS High Sierra Access vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013601"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-395"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…