cve-2012-3520
Vulnerability from cvelistv5
Published
2012-10-03 10:00
Modified
2024-08-06 20:05
Severity ?
EPSS score ?
Summary
The Netlink implementation in the Linux kernel before 3.2.30 does not properly handle messages that lack SCM_CREDENTIALS data, which might allow local users to spoof Netlink communication via a crafted message, as demonstrated by a message to (1) Avahi or (2) NetworkManager.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T20:05:12.863Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[oss-security] 20120822 CVE-2012-3520 kernel: af_netlink: invalid handling of SCM_CREDENTIALS passing", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2012/08/22/1" }, { "name": "55152", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/55152" }, { "name": "openSUSE-SU-2012:1330", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00005.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/e0e3cea46d31d23dc40df0a49a7a2c04fe8edfea" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e0e3cea46d31d23dc40df0a49a7a2c04fe8edfea" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" }, { "name": "USN-1599-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-1599-1" }, { "name": "USN-1610-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-1610-1" }, { "name": "openSUSE-SU-2013:0261", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00018.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.30" }, { "name": "50848", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/50848" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=850449" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-08-22T00:00:00", "descriptions": [ { "lang": "en", "value": "The Netlink implementation in the Linux kernel before 3.2.30 does not properly handle messages that lack SCM_CREDENTIALS data, which might allow local users to spoof Netlink communication via a crafted message, as demonstrated by a message to (1) Avahi or (2) NetworkManager." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-10-07T17:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "[oss-security] 20120822 CVE-2012-3520 kernel: af_netlink: invalid handling of SCM_CREDENTIALS passing", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2012/08/22/1" }, { "name": "55152", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/55152" }, { "name": "openSUSE-SU-2012:1330", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00005.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/torvalds/linux/commit/e0e3cea46d31d23dc40df0a49a7a2c04fe8edfea" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e0e3cea46d31d23dc40df0a49a7a2c04fe8edfea" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" }, { "name": "USN-1599-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-1599-1" }, { "name": "USN-1610-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-1610-1" }, { "name": "openSUSE-SU-2013:0261", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00018.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.30" }, { "name": "50848", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/50848" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=850449" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-3520", "datePublished": "2012-10-03T10:00:00", "dateReserved": "2012-06-14T00:00:00", "dateUpdated": "2024-08-06T20:05:12.863Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2012-3520\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2012-10-03T11:02:57.143\",\"lastModified\":\"2023-02-13T04:34:25.303\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Netlink implementation in the Linux kernel before 3.2.30 does not properly handle messages that lack SCM_CREDENTIALS data, which might allow local users to spoof Netlink communication via a crafted message, as demonstrated by a message to (1) Avahi or (2) NetworkManager.\"},{\"lang\":\"es\",\"value\":\"La implementaci\u00f3n Netlink en el kernel Linux antes de v3.2.30, no controla correctamente los mensajes que carecen de datos SCM_CREDENTIALS, lo que podr\u00eda permitir a usuarios locales falsificar la comunicaci\u00f3n Netlink a trav\u00e9s de un mensaje elaborado, como lo demuestra un mensaje para (1) Avahi o (2) NetworkManager.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:N/I:P/A:N\",\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\",\"baseScore\":1.9},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.4,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.2.29\",\"matchCriteriaId\":\"32E36203-AE84-444F-A6F6-36A35BB485EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C37E17F7-A276-4A33-B454-751BF639EF9C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.3.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6ECC079-EBD4-4E01-9CAC-A4FC84F79656\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.3.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"249C1EEB-F267-44F2-B4D9-AEFA9E578FDD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.3.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E575B550-E957-4F68-A9FA-3EF4022028A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.3.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"256328E7-3F4E-49A3-9F66-6DAC1F7BE941\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.3.24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3E3CFEB-CF89-4697-9D3C-C1D41F5B803B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.3.25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38F7C571-2713-402F-82CD-66B5C8A50319\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.3.26:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D582D69B-65A9-4906-9FF3-1EC7AD2AF927\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.3.27:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D4E4BAD-E286-4F24-A786-B3DC281537B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.3.28:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"293E5303-3BC2-4A01-99EE-F519E17F2CF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.3.29:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"73D6DAAF-6D2C-4D33-9109-BC112170762F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.4.33.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"934CBC22-864C-468F-B267-3CDE4449DA9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.6.13.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C2658CA-56C2-494F-AC42-618EC413CBDF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.6.23.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B18EC0A7-8616-4039-B98B-E1216E035B05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.6.33.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B04F515-29A7-4D6A-AFC5-3A115F8A5918\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.6.33.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C069C17-8314-49BA-9CF5-E5F086F49381\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3220B70-917F-4F9F-8A3B-2BF581281E8D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:3.2:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"99372D07-C06A-41FA-9843-6D57F99AB5AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:3.2:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B9DC110-D260-4DB4-B8B0-EF1D160ADA07\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:3.2:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"6192FE84-4D53-40D4-AF61-78CE7136141A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:3.2:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"42FEF3CF-1302-45EB-89CC-3786FE4BAC1F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:3.2:rc6:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE6A6B58-2C89-4DE4-BA57-78100818095C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:3.2:rc7:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D467F87-2F13-4D26-9A93-E0BA526FEA24\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:3.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE348F7B-02DE-47D5-8011-F83DA9426021\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:3.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E91594EA-F0A3-41B3-A9C6-F7864FC2F229\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:3.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E1ECCDB-0208-48F6-B44F-16CC0ECE3503\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:3.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FBA8B5DE-372E-47E0-A0F6-BE286D509CC3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:3.2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A1CA083-2CF8-45AE-9E15-1AA3A8352E3B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:3.2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"19D69A49-5290-4C5F-8157-719AD58D253D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:3.2.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"290BD969-42E7-47B0-B21B-06DE4865432C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:3.2.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"23A9E29E-DE78-4C73-9FBD-C2410F5FC8B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:3.2.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"018434C9-E75F-45CB-A169-DAB4B1D864D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:3.2.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC0AC68F-EC58-4C4F-8CBC-A59ECC00CCDE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:3.2.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C123C844-F6D7-471E-A62E-F756042FB1CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:3.2.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A11C38BB-7FA2-49B0-AAC9-83DB387A06DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:3.2.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"61F3733C-E5F6-4855-B471-DF3FB823613B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:3.2.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1DDCA75F-9A06-4457-9A45-38A38E7F7086\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:3.2.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7AEA837E-7864-4003-8DB7-111ED710A7E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:3.2.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6FE471F-2D1F-4A1D-A197-7E46B75787E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:3.2.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FDA9E6AB-58DC-4EC5-A25C-11F9D0B38BF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:3.2.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC6B8DB3-B05B-41A2-B091-342D66AAE8F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:3.2.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"958F0FF8-33EF-4A71-A0BD-572C85211DBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:3.2.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FBA39F48-B02F-4C48-B304-DA9CCA055244\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:3.2.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FF841F3-48A7-41D7-9C45-A8170435A5EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:3.2.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF506916-A6DC-4B1E-90E5-959492AF55F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:3.2.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3CDAD1F-2C6A-48C0-8FAB-C2659373FA25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:3.2.24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4FFE4B22-C96A-43D0-B993-F51EDD9C5E0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:3.2.25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F571CC8B-B212-4553-B463-1DB01D616E8A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:3.2.26:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"84E3E151-D437-48ED-A529-731EEFF88567\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:3.2.27:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9E3EA3C-CCA5-4433-86E0-3D02C4757A0A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:3.2.28:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7AC4F7D-9FA6-4CF1-B2E9-70BF7D4D177C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:3.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"877002ED-8097-4BB4-BB88-6FC6306C38B2\"}]}]}],\"references\":[{\"url\":\"http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e0e3cea46d31d23dc40df0a49a7a2c04fe8edfea\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00005.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2013-02/msg00018.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/50848\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.30\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2012/08/22/1\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/55152\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.ubuntu.com/usn/USN-1599-1\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.ubuntu.com/usn/USN-1610-1\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=850449\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://github.com/torvalds/linux/commit/e0e3cea46d31d23dc40df0a49a7a2c04fe8edfea\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\"]}]}}" } }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.