Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2015-3717 (GCVE-0-2015-3717)
Vulnerability from cvelistv5 – Published: 2015-07-03 01:00 – Updated: 2024-08-06 05:56
VLAI?
EPSS
Summary
Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2015-06-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:56:15.243Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "75491",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75491"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT204941"
},
{
"name": "APPLE-SA-2015-06-30-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
},
{
"name": "1032760",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032760"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT204942"
},
{
"name": "APPLE-SA-2015-06-30-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-21T09:57:01.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "75491",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75491"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT204941"
},
{
"name": "APPLE-SA-2015-06-30-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
},
{
"name": "1032760",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032760"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT204942"
},
{
"name": "APPLE-SA-2015-06-30-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-3717",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "75491",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75491"
},
{
"name": "http://support.apple.com/kb/HT204941",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT204941"
},
{
"name": "APPLE-SA-2015-06-30-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
},
{
"name": "1032760",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032760"
},
{
"name": "http://support.apple.com/kb/HT204942",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT204942"
},
{
"name": "APPLE-SA-2015-06-30-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2015-3717",
"datePublished": "2015-07-03T01:00:00.000Z",
"dateReserved": "2015-05-07T00:00:00.000Z",
"dateUpdated": "2024-08-06T05:56:15.243Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"3.8.9\", \"matchCriteriaId\": \"CD392CB9-FD3B-4021-B31A-77157B107A07\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"10.10.4\", \"matchCriteriaId\": \"774F1A5C-2633-4A8F-8462-B53FE0291F04\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"8.4\", \"matchCriteriaId\": \"825878C4-F06B-4F99-BF47-B2CEC57BC070\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.\"}, {\"lang\": \"es\", \"value\": \"M\\u00faltiples desbordamientos de buffer en la funcionalidad printf en SQLite, utilizado en Apple iOS anterior a 8.4 y OS X anterior a 10.10.4, permiten a atacantes remotos ejecutar c\\u00f3digo arbitrario o causar una denegaci\\u00f3n de servicio (ca\\u00edda de aplicaci\\u00f3n) a trav\\u00e9s de vectores no especificados.\"}]",
"id": "CVE-2015-3717",
"lastModified": "2024-11-21T02:29:42.537",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": true, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2015-07-03T02:00:08.993",
"references": "[{\"url\": \"http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html\", \"source\": \"product-security@apple.com\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html\", \"source\": \"product-security@apple.com\", \"tags\": [\"Mailing List\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://support.apple.com/kb/HT204941\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://support.apple.com/kb/HT204942\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/75491\", \"source\": \"product-security@apple.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1032760\", \"source\": \"product-security@apple.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://support.apple.com/kb/HT204941\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://support.apple.com/kb/HT204942\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/75491\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1032760\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}]",
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-120\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2015-3717\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2015-07-03T02:00:08.993\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples desbordamientos de buffer en la funcionalidad printf en SQLite, utilizado en Apple iOS anterior a 8.4 y OS X anterior a 10.10.4, permiten a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de vectores no especificados.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":true,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-120\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.8.9\",\"matchCriteriaId\":\"CD392CB9-FD3B-4021-B31A-77157B107A07\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.10.4\",\"matchCriteriaId\":\"774F1A5C-2633-4A8F-8462-B53FE0291F04\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.4\",\"matchCriteriaId\":\"825878C4-F06B-4F99-BF47-B2CEC57BC070\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT204941\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT204942\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/75491\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1032760\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT204941\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT204942\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/75491\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1032760\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
}
}
GSD-2015-3717
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2015-3717",
"description": "Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.",
"id": "GSD-2015-3717",
"references": [
"https://www.suse.com/security/cve/CVE-2015-3717.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2015-3717"
],
"details": "Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.",
"id": "GSD-2015-3717",
"modified": "2023-12-13T01:20:07.666962Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-3717",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "75491",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75491"
},
{
"name": "http://support.apple.com/kb/HT204941",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT204941"
},
{
"name": "APPLE-SA-2015-06-30-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
},
{
"name": "1032760",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032760"
},
{
"name": "http://support.apple.com/kb/HT204942",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT204942"
},
{
"name": "APPLE-SA-2015-06-30-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.8.9",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.10.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.4",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-3717"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2015-06-30-2",
"refsource": "APPLE",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
},
{
"name": "APPLE-SA-2015-06-30-1",
"refsource": "APPLE",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html"
},
{
"name": "http://support.apple.com/kb/HT204941",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT204941"
},
{
"name": "http://support.apple.com/kb/HT204942",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT204942"
},
{
"name": "75491",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/75491"
},
{
"name": "1032760",
"refsource": "SECTRACK",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032760"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": true,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2020-11-20T19:03Z",
"publishedDate": "2015-07-03T02:00Z"
}
}
}
4HZM000604
Vulnerability from csaf_abb - Published: 2026-03-26 00:30 - Updated: 2026-03-26 00:30Summary
ABB Ability Camera Connect Vulnerabilities in outdated 3rd party component (SQLite 3.2.4)
Notes
Summary: ABB is aware of public reports of vulnerabilities in a 3rd party dependency SQLite Version 3.2.4 which was delivered together with the installation package of Camera Connect Version 2.0.0.42 and below. An update is available that resolves a privately reported outdated 3rd party component with vulnerabilities in the product versions listed as affected in the advisory.
An attacker who successfully exploited any of these vulnerabilities in the 3rd party component could potentially compromise the system in different ways.
Support: For additional instructions and support please contact your local ABB service organization. For contact information, see www.abb.com/contactcenters.
Information about ABB’s cyber security program and capabilities can be found at www.abb.com/cybersecurity.
Notice: The information in this document is subject to change without notice, and should not be construed as a commitment by ABB.
ABB provides no warranty, express or implied, including warranties of merchantability and fitness for a particular purpose, for the information contained in this document, and assumes no responsibility for any errors that may appear in this document. In no event shall ABB or any of its suppliers be liable for direct, indirect, special, incidental or consequential damages of any nature or kind arising from the use of this document, or from the use of any hardware or software described in this document, even if ABB or its suppliers have been advised of the possibility of such damages.
This document and parts hereof must not be reproduced or copied without written permission from ABB, and the contents hereof must not be imparted to a third party nor used for any unauthorized purpose.
All rights to registrations and trademarks reside with their respective owners.
General security recommendations: For any installation of software-related ABB products we strongly recommend the following (non-exhaustive) list of cyber security practices:
- Isolate special purpose networks (e.g. for automation systems) and remote devices behind firewalls and separate them from any general-purpose network (e.g. office or home networks).
- Install physical controls so no unauthorized personnel can access your devices, components, peripheral equipment, and networks.
- Never connect programming software or computers containing programing software to any network other than the network for the devices that it is intended for.
- Scan all data imported into your environment before use to detect potential malware infections.
- Minimize network exposure for all applications and endpoints to ensure that they are not accessible from the Internet unless they are designed for such exposure and the intended use requires such.
- Ensure all nodes are always up to date in terms of installed software, operating system, and firmware patches as well as anti-virus and firewall.
- When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Recognize that VPNs may have vulnerabilities and should be updated to the most current version available. Also, understand that VPNs are only as secure as the connected devices.
Purpose: ABB has a rigorous internal cyber security continuous improvement process which involves regular testing with industry leading tools and periodic assessments to identify potential product issues. Occasionally an issue is determined to be a design or coding flaw with implications that may impact product cyber security.
When a potential product vulnerability is identified or reported, ABB immediately initiates our vulnerability handling process. This entails validating if the issue is in fact a product issue, identifying root causes, determining what related products may be impacted, developing a remediation, and notifying end users and governmental organizations.
The resulting Cyber Security Advisory intends to notify customers of the vulnerability and provide details on which products are impacted, how to mitigate the vulnerability or explain workarounds that minimize the potential risk as much as possible. The release of a Cyber Security Advisory should not be misconstrued as an affirmation or indication of an active threat or ongoing campaign targeting the products mentioned here. If ABB is aware of any specific threats, it will be clearly mentioned in the communication.
The publication of this Cyber Security Advisory is an example of ABB’s commitment to the user community in support of this critical topic. Responsible disclosure is an important element in the chain of trust we work to maintain with our many customers. The release of an Advisory provides timely information which is essential to help ensure our customers are fully informed.
Frequently Asked Questions: What causes the vulnerability?
- The vulnerabilities are caused by the use of SQLite version 3.2.4 in Camera Connect versions up to 2.0.0.42. The root causes vary and are presented in the CVEs in the previous section.
What is the affected product or component?
- The affected component is SQLite version 3.2.4, which is an embedded relational database engine used by Camera Connect versions up to 2.0.0.42.
What might an attacker use the vulnerability to do?
- The potential impacts vary depending on the specific CVE and each one of them are discussed in the previous sections however, it's important to note that the actual exploitability and impact are significantly reduced by Camera Connect's deployment in isolated OT networks with restricted access controls.
How could an attacker exploit the vulnerability?
- Exploitation methods vary by CVE but generally fall into these categories:
1. Database Query Manipulation (Most Common)
2. Database Schema Manipulation (Administrative Access Required)
3. Malformed Database Files
4. Extension-Specific Attacks
Exploitation Barriers in Camera Connect Deployments:
- No direct SQL query interface exposed to users
- Parameterized queries and input validation reduce injection risks
- Database administrative operations restricted to installation/upgrade processes
- Network segmentation limits attacker access to the system
- Authentication and authorization controls restrict unauthorized access
Could the vulnerability be exploited remotely?
- In properly configured Camera Connect deployments following industrial security best practices, remote exploitation is highly unlikely.
While the CVEs may reference remote exploitation, Camera Connect's architecture and typical OT deployment model make remote exploitation from outside the control network perimeter extremely difficult. The primary threat vectors are from malicious insiders or compromised systems already within the control network.
Can functional safety be affected by an exploit of this vulnerability?
- While exploitation of these vulnerabilities could degrade operational monitoring capabilities, properly designed industrial facilities maintain functional safety through independent, dedicated safety systems. Camera Connect should be considered an operational support tool rather than a safety-critical component. Organizations should ensure their safety management systems do not create dependencies on Camera Connect for safety-instrumented functions.
What does the update do?
- The update removes the vulnerability by providing a newer version of the affected component.
When this security advisory was issued, had this vulnerability been publicly disclosed?
- This vulnerability has been publicly disclosed for the 3rd party component, but not for the ABB product using this component
When this security advisory was issued, had ABB received any reports that this vulnerability was being exploited?
- No, ABB had not received any information indicating that this vulnerability had been exploited when this security advisory was originally issued.
A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue.
5.5 (Medium)
Vendor Fix
The problem is corrected in the following product versions:
- ABB Ability Camera Connect 2.0.0.49.
The easiest path to mitigate the problem is an update of ABB Ability Camera Connect system by the customer. ABB recommends that customers apply the update at earliest convenience.
Mitigation
This vulnerability affects the SQLite session extension (FTS3), which is an optional component:
- Component Usage: Camera Connect's implementation do not utilize the SQLite session extension functionality, rendering this vulnerability non-applicable to the actual deployment.
- Adjacent Network Attack: The CVSS vector indicates Adjacent Network access (AV:A) is required, meaning the attacker must be on the same local network segment. In OT environments, network segmentation at ISA-95 Level 2 restricts access to authorized personnel only.
- Authentication Required: Low privilege credentials (PR:L) are still required to exploit this vulnerability, providing an additional barrier in Camera Connect's access-controlled environment.
- Limited Impact: The CVSS score of 5.5 (MEDIUM) reflects limited impact to confidentiality, integrity, and avail-ability (C:L/I:L/A:L).
- Extension-Specific: The vulnerability is in the make all test handler of the session extension, which is typically not used in production deployments.
Camera Connect's restricted operational environment and limited use of optional SQLite features significantly reduce the exploitability of this vulnerability.
SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.
7.5 (High)
Vendor Fix
The problem is corrected in the following product versions:
- ABB Ability Camera Connect 2.0.0.49.
The easiest path to mitigate the problem is an update of ABB Ability Camera Connect system by the customer. ABB recommends that customers apply the update at earliest convenience.
Mitigation
This vulnerability has specific prerequisites that limit its applicability to Camera Connect:
- Resource Requirements: The vulnerability requires "billions of bytes" to be used in a string argument, representing an extreme edge case that exceeds typical operational parameters in industrial control systems.
- C API Specific: This vulnerability affects direct C API calls to SQLite. Camera Connect uses higher-level database access patterns through managed code or SQL queries, not direct low-level C API manipulation.
- Memory Constraints: Industrial systems running Camera Connect typically operate within defined memory boundaries and resource allocation limits that would prevent the allocation of multi-gigabyte strings.
- Input Validation: Application-level input validation and size restrictions in Camera Connect prevent the sub-mission of abnormally large data values.
- Practical Impossibility: In the context of Camera Connect's use case (camera connectivity and video management), there are no legitimate operational scenarios requiring billion-byte string parameters.
The extreme resource requirements and specific attack vector make this vulnerability impractical to exploit in Camera Connect's typical deployment environment.
In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap over-flow because of misuse of transitive properties for constant propagation.
5.5 (Medium)
Vendor Fix
The problem is corrected in the following product versions:
- ABB Ability Camera Connect 2.0.0.49.
The easiest path to mitigate the problem is an update of ABB Ability Camera Connect system by the customer. ABB recommends that customers apply the update at earliest convenience.
Mitigation
This vulnerability involves specific SQL query patterns and optimization edge cases:
- Query Complexity: The vulnerability requires specific use of complex multi-select queries with ORDER BY clauses that trigger the query-flattener optimization. Camera Connect's database queries are typically straight-forward CRUD operations for camera configuration and video metadata.
- Limited Query Construction: Users of Camera Connect do not have direct SQL query construction capabilities; all database interactions occur through the application's predefined data access layer.
- Query Review: Database queries in Camera Connect are part of the application codebase and undergo development review and testing, reducing the likelihood of crafted malicious query patterns.
- Heap Overflow Protection: Modern operating systems and runtime environments include heap overflow protection mechanisms that can detect and prevent exploitation attempts.
- Operational Context: The specific query pattern required to trigger this vulnerability is unlikely to occur in Camera Connect's operational use cases related to camera management and video streaming.
The constrained database access model and typical query patterns in Camera Connect operations make this vulnerability extremely unlikely to be triggered in practice.
ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.
5.5 (Medium)
Vendor Fix
The problem is corrected in the following product versions:
- ABB Ability Camera Connect 2.0.0.49.
The easiest path to mitigate the problem is an update of ABB Ability Camera Connect system by the customer. ABB recommends that customers apply the update at earliest convenience.
Mitigation
This vulnerability affects the SQLite Full-Text Search (FTS3) extension with specific conditions:
- FTS3 Extension: Camera Connect do not utilize SQLite's Full-Text Search capabilities, as the solution is primarily focused on camera connectivity, configuration, and video management rather than full-text search operations.
- Specific Function: The vulnerability requires use of the matchinfo() function, which is a specialized FTS3 query function which is not part of Camera Connect's database access patterns.
- Denial of Service Impact: This is a NULL pointer dereference leading to application crash (denial of service), not remote code execution. In an OT environment, application crashes are detected and can trigger automatic restart mechanisms.
- Access Control: Crafting the specific malicious query would require authenticated database access and knowledge of the database schema.
- Feature-Specific: The FTS3 is not enabled or compiled into the SQLite build used by Camera Connect, so this vulnerability is not present.
The specialized nature of this vulnerability and its limitation to a specific extension function that Camera Connect likely does not utilize significantly reduces the risk.
SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.
5.5 (Medium)
Vendor Fix
The problem is corrected in the following product versions:
- ABB Ability Camera Connect 2.0.0.49.
The easiest path to mitigate the problem is an update of ABB Ability Camera Connect system by the customer. ABB recommends that customers apply the update at earliest convenience.
Mitigation
This vulnerability involves database schema manipulation:
- Administrative Privilege Requirement: Renaming tables requires database administrative privileges, which are not granted to normal Camera Connect users.
- Virtual Table Usage: This vulnerability specifically affects virtual tables, which are an advanced SQLite feature. Camera Connect's database schema uses standard tables for its operational data.
- Schema Stability: In industrial OT environments, database schemas are static and controlled through formal change management processes. Dynamic table creation and renaming are not typical operational activities.
- Limited Impact: Even if exploited, the impact is primarily on database integrity rather than system availability or confidentiality. Database backups and recovery procedures in industrial environments provide restoration capabilities.
- Application Logic: Camera Connect's application layer mediates all database interactions, preventing direct DDL (Data Definition Language) operations by end users.
The requirement for administrative access and the uncommon use case of dynamic schema modification in OT environments make this vulnerability low risk for Camera Connect.
ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.
CWE-416 - Use After Free
Vendor Fix
The problem is corrected in the following product versions:
- ABB Ability Camera Connect 2.0.0.49.
The easiest path to mitigate the problem is an update of ABB Ability Camera Connect system by the customer. ABB recommends that customers apply the update at earliest convenience.
Mitigation
This is another FTS3 extension-specific vulnerability:
- FTS3 Extension Dependency: The vulnerability exists only in the FTS3 (Full-Text Search) extension. Camera Connect does not enable or use FTS3 functionality, so this vulnerability is not applicable.
- Snippet Feature: The use-after-free specifically affects the snippet feature of FTS3, which generates text snip-pets from search results - a specialized feature unlikely to be required in Camera Connect's video management operations.
- Memory Management: Modern operating systems and runtime environments include heap management protections that can detect use-after-free conditions and prevent exploitation.
- Crash vs. Exploitation: While use-after-free vulnerabilities can potentially lead to code execution, successful exploitation requires precise memory manipulation. The more likely outcome is application crash (denial of service).
- Function-Specific: The vulnerability is in fts3EvalNextRow, a specific internal function that would only be triggered through specialized FTS3 queries.
Camera Connect's non-existent use of advanced FTS3 features significantly reduces exposure to this vulnerability.
SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.
5.5 (Medium)
Vendor Fix
The problem is corrected in the following product versions:
- ABB Ability Camera Connect 2.0.0.49.
The easiest path to mitigate the problem is an update of ABB Ability Camera Connect system by the customer. ABB recommends that customers apply the update at earliest convenience.
Mitigation
This vulnerability results in a segmentation fault (application crash):
- Denial of Service Impact: A segmentation fault leads to application crash, representing a denial of service rather than data breach or code execution. In industrial environments, application monitoring and automatic re-start mechanisms can quickly restore service.
- Query Complexity: The vulnerability requires specific expression patterns in SQL queries. Camera Connect's predefined query templates and parameterized queries reduce the likelihood of triggering this condition.
- High Availability Design: OT solutions typically incorporate redundancy and failover mechanisms to maintain operational continuity in the event of application failures.
- Limited Window: In a segmentation fault scenario, the application terminates immediately, limiting any potential data exposure compared to vulnerabilities that allow sustained unauthorized access.
- Operational Monitoring: Industrial control systems maintain operational monitoring that alerts operators to application failures, enabling rapid response.
While denial of service is undesirable in OT environments, the impact is significantly less severe than vulnerabilities allowing unauthorized access or data manipulation.
SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.
5.5 (Medium)
Vendor Fix
The problem is corrected in the following product versions:
- ABB Ability Camera Connect 2.0.0.49.
The easiest path to mitigate the problem is an update of ABB Ability Camera Connect system by the customer. ABB recommends that customers apply the update at earliest convenience.
Mitigation
This vulnerability affects SQLite's internal printf functionality:
- Internal Function: The vulnerability is in sqlite3_str_vappendf, an internal string formatting function. Camera Connect's use of SQLite typically occurs through higher-level database operations that don't directly expose this function.
- Integer Overflow Requirements: Triggering an integer overflow requires carefully crafted input with extreme values, which would be constrained by Camera Connect's input validation and data type definitions.
- Format String Context: The vulnerability occurs in printf-style formatting operations. Camera Connect's data-base interactions use parameterized queries and typed data binding rather than format string operations.
- Bounds Checking: Application-level data validation limits the size and format of values passed to database operations, preventing the extreme conditions necessary to trigger this overflow.
- Limited Exposure: The specific code path would need to be triggered through very specific database operations that may not occur in Camera Connect's normal operational workflow.
The internal nature of this vulnerability and Camera Connect's structured data access patterns make exploitation highly unlikely in practice.
In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.
9.8 (Critical)
Vendor Fix
The problem is corrected in the following product versions:
- ABB Ability Camera Connect 2.0.0.49.
The easiest path to mitigate the problem is an update of ABB Ability Camera Connect system by the customer. ABB recommends that customers apply the update at earliest convenience.
Mitigation
This vulnerability involves database schema modification operations:
- Schema Modification: The vulnerability is in ALTER TABLE operations. In OT environments, database schemas are static and managed through controlled change management processes, not dynamic runtime modifications.
- Administrative Operation: ALTER TABLE requires elevated database privileges that are not granted to regular Camera Connect users or operational personnel.
- Compound Query Requirement: The vulnerability specifically requires a compound SELECT statement with ORDER BY clause in the context of ALTER TABLE - an unusual and non-standard SQL pattern.
- Application-Mediated Access: Camera Connect does not provide interfaces for direct SQL execution or schema modification to end users.
- Static Schema: Camera Connect's database schema is established during installation and remains stable throughout operational use, with updates only occurring during planned software upgrades.
The administrative nature of ALTER TABLE operations and the absence of dynamic schema modification in normal Cam-era Connect usage effectively eliminate this attack vector.
SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
7.5 (High)
Vendor Fix
The problem is corrected in the following product versions:
- ABB Ability Camera Connect 2.0.0.49.
The easiest path to mitigate the problem is an update of ABB Ability Camera Connect system by the customer. ABB recommends that customers apply the update at earliest convenience.
Mitigation
This vulnerability involves SQL window functions:
- Window Function Usage: Window functions (e.g., ROW_NUMBER(), RANK(), LAG()) are advanced SQL features primarily used in analytical queries. Camera Connect's operational database queries typically use simpler CRUD operations and aggregations.
- Denial of Service Only: The impact is a segmentation fault causing application crash, not data breach or code execution. In industrial environments, service interruption is managed through monitoring and automatic restart capabilities.
- Query Complexity: Crafting a malformed window function query requires knowledge of the database schema and specific query construction - not accessible through Camera Connect's standard user interfaces.
- Controlled Environment: In ISA-95 Level 2 deployments, any application crashes are immediately visible to operators and can be investigated through system logs and monitoring.
- Feature Utilization: Camera Connect's queries do not utilize window functions, so this attack vector is not present in the application.
The specialized nature of window functions and the controlled operational environment limit the practical impact of this vulnerability.
pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.
9.8 (Critical)
Vendor Fix
The problem is corrected in the following product versions:
- ABB Ability Camera Connect 2.0.0.49.
The easiest path to mitigate the problem is an update of ABB Ability Camera Connect system by the customer. ABB recommends that customers apply the update at earliest convenience.
Mitigation
This vulnerability involves SQLite's PRAGMA commands and generated columns:
- PRAGMA Commands: PRAGMA commands are administrative database commands typically not accessible to end users. Camera Connect's application layer would not expose PRAGMA command execution to operators.
- Integrity Check Context: The vulnerability specifically affects the integrity_check PRAGMA, which is a database maintenance operation typically performed during development or maintenance windows, not during normal operation.
- Limited Impact: Mishandling of NOT NULL in integrity checks would primarily affect database validation results rather than causing security breaches or service disruption.
- Administrative Access Required: Execution of PRAGMA commands requires direct database access at an ad-ministrative level, which is restricted in production OT environments.
The specialized nature of this vulnerability and its limitation to administrative database maintenance operations make it non-applicable to Camera Connect's normal operational use.
alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.
5.5 (Medium)
Vendor Fix
The problem is corrected in the following product versions:
- ABB Ability Camera Connect 2.0.0.49.
The easiest path to mitigate the problem is an update of ABB Ability Camera Connect system by the customer. ABB recommends that customers apply the update at earliest convenience.
Mitigation
This vulnerability involves database views and schema modification:
- View Usage: This vulnerability requires self-referential database views, which are advanced database con-structs. Camera Connect's database schema uses standard tables and simple views without self-referential patterns.
- ALTER TABLE Requirement: Triggering the vulnerability requires ALTER TABLE operations, which are administrative schema modification commands not available to normal users.
- Infinite Recursion Detection: Modern operating systems and runtime environments typically include stack overflow protection and recursion detection that can terminate runaway processes.
- Schema Design: Self-referential views represent poor database design practices that would be identified and corrected during development review.
- Static Schema: Camera Connect's database schema is static and managed through formal change control, pre-venting the introduction of problematic self-referential view patterns.
The requirement for both specialized view design and administrative schema modification makes this vulnerability in-applicable to Camera Connect's operational environment.
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer over-flow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.
8.1 (High)
Vendor Fix
The problem is corrected in the following product versions:
- ABB Ability Camera Connect 2.0.0.49.
The easiest path to mitigate the problem is an update of ABB Ability Camera Connect system by the customer. ABB recommends that customers apply the update at earliest convenience.
Mitigation
This vulnerability affects the FTS3 extension with specific attack requirements:
- FTS3 Extension: Camera Connect do not utilize the Full-Text Search extension, making this vulnerability non-applicable.
- Shadow Table Manipulation: The vulnerability requires crafted changes to FTS3 "shadow tables" (internal tables supporting FTS3 indexes). These shadow tables are not exposed through normal database operations and require direct low-level database access.
- Multi-Step Attack: Exploitation requires multiple steps: enable FTS3, manipulate shadow tables, and then trig-ger a merge operation - each requiring specific database access and knowledge.
- ISA-95 Level 2 Deployment: The "remote attackers" scenario is mitigated by network segmentation. Camera Connect operates in isolated control networks without direct internet exposure.
The combination of FTS3-specific requirements, shadow table manipulation, and network isolation makes this vulnerability low risk for Camera Connect deployments.
SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).
7.5 (High)
Vendor Fix
The problem is corrected in the following product versions:
- ABB Ability Camera Connect 2.0.0.49.
The easiest path to mitigate the problem is an update of ABB Ability Camera Connect system by the customer. ABB recommends that customers apply the update at earliest convenience.
Mitigation
This vulnerability is classified as CWE-89 (SQL Injection) in NVD, but exploitation still requires SQL execution paths that are not exposed in normal Camera Connect operation:
- Database Schema Validation: Camera Connect's database schema is established during installation and vali-dated through testing. A malformed PRIMARY KEY would be detected during development and corrected be-fore deployment.
- DDL Access: Creating or modifying PRIMARY KEY constraints requires database administrative privileges and DDL (Data Definition Language) access, which is not available to normal Camera Connect users.
- SQL Injection Controls: Camera Connect uses parameterized queries and controlled query templates, which significantly reduce the likelihood of user-controlled SQL construction required for SQL injection exploitation.
- Denial of Service Impact: The vulnerability leads to application crash rather than data breach or code execution. Industrial environments include application monitoring and automatic restart capabilities to maintain service availability.
- Static Schema: Camera Connect's database schema remains static throughout operational use, with PRIMARY KEY definitions established and validated during initial installation.
The combination of SQL injection controls, restricted DDL access, and static schema management makes this vulnerability low risk in properly deployed Camera Connect systems.
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer over-flow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.
8.1 (High)
Vendor Fix
The problem is corrected in the following product versions:
- ABB Ability Camera Connect 2.0.0.49.
The easiest path to mitigate the problem is an update of ABB Ability Camera Connect system by the customer. ABB recommends that customers apply the update at earliest convenience.
Mitigation
This is the "Magellan" vulnerability, related to CVE-2018-20506:
- FTS3 Extension: The vulnerability only affects installations where the FTS3 (Full-Text Search) extension is enabled. Camera Connect do not require or enable this extension.
- Shadow Table Manipulation: Exploitation requires direct manipulation of FTS3 shadow tables, which are in-ternal implementation details not exposed through standard SQL interfaces.
- Arbitrary SQL Execution: The attack requires the "ability to run arbitrary SQL statements." Camera Connect uses parameterized queries and does not provide SQL injection points or direct SQL execution capabilities to users.
- OT Network Isolation: The "remote attackers" threat model is mitigated by ISA-95 Level 2 network segmentation, which isolates the control network from external access.
- Multi-Stage Attack: Successful exploitation requires multiple prerequisites: FTS3 enabled, ability to modify shadow tables, and ability to execute queries - each representing a significant barrier.
The specialized attack requirements and Camera Connect's deployment architecture make this high-profile vulnerability low risk in practice.
In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.
7.5 (High)
Vendor Fix
The problem is corrected in the following product versions:
- ABB Ability Camera Connect 2.0.0.49.
The easiest path to mitigate the problem is an update of ABB Ability Camera Connect system by the customer. ABB recommends that customers apply the update at earliest convenience.
Mitigation
This vulnerability involves database schema corruption:
- Schema Corruption: The vulnerability requires a corrupted database schema created via a CREATE TABLE AS statement. Camera Connect's database schema is established through controlled installation processes with validation and integrity checks.
- DDL Access: CREATE TABLE statements require database administrative privileges, which are not available to normal Camera Connect users or operators.
- NULL Pointer Dereference: The impact is a NULL pointer dereference causing application crash (denial of service), not data breach or code execution.
- Database Integrity: Modern database deployments include integrity checking mechanisms that can detect corrupted schemas. Camera Connect likely includes database validation during startup.
- Backup and Recovery: Industrial OT environments maintain database backups and recovery procedures that can restore a clean database schema if corruption is detected.
The requirement for database administrative access and the protective mechanisms around database schema integrity make this vulnerability low priority for Camera Connect deployments.
The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.
9.8 (Critical)
Vendor Fix
The problem is corrected in the following product versions:
- ABB Ability Camera Connect 2.0.0.49.
The easiest path to mitigate the problem is an update of ABB Ability Camera Connect system by the customer. ABB recommends that customers apply the update at earliest convenience.
Mitigation
This vulnerability affects SQLite's R Tree extension:
- R Tree Extension: This vulnerability is specific to the RTree (R-Tree spatial index) extension of SQLite. Camera Connect do not utilize spatial indexing capabilities, making this extension inactive.
- Crafted Database Requirement: The vulnerability requires a specially crafted database with malformed RTree blobs. Camera Connect's database is generated and maintained by the application itself, not loaded from ex-ternal sources.
- Spatial Data: RTree indexes are used for spatial data queries (geographic/geometric data). Camera Connect's use case involves camera management and video streaming, which typically does not require spatial indexing.
- Limited Exposure: The vulnerability requires both the RTree extension to be enabled and specific malformed data structures within the database.
- Database Source Control: In OT environments, databases come from trusted sources and are protected by integrity checking mechanisms.
Camera Connect does not use the RTree extension, so this vulnerability is not applicable. Even if the extension is pre-sent, the controlled database environment significantly reduces risk.
os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other im-pact by leveraging use of the current working directory for temporary files.
5.9 (Medium)
Vendor Fix
The problem is corrected in the following product versions:
- ABB Ability Camera Connect 2.0.0.49.
The easiest path to mitigate the problem is an update of ABB Ability Camera Connect system by the customer. ABB recommends that customers apply the update at earliest convenience.
Mitigation
This vulnerability affects temporary file handling on Unix-based systems:
- Windows Deployment: Camera Connect is primarily deployed on Windows operating systems in industrial environments (note: the vulnerability description specifically references os_unix.c). Windows-based deployments are not affected by this Unix-specific implementation issue.
- Local Access Required: The CVE describes "local users" as the threat actors, requiring authenticated local sys-tem access. In OT environments, local system access is restricted to authorized administrators.
- Temporary File Usage: The vulnerability relates to temporary file creation. Modern SQLite versions and Camera Connect's configuration may specify explicit temporary directory locations rather than relying on the de-fault search algorithm.
- File System Permissions: Windows operating systems used in industrial environments typically implement proper file system permissions and user access controls.
- Sensitive Information Exposure: Any sensitive information in temporary files would be limited to transient database operations and would not include long-term sensitive data.
The Unix-specific nature of this vulnerability and Camera Connect's typical deployment on Windows systems significantly reduces applicability.
SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows attackers to gain privileges via a crafted application, aka internal bug 20099586.
Vendor Fix
The problem is corrected in the following product versions:
- ABB Ability Camera Connect 2.0.0.49.
The easiest path to mitigate the problem is an update of ABB Ability Camera Connect system by the customer. ABB recommends that customers apply the update at earliest convenience.
Mitigation
This vulnerability is specific to Android environments:
- Platform-Specific: This CVE specifically affects Android operating systems (before version 5.1.1 LMY48T). Camera Connect is a Windows-based application for industrial environments, not an Android mobile application.
- Different Attack Surface: The vulnerability involves Android's application sandbox and privilege model, which is fundamentally different from Windows desktop application security.
- Application Context: As noted in the CVE description, it's "internal bug 20099586" - an Android-specific internal vulnerability in how Android handled SQLite.
- Non-Applicable Platform: Since Camera Connect operates on Windows systems in OT environments rather than Android mobile devices, this CVE does not apply to Camera Connect deployments.
This CVE is effectively not relevant to Camera Connect due to platform incompatibility.
Multiple unspecified vulnerabilities in SQLite before 3.8.10.2, as used in Apple iOS before 9, have unknown impact and attack vectors.
Vendor Fix
The problem is corrected in the following product versions:
- ABB Ability Camera Connect 2.0.0.49.
The easiest path to mitigate the problem is an update of ABB Ability Camera Connect system by the customer. ABB recommends that customers apply the update at earliest convenience.
Mitigation
This CVE has limited public information:
- Platform-Specific Context: these vulnerabilities were identified and fixed in the context of mobile iOS devices. Camera Connect operates on Windows platforms in industrial environments.
- Unspecified Details: The CVE notes "unspecified vulnerabilities" with "unknown impact and attack vectors," suggesting these may be vendor-specific issues in Apple's SQLite implementation or integration rather than core SQLite vulnerabilities.
- Mobile vs. Desktop: iOS and desktop Windows environments have fundamentally different security models, application sandboxing, and attack surfaces.
- Apple-Specific Fixes: These vulnerabilities were addressed in iOS 9 through Apple-specific patches, which may have included iOS-specific security hardening rather than core SQLite fixes.
- Limited Applicability: Without specific attack vector information, and given the iOS-specific context, there is insufficient evidence that these vulnerabilities affect Camera Connect on Windows platforms.
The mobile platform-specific nature and lack of detailed vulnerability information make risk assessment and mitigation difficult, but the platform differences suggest limited applicability.
Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Vendor Fix
The problem is corrected in the following product versions:
- ABB Ability Camera Connect 2.0.0.49.
The easiest path to mitigate the problem is an update of ABB Ability Camera Connect system by the customer. ABB recommends that customers apply the update at earliest convenience.
Mitigation
This vulnerability affects printf functionality in Apple platforms:
- Apple Platform Context: The CVE specifically references Apple iOS and OS X implementations. Camera Connect runs on Windows operating systems, which may have different SQLite implementations and security controls.
- Printf Functionality: The vulnerability is in printf functionality, which is internal string formatting. Camera Connect uses parameterized database queries and typed data operations, limiting exposure to format string vulnerabilities.
- Remote Attackers: The CVE mentions "remote attackers," but Camera Connect operates in isolated ISA-95 Level 2 networks with no direct remote access from the internet.
- Apple-Specific Fixes: The vulnerability was addressed through Apple platform-specific security updates, which may have included platform-specific protections not present in or needed for Windows deployments.
- String Handling: Modern development practices in Camera Connect likely use safe string handling APIs and input validation that reduce exposure to buffer overflow conditions.
The Apple platform-specific nature of this CVE and Camera Connect's Windows deployment environment suggest limited cross-platform applicability.
The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer over-flow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.
CWE-190 - Integer Overflow or Wraparound
Vendor Fix
The problem is corrected in the following product versions:
- ABB Ability Camera Connect 2.0.0.49.
The easiest path to mitigate the problem is an update of ABB Ability Camera Connect system by the customer. ABB recommends that customers apply the update at earliest convenience.
Mitigation
This vulnerability involves printf-style formatting in SQL SELECT statements:
- Query Control: The vulnerability requires crafting specific printf function calls with very large integer precision/width values within SELECT statements. Camera Connect's SQL queries are generated by the application code, not provided directly by untrusted users.
- Input Validation: Any user inputs that influence query parameters undergo validation and sanitization before being incorporated into SQL statements, limiting the ability to inject malicious printf patterns.
- Parameterized Queries: Camera Connect uses parameterized queries and prepared statements where possible, reducing exposure to SQL injection vectors that could be used to introduce malicious printf calls.
- Limited printf Usage: The vulnerability specifically affects printf-style formatting functions in SQLite. Camera Connect's typical query patterns do not extensively use printf-style formatting operations.
- Stack Overflow Detection: Modern compiler protections (stack canaries, ASLR) and operating system safe-guards provide additional defense-in-depth against stack-based buffer overflow exploitation.
The controlled nature of SQL query generation in Camera Connect, combined with input validation and parameterized query usage, significantly reduces the practical exploitability of this vulnerability in production deployments.
The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement.
CWE-404 - Improper Resource Shutdown or Release
Vendor Fix
The problem is corrected in the following product versions:
- ABB Ability Camera Connect 2.0.0.49.
The easiest path to mitigate the problem is an update of ABB Ability Camera Connect system by the customer. ABB recommends that customers apply the update at earliest convenience.
Mitigation
This vulnerability involves malformed CHECK constraints that can trigger improper resource release behavior (CWE-404):
- CHECK Constraint: The vulnerability requires a malformed CHECK constraint in a CREATE TABLE statement, such as CHECK(0&O>O). CHECK constraints are part of database schema definition, not runtime queries.
- DDL Access Required: Creating or modifying tables with CHECK constraints requires database administrative privileges and DDL access, which is not available to normal Camera Connect users.
- Schema Validation: Camera Connect's database schema is established during installation and undergoes vali-dation testing. Malformed CHECK constraints would be identified and corrected during development.
- Static Schema: Camera Connect uses a predefined database schema that is not dynamically generated or modified during normal operation. New table creation does not occur during runtime.
- Development Detection: The specific CHECK constraint pattern (bitwise operation in comparison) is clearly malformed and would be detected by code review and database testing procedures.
- DoS Containment: Even if triggered, impact is typically process-level instability (invalid free/crash). OT deployments mitigate this with service monitoring, restart policies, and incident response procedures.
The requirement for schema-level modification access and the static nature of Camera Connect's database design effectively eliminate this vulnerability in deployed systems.
There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.
CWE-197 - Numeric Truncation Error
Vendor Fix
The problem is corrected in the following product versions:
- ABB Ability Camera Connect 2.0.0.49.
The easiest path to mitigate the problem is an update of ABB Ability Camera Connect system by the customer. ABB recommends that customers apply the update at earliest convenience.
Mitigation
Camera Connect is deployed as an OT solution typically operating in ISA-95 Level 2 (control/supervisory level) environments. This deployment architecture provides inherent risk mitigation:
- Network Segmentation: The solution operates within isolated industrial control networks, separated from IT networks and the internet by firewalls and demilitarized zones (DMZs).
- Access Control: Access to the Camera Connect system is restricted to authorized plant operators and maintenance personnel through role-based access controls and authentication mechanisms.
- Limited Attack Surface: The CVSS v4.0 vector indicates Network attack vector (AV:N), High attack complexity (AC:H), and requires Low privileges (PR:L), significantly reducing the likelihood of exploitation in a controlled OT environment.
- Physical Security: Level 2 systems are typically located in secure facilities with physical access controls.
- Operational Monitoring: Industrial environments maintain operational monitoring that can detect anomalous behavior.
Given these factors, successful exploitation would require an authenticated attacker with specific knowledge of the system, positioned within the control network, making this vulnerability Low risk in properly segmented OT deployments.
An integer overflow can be triggered in SQLite's concat_ws() function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild heap buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.
CWE-122 - Heap-based Buffer Overflow
Vendor Fix
The problem is corrected in the following product versions:
- ABB Ability Camera Connect 2.0.0.49.
The easiest path to mitigate the problem is an update of ABB Ability Camera Connect system by the customer. ABB recommends that customers apply the update at earliest convenience.
Mitigation
While this vulnerability has a CVSS v4.0 score of 6.9 and theoretically allows arbitrary code execution, Camera Connect's deployment model provides significant protection:
- Function-Specific Vulnerability: The vulnerability requires specific use of the concat_ws() SQL function, which is not utilized in Camera Connect's standard database operations.
- Input Validation: Camera Connect implements input validation and sanitization mechanisms that limit the ability to craft malicious SQL queries.
- Network Isolation: As an ISA-95 Level 2 OT solution, Camera Connect operates within protected industrial networks with limited external connectivity.
- Authenticated Access Required: Database operations in Camera Connect require user authentication and are performed within the context of the application's business logic rather than through direct user-supplied SQL.
- Memory Protection: Modern operating systems deployed in industrial environments typically include memory protection mechanisms (DEP, ASLR) that make heap exploitation more difficult.
The risk is further reduced by operational procedures requiring change management and validation testing before any modifications to the system configuration or database queries.
References
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "ABB is aware of public reports of vulnerabilities in a 3rd party dependency SQLite Version 3.2.4 which was delivered together with the installation package of Camera Connect Version 2.0.0.42 and below. An update is available that resolves a privately reported outdated 3rd party component with vulnerabilities in the product versions listed as affected in the advisory.\n\nAn attacker who successfully exploited any of these vulnerabilities in the 3rd party component could potentially compromise the system in different ways.",
"title": "Summary"
},
{
"category": "other",
"text": "For additional instructions and support please contact your local ABB service organization. For contact information, see www.abb.com/contactcenters.\n\nInformation about ABB\u2019s cyber security program and capabilities can be found at www.abb.com/cybersecurity.",
"title": "Support"
},
{
"category": "legal_disclaimer",
"text": "The information in this document is subject to change without notice, and should not be construed as a commitment by ABB.\n\nABB provides no warranty, express or implied, including warranties of merchantability and fitness for a particular purpose, for the information contained in this document, and assumes no responsibility for any errors that may appear in this document. In no event shall ABB or any of its suppliers be liable for direct, indirect, special, incidental or consequential damages of any nature or kind arising from the use of this document, or from the use of any hardware or software described in this document, even if ABB or its suppliers have been advised of the possibility of such damages.\n\nThis document and parts hereof must not be reproduced or copied without written permission from ABB, and the contents hereof must not be imparted to a third party nor used for any unauthorized purpose.\n\nAll rights to registrations and trademarks reside with their respective owners.\n",
"title": "Notice"
},
{
"category": "other",
"text": "For any installation of software-related ABB products we strongly recommend the following (non-exhaustive) list of cyber security practices:\n- Isolate special purpose networks (e.g. for automation systems) and remote devices behind firewalls and separate them from any general-purpose network (e.g. office or home networks).\n- Install physical controls so no unauthorized personnel can access your devices, components, peripheral equipment, and networks.\n- Never connect programming software or computers containing programing software to any network other than the network for the devices that it is intended for.\n- Scan all data imported into your environment before use to detect potential malware infections.\n- Minimize network exposure for all applications and endpoints to ensure that they are not accessible from the Internet unless they are designed for such exposure and the intended use requires such.\n- Ensure all nodes are always up to date in terms of installed software, operating system, and firmware patches as well as anti-virus and firewall.\n- When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Recognize that VPNs may have vulnerabilities and should be updated to the most current version available. Also, understand that VPNs are only as secure as the connected devices.",
"title": "General security recommendations"
},
{
"category": "other",
"text": "ABB has a rigorous internal cyber security continuous improvement process which involves regular testing with industry leading tools and periodic assessments to identify potential product issues. Occasionally an issue is determined to be a design or coding flaw with implications that may impact product cyber security.\n\nWhen a potential product vulnerability is identified or reported, ABB immediately initiates our vulnerability handling process. This entails validating if the issue is in fact a product issue, identifying root causes, determining what related products may be impacted, developing a remediation, and notifying end users and governmental organizations.\n\nThe resulting Cyber Security Advisory intends to notify customers of the vulnerability and provide details on which products are impacted, how to mitigate the vulnerability or explain workarounds that minimize the potential risk as much as possible. The release of a Cyber Security Advisory should not be misconstrued as an affirmation or indication of an active threat or ongoing campaign targeting the products mentioned here. If ABB is aware of any specific threats, it will be clearly mentioned in the communication.\n\nThe publication of this Cyber Security Advisory is an example of ABB\u2019s commitment to the user community in support of this critical topic. Responsible disclosure is an important element in the chain of trust we work to maintain with our many customers. The release of an Advisory provides timely information which is essential to help ensure our customers are fully informed.",
"title": "Purpose"
},
{
"category": "faq",
"text": "What causes the vulnerability?\n- The vulnerabilities are caused by the use of SQLite version 3.2.4 in Camera Connect versions up to 2.0.0.42. The root causes vary and are presented in the CVEs in the previous section.\n\nWhat is the affected product or component?\n- The affected component is SQLite version 3.2.4, which is an embedded relational database engine used by Camera Connect versions up to 2.0.0.42.\n\nWhat might an attacker use the vulnerability to do?\n- The potential impacts vary depending on the specific CVE and each one of them are discussed in the previous sections however, it\u0027s important to note that the actual exploitability and impact are significantly reduced by Camera Connect\u0027s deployment in isolated OT networks with restricted access controls.\n\nHow could an attacker exploit the vulnerability?\n- Exploitation methods vary by CVE but generally fall into these categories:\n 1. Database Query Manipulation (Most Common)\n 2. Database Schema Manipulation (Administrative Access Required)\n 3. Malformed Database Files\n 4. Extension-Specific Attacks\n\n Exploitation Barriers in Camera Connect Deployments:\n - No direct SQL query interface exposed to users\n - Parameterized queries and input validation reduce injection risks\n - Database administrative operations restricted to installation/upgrade processes\n - Network segmentation limits attacker access to the system\n - Authentication and authorization controls restrict unauthorized access\n\nCould the vulnerability be exploited remotely?\n- In properly configured Camera Connect deployments following industrial security best practices, remote exploitation is highly unlikely.\n\n While the CVEs may reference remote exploitation, Camera Connect\u0027s architecture and typical OT deployment model make remote exploitation from outside the control network perimeter extremely difficult. The primary threat vectors are from malicious insiders or compromised systems already within the control network.\n\nCan functional safety be affected by an exploit of this vulnerability?\n- While exploitation of these vulnerabilities could degrade operational monitoring capabilities, properly designed industrial facilities maintain functional safety through independent, dedicated safety systems. Camera Connect should be considered an operational support tool rather than a safety-critical component. Organizations should ensure their safety management systems do not create dependencies on Camera Connect for safety-instrumented functions.\n\nWhat does the update do?\n- The update removes the vulnerability by providing a newer version of the affected component.\n\nWhen this security advisory was issued, had this vulnerability been publicly disclosed?\n- This vulnerability has been publicly disclosed for the 3rd party component, but not for the ABB product using this component\n\nWhen this security advisory was issued, had ABB received any reports that this vulnerability was being exploited?\n- No, ABB had not received any information indicating that this vulnerability had been exploited when this security advisory was originally issued.\n\n",
"title": "Frequently Asked Questions"
}
],
"publisher": {
"category": "vendor",
"name": "ABB PSIRT",
"namespace": "https://www.abb.com/global/en/company/about/cybersecurity/alerts-and-notifications"
},
"references": [
{
"category": "self",
"summary": "ABB CYBERSECURITY ADVISORY - PDF Version ",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=4HZM000604\u0026LanguageCode=en\u0026DocumentPartId=PDF\u0026Action=Launch"
},
{
"category": "self",
"summary": "ABB CYBERSECURITY ADVISORY - CSAF Version ",
"url": "https://psirt.abb.com/csaf/2026/4hzm000604.json"
}
],
"title": "ABB Ability Camera Connect Vulnerabilities in outdated 3rd party component (SQLite 3.2.4)",
"tracking": {
"current_release_date": "2026-03-26T00:30:00.000Z",
"generator": {
"date": "2026-03-26T12:35:09.292Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.46"
}
},
"id": "4HZM000604",
"initial_release_date": "2026-03-26T00:30:00.000Z",
"revision_history": [
{
"date": "2026-03-26T00:30:00.000Z",
"legacy_version": "A",
"number": "1",
"summary": "Initial version."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=2.0.0.42",
"product": {
"name": "ABB Ability Camera Connect \u003c=2.0.0.42",
"product_id": "AV1"
}
},
{
"category": "product_version",
"name": "2.0.0.49",
"product": {
"name": "ABB Ability Camera Connect 2.0.0.49",
"product_id": "FX1"
}
}
],
"category": "product_name",
"name": "Ability Camera Connect"
}
],
"category": "vendor",
"name": "ABB"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-7104",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2023-7104 ",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-7104"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n- ABB Ability Camera Connect 2.0.0.49.\nThe easiest path to mitigate the problem is an update of ABB Ability Camera Connect system by the customer. ABB recommends that customers apply the update at earliest convenience.\n",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "This vulnerability affects the SQLite session extension (FTS3), which is an optional component:\n- Component Usage: Camera Connect\u0027s implementation do not utilize the SQLite session extension functionality, rendering this vulnerability non-applicable to the actual deployment.\n- Adjacent Network Attack: The CVSS vector indicates Adjacent Network access (AV:A) is required, meaning the attacker must be on the same local network segment. In OT environments, network segmentation at ISA-95 Level 2 restricts access to authorized personnel only.\n- Authentication Required: Low privilege credentials (PR:L) are still required to exploit this vulnerability, providing an additional barrier in Camera Connect\u0027s access-controlled environment.\n- Limited Impact: The CVSS score of 5.5 (MEDIUM) reflects limited impact to confidentiality, integrity, and avail-ability (C:L/I:L/A:L).\n- Extension-Specific: The vulnerability is in the make all test handler of the session extension, which is typically not used in production deployments.\n\nCamera Connect\u0027s restricted operational environment and limited use of optional SQLite features significantly reduce the exploitability of this vulnerability.\n",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2023-7104"
},
{
"cve": "CVE-2022-35737",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"notes": [
{
"category": "description",
"text": "SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2022-35737 ",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35737"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n- ABB Ability Camera Connect 2.0.0.49.\nThe easiest path to mitigate the problem is an update of ABB Ability Camera Connect system by the customer. ABB recommends that customers apply the update at earliest convenience.\n",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "This vulnerability has specific prerequisites that limit its applicability to Camera Connect:\n- Resource Requirements: The vulnerability requires \"billions of bytes\" to be used in a string argument, representing an extreme edge case that exceeds typical operational parameters in industrial control systems.\n- C API Specific: This vulnerability affects direct C API calls to SQLite. Camera Connect uses higher-level database access patterns through managed code or SQL queries, not direct low-level C API manipulation.\n- Memory Constraints: Industrial systems running Camera Connect typically operate within defined memory boundaries and resource allocation limits that would prevent the allocation of multi-gigabyte strings.\n- Input Validation: Application-level input validation and size restrictions in Camera Connect prevent the sub-mission of abnormally large data values.\n- Practical Impossibility: In the context of Camera Connect\u0027s use case (camera connectivity and video management), there are no legitimate operational scenarios requiring billion-byte string parameters.\n\nThe extreme resource requirements and specific attack vector make this vulnerability impractical to exploit in Camera Connect\u0027s typical deployment environment.\n",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2022-35737"
},
{
"cve": "CVE-2020-15358",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap over-flow because of misuse of transitive properties for constant propagation.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2020-15358 ",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15358"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n- ABB Ability Camera Connect 2.0.0.49.\nThe easiest path to mitigate the problem is an update of ABB Ability Camera Connect system by the customer. ABB recommends that customers apply the update at earliest convenience.\n",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "This vulnerability involves specific SQL query patterns and optimization edge cases:\n- Query Complexity: The vulnerability requires specific use of complex multi-select queries with ORDER BY clauses that trigger the query-flattener optimization. Camera Connect\u0027s database queries are typically straight-forward CRUD operations for camera configuration and video metadata.\n- Limited Query Construction: Users of Camera Connect do not have direct SQL query construction capabilities; all database interactions occur through the application\u0027s predefined data access layer.\n- Query Review: Database queries in Camera Connect are part of the application codebase and undergo development review and testing, reducing the likelihood of crafted malicious query patterns.\n- Heap Overflow Protection: Modern operating systems and runtime environments include heap overflow protection mechanisms that can detect and prevent exploitation attempts.\n- Operational Context: The specific query pattern required to trigger this vulnerability is unlikely to occur in Camera Connect\u0027s operational use cases related to camera management and video streaming.\n\nThe constrained database access model and typical query patterns in Camera Connect operations make this vulnerability extremely unlikely to be triggered in practice.\n",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2020-15358"
},
{
"cve": "CVE-2020-13632",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2020-13632 ",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13632"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n- ABB Ability Camera Connect 2.0.0.49.\nThe easiest path to mitigate the problem is an update of ABB Ability Camera Connect system by the customer. ABB recommends that customers apply the update at earliest convenience.\n",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "This vulnerability affects the SQLite Full-Text Search (FTS3) extension with specific conditions:\n- FTS3 Extension: Camera Connect do not utilize SQLite\u0027s Full-Text Search capabilities, as the solution is primarily focused on camera connectivity, configuration, and video management rather than full-text search operations.\n- Specific Function: The vulnerability requires use of the matchinfo() function, which is a specialized FTS3 query function which is not part of Camera Connect\u0027s database access patterns.\n- Denial of Service Impact: This is a NULL pointer dereference leading to application crash (denial of service), not remote code execution. In an OT environment, application crashes are detected and can trigger automatic restart mechanisms.\n- Access Control: Crafting the specific malicious query would require authenticated database access and knowledge of the database schema.\n- Feature-Specific: The FTS3 is not enabled or compiled into the SQLite build used by Camera Connect, so this vulnerability is not present.\n\nThe specialized nature of this vulnerability and its limitation to a specific extension function that Camera Connect likely does not utilize significantly reduces the risk.\n\n",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2020-13632"
},
{
"cve": "CVE-2020-13631",
"notes": [
{
"category": "description",
"text": "SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2020-13631 ",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13631"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n- ABB Ability Camera Connect 2.0.0.49.\nThe easiest path to mitigate the problem is an update of ABB Ability Camera Connect system by the customer. ABB recommends that customers apply the update at earliest convenience.\n",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "This vulnerability involves database schema manipulation:\n- Administrative Privilege Requirement: Renaming tables requires database administrative privileges, which are not granted to normal Camera Connect users.\n- Virtual Table Usage: This vulnerability specifically affects virtual tables, which are an advanced SQLite feature. Camera Connect\u0027s database schema uses standard tables for its operational data.\n- Schema Stability: In industrial OT environments, database schemas are static and controlled through formal change management processes. Dynamic table creation and renaming are not typical operational activities.\n- Limited Impact: Even if exploited, the impact is primarily on database integrity rather than system availability or confidentiality. Database backups and recovery procedures in industrial environments provide restoration capabilities.\n- Application Logic: Camera Connect\u0027s application layer mediates all database interactions, preventing direct DDL (Data Definition Language) operations by end users.\n\nThe requirement for administrative access and the uncommon use case of dynamic schema modification in OT environments make this vulnerability low risk for Camera Connect.\n",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2020-13631"
},
{
"cve": "CVE-2020-13630",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2020-13630 ",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13630"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n- ABB Ability Camera Connect 2.0.0.49.\nThe easiest path to mitigate the problem is an update of ABB Ability Camera Connect system by the customer. ABB recommends that customers apply the update at earliest convenience.\n",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "This is another FTS3 extension-specific vulnerability:\n- FTS3 Extension Dependency: The vulnerability exists only in the FTS3 (Full-Text Search) extension. Camera Connect does not enable or use FTS3 functionality, so this vulnerability is not applicable.\n- Snippet Feature: The use-after-free specifically affects the snippet feature of FTS3, which generates text snip-pets from search results - a specialized feature unlikely to be required in Camera Connect\u0027s video management operations.\n- Memory Management: Modern operating systems and runtime environments include heap management protections that can detect use-after-free conditions and prevent exploitation.\n- Crash vs. Exploitation: While use-after-free vulnerabilities can potentially lead to code execution, successful exploitation requires precise memory manipulation. The more likely outcome is application crash (denial of service).\n- Function-Specific: The vulnerability is in fts3EvalNextRow, a specific internal function that would only be triggered through specialized FTS3 queries.\n\nCamera Connect\u0027s non-existent use of advanced FTS3 features significantly reduces exposure to this vulnerability.\n",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 7,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2020-13630"
},
{
"cve": "CVE-2020-13435",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2020-13435 ",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13435"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n- ABB Ability Camera Connect 2.0.0.49.\nThe easiest path to mitigate the problem is an update of ABB Ability Camera Connect system by the customer. ABB recommends that customers apply the update at earliest convenience.\n",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "This vulnerability results in a segmentation fault (application crash):\n- Denial of Service Impact: A segmentation fault leads to application crash, representing a denial of service rather than data breach or code execution. In industrial environments, application monitoring and automatic re-start mechanisms can quickly restore service.\n- Query Complexity: The vulnerability requires specific expression patterns in SQL queries. Camera Connect\u0027s predefined query templates and parameterized queries reduce the likelihood of triggering this condition.\n- High Availability Design: OT solutions typically incorporate redundancy and failover mechanisms to maintain operational continuity in the event of application failures.\n- Limited Window: In a segmentation fault scenario, the application terminates immediately, limiting any potential data exposure compared to vulnerabilities that allow sustained unauthorized access.\n- Operational Monitoring: Industrial control systems maintain operational monitoring that alerts operators to application failures, enabling rapid response.\n\nWhile denial of service is undesirable in OT environments, the impact is significantly less severe than vulnerabilities allowing unauthorized access or data manipulation.\n",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2020-13435"
},
{
"cve": "CVE-2020-13434",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2020-13434 ",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13434"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n- ABB Ability Camera Connect 2.0.0.49.\nThe easiest path to mitigate the problem is an update of ABB Ability Camera Connect system by the customer. ABB recommends that customers apply the update at earliest convenience.\n",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "This vulnerability affects SQLite\u0027s internal printf functionality:\n- Internal Function: The vulnerability is in sqlite3_str_vappendf, an internal string formatting function. Camera Connect\u0027s use of SQLite typically occurs through higher-level database operations that don\u0027t directly expose this function.\n- Integer Overflow Requirements: Triggering an integer overflow requires carefully crafted input with extreme values, which would be constrained by Camera Connect\u0027s input validation and data type definitions.\n- Format String Context: The vulnerability occurs in printf-style formatting operations. Camera Connect\u0027s data-base interactions use parameterized queries and typed data binding rather than format string operations.\n- Bounds Checking: Application-level data validation limits the size and format of values passed to database operations, preventing the extreme conditions necessary to trigger this overflow.\n- Limited Exposure: The specific code path would need to be triggered through very specific database operations that may not occur in Camera Connect\u0027s normal operational workflow.\n\nThe internal nature of this vulnerability and Camera Connect\u0027s structured data access patterns make exploitation highly unlikely in practice.\n",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2020-13434"
},
{
"cve": "CVE-2020-11656",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2020-11656 ",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11656"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n- ABB Ability Camera Connect 2.0.0.49.\nThe easiest path to mitigate the problem is an update of ABB Ability Camera Connect system by the customer. ABB recommends that customers apply the update at earliest convenience.\n",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "This vulnerability involves database schema modification operations:\n- Schema Modification: The vulnerability is in ALTER TABLE operations. In OT environments, database schemas are static and managed through controlled change management processes, not dynamic runtime modifications.\n- Administrative Operation: ALTER TABLE requires elevated database privileges that are not granted to regular Camera Connect users or operational personnel.\n- Compound Query Requirement: The vulnerability specifically requires a compound SELECT statement with ORDER BY clause in the context of ALTER TABLE - an unusual and non-standard SQL pattern.\n- Application-Mediated Access: Camera Connect does not provide interfaces for direct SQL execution or schema modification to end users.\n- Static Schema: Camera Connect\u0027s database schema is established during installation and remains stable throughout operational use, with updates only occurring during planned software upgrades.\n\nThe administrative nature of ALTER TABLE operations and the absence of dynamic schema modification in normal Cam-era Connect usage effectively eliminate this attack vector.\n",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2020-11656"
},
{
"cve": "CVE-2020-11655",
"cwe": {
"id": "CWE-665",
"name": "Improper Initialization"
},
"notes": [
{
"category": "description",
"text": "SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object\u0027s initialization is mishandled.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2020-11655 ",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11655"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n- ABB Ability Camera Connect 2.0.0.49.\nThe easiest path to mitigate the problem is an update of ABB Ability Camera Connect system by the customer. ABB recommends that customers apply the update at earliest convenience.\n",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "This vulnerability involves SQL window functions:\n- Window Function Usage: Window functions (e.g., ROW_NUMBER(), RANK(), LAG()) are advanced SQL features primarily used in analytical queries. Camera Connect\u0027s operational database queries typically use simpler CRUD operations and aggregations.\n- Denial of Service Only: The impact is a segmentation fault causing application crash, not data breach or code execution. In industrial environments, service interruption is managed through monitoring and automatic restart capabilities.\n- Query Complexity: Crafting a malformed window function query requires knowledge of the database schema and specific query construction - not accessible through Camera Connect\u0027s standard user interfaces.\n- Controlled Environment: In ISA-95 Level 2 deployments, any application crashes are immediately visible to operators and can be investigated through system logs and monitoring.\n- Feature Utilization: Camera Connect\u0027s queries do not utilize window functions, so this attack vector is not present in the application.\n\nThe specialized nature of window functions and the controlled operational environment limit the practical impact of this vulnerability.\n",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2020-11655"
},
{
"cve": "CVE-2019-19646",
"cwe": {
"id": "CWE-754",
"name": "Improper Check for Unusual or Exceptional Conditions"
},
"notes": [
{
"category": "description",
"text": "pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2019-19646 ",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19646"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n- ABB Ability Camera Connect 2.0.0.49.\nThe easiest path to mitigate the problem is an update of ABB Ability Camera Connect system by the customer. ABB recommends that customers apply the update at earliest convenience.\n",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "This vulnerability involves SQLite\u0027s PRAGMA commands and generated columns:\n- PRAGMA Commands: PRAGMA commands are administrative database commands typically not accessible to end users. Camera Connect\u0027s application layer would not expose PRAGMA command execution to operators.\n- Integrity Check Context: The vulnerability specifically affects the integrity_check PRAGMA, which is a database maintenance operation typically performed during development or maintenance windows, not during normal operation.\n- Limited Impact: Mishandling of NOT NULL in integrity checks would primarily affect database validation results rather than causing security breaches or service disruption.\n- Administrative Access Required: Execution of PRAGMA commands requires direct database access at an ad-ministrative level, which is restricted in production OT environments.\n\nThe specialized nature of this vulnerability and its limitation to administrative database maintenance operations make it non-applicable to Camera Connect\u0027s normal operational use.\n",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2019-19646"
},
{
"cve": "CVE-2019-19645",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "description",
"text": "alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2019-19645 ",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19645"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n- ABB Ability Camera Connect 2.0.0.49.\nThe easiest path to mitigate the problem is an update of ABB Ability Camera Connect system by the customer. ABB recommends that customers apply the update at earliest convenience.\n",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "This vulnerability involves database views and schema modification:\n- View Usage: This vulnerability requires self-referential database views, which are advanced database con-structs. Camera Connect\u0027s database schema uses standard tables and simple views without self-referential patterns.\n- ALTER TABLE Requirement: Triggering the vulnerability requires ALTER TABLE operations, which are administrative schema modification commands not available to normal users.\n- Infinite Recursion Detection: Modern operating systems and runtime environments typically include stack overflow protection and recursion detection that can terminate runaway processes.\n- Schema Design: Self-referential views represent poor database design practices that would be identified and corrected during development review.\n- Static Schema: Camera Connect\u0027s database schema is static and managed through formal change control, pre-venting the introduction of problematic self-referential view patterns.\n\nThe requirement for both specialized view design and administrative schema modification makes this vulnerability in-applicable to Camera Connect\u0027s operational environment.",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2019-19645"
},
{
"cve": "CVE-2018-20506",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "description",
"text": "SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer over-flow) for FTS3 queries in a \"merge\" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2018-20506 ",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n- ABB Ability Camera Connect 2.0.0.49.\nThe easiest path to mitigate the problem is an update of ABB Ability Camera Connect system by the customer. ABB recommends that customers apply the update at earliest convenience.\n",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "This vulnerability affects the FTS3 extension with specific attack requirements:\n- FTS3 Extension: Camera Connect do not utilize the Full-Text Search extension, making this vulnerability non-applicable.\n- Shadow Table Manipulation: The vulnerability requires crafted changes to FTS3 \"shadow tables\" (internal tables supporting FTS3 indexes). These shadow tables are not exposed through normal database operations and require direct low-level database access.\n- Multi-Step Attack: Exploitation requires multiple steps: enable FTS3, manipulate shadow tables, and then trig-ger a merge operation - each requiring specific database access and knowledge.\n- ISA-95 Level 2 Deployment: The \"remote attackers\" scenario is mitigated by network segmentation. Camera Connect operates in isolated control networks without direct internet exposure.\n\nThe combination of FTS3-specific requirements, shadow table manipulation, and network isolation makes this vulnerability low risk for Camera Connect deployments.\n",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.1,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 8.1,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2018-20506"
},
{
"cve": "CVE-2018-20505",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"notes": [
{
"category": "description",
"text": "SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2018-20505 ",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20505"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n- ABB Ability Camera Connect 2.0.0.49.\nThe easiest path to mitigate the problem is an update of ABB Ability Camera Connect system by the customer. ABB recommends that customers apply the update at earliest convenience.\n",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "This vulnerability is classified as CWE-89 (SQL Injection) in NVD, but exploitation still requires SQL execution paths that are not exposed in normal Camera Connect operation:\n- Database Schema Validation: Camera Connect\u0027s database schema is established during installation and vali-dated through testing. A malformed PRIMARY KEY would be detected during development and corrected be-fore deployment.\n- DDL Access: Creating or modifying PRIMARY KEY constraints requires database administrative privileges and DDL (Data Definition Language) access, which is not available to normal Camera Connect users.\n- SQL Injection Controls: Camera Connect uses parameterized queries and controlled query templates, which significantly reduce the likelihood of user-controlled SQL construction required for SQL injection exploitation.\n- Denial of Service Impact: The vulnerability leads to application crash rather than data breach or code execution. Industrial environments include application monitoring and automatic restart capabilities to maintain service availability.\n- Static Schema: Camera Connect\u0027s database schema remains static throughout operational use, with PRIMARY KEY definitions established and validated during initial installation.\n\nThe combination of SQL injection controls, restricted DDL access, and static schema management makes this vulnerability low risk in properly deployed Camera Connect systems.\n",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2018-20505"
},
{
"cve": "CVE-2018-20346",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "description",
"text": "SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer over-flow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2018-20346 ",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20346"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n- ABB Ability Camera Connect 2.0.0.49.\nThe easiest path to mitigate the problem is an update of ABB Ability Camera Connect system by the customer. ABB recommends that customers apply the update at earliest convenience.\n",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "This is the \"Magellan\" vulnerability, related to CVE-2018-20506:\n- FTS3 Extension: The vulnerability only affects installations where the FTS3 (Full-Text Search) extension is enabled. Camera Connect do not require or enable this extension.\n- Shadow Table Manipulation: Exploitation requires direct manipulation of FTS3 shadow tables, which are in-ternal implementation details not exposed through standard SQL interfaces.\n- Arbitrary SQL Execution: The attack requires the \"ability to run arbitrary SQL statements.\" Camera Connect uses parameterized queries and does not provide SQL injection points or direct SQL execution capabilities to users.\n- OT Network Isolation: The \"remote attackers\" threat model is mitigated by ISA-95 Level 2 network segmentation, which isolates the control network from external access.\n- Multi-Stage Attack: Successful exploitation requires multiple prerequisites: FTS3 enabled, ability to modify shadow tables, and ability to execute queries - each representing a significant barrier.\n\nThe specialized attack requirements and Camera Connect\u0027s deployment architecture make this high-profile vulnerability low risk in practice.\n",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.1,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 8.1,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2018-20346"
},
{
"cve": "CVE-2018-8740",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2018-8740 ",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8740"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n- ABB Ability Camera Connect 2.0.0.49.\nThe easiest path to mitigate the problem is an update of ABB Ability Camera Connect system by the customer. ABB recommends that customers apply the update at earliest convenience.\n",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "This vulnerability involves database schema corruption:\n- Schema Corruption: The vulnerability requires a corrupted database schema created via a CREATE TABLE AS statement. Camera Connect\u0027s database schema is established through controlled installation processes with validation and integrity checks.\n- DDL Access: CREATE TABLE statements require database administrative privileges, which are not available to normal Camera Connect users or operators.\n- NULL Pointer Dereference: The impact is a NULL pointer dereference causing application crash (denial of service), not data breach or code execution.\n- Database Integrity: Modern database deployments include integrity checking mechanisms that can detect corrupted schemas. Camera Connect likely includes database validation during startup.\n- Backup and Recovery: Industrial OT environments maintain database backups and recovery procedures that can restore a clean database schema if corruption is detected.\n\nThe requirement for database administrative access and the protective mechanisms around database schema integrity make this vulnerability low priority for Camera Connect deployments.\n\n",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2018-8740"
},
{
"cve": "CVE-2017-10989",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2017-10989 ",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10989"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n- ABB Ability Camera Connect 2.0.0.49.\nThe easiest path to mitigate the problem is an update of ABB Ability Camera Connect system by the customer. ABB recommends that customers apply the update at earliest convenience.\n",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "This vulnerability affects SQLite\u0027s R Tree extension:\n- R Tree Extension: This vulnerability is specific to the RTree (R-Tree spatial index) extension of SQLite. Camera Connect do not utilize spatial indexing capabilities, making this extension inactive.\n- Crafted Database Requirement: The vulnerability requires a specially crafted database with malformed RTree blobs. Camera Connect\u0027s database is generated and maintained by the application itself, not loaded from ex-ternal sources.\n- Spatial Data: RTree indexes are used for spatial data queries (geographic/geometric data). Camera Connect\u0027s use case involves camera management and video streaming, which typically does not require spatial indexing.\n- Limited Exposure: The vulnerability requires both the RTree extension to be enabled and specific malformed data structures within the database.\n- Database Source Control: In OT environments, databases come from trusted sources and are protected by integrity checking mechanisms.\n\nCamera Connect does not use the RTree extension, so this vulnerability is not applicable. Even if the extension is pre-sent, the controlled database environment significantly reduces risk.",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2017-10989"
},
{
"cve": "CVE-2016-6153",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "description",
"text": "os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other im-pact by leveraging use of the current working directory for temporary files.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2016-6153 ",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6153"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n- ABB Ability Camera Connect 2.0.0.49.\nThe easiest path to mitigate the problem is an update of ABB Ability Camera Connect system by the customer. ABB recommends that customers apply the update at earliest convenience.\n",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "This vulnerability affects temporary file handling on Unix-based systems:\n- Windows Deployment: Camera Connect is primarily deployed on Windows operating systems in industrial environments (note: the vulnerability description specifically references os_unix.c). Windows-based deployments are not affected by this Unix-specific implementation issue.\n- Local Access Required: The CVE describes \"local users\" as the threat actors, requiring authenticated local sys-tem access. In OT environments, local system access is restricted to authorized administrators.\n- Temporary File Usage: The vulnerability relates to temporary file creation. Modern SQLite versions and Camera Connect\u0027s configuration may specify explicit temporary directory locations rather than relying on the de-fault search algorithm.\n- File System Permissions: Windows operating systems used in industrial environments typically implement proper file system permissions and user access controls.\n- Sensitive Information Exposure: Any sensitive information in temporary files would be limited to transient database operations and would not include long-term sensitive data.\n\nThe Unix-specific nature of this vulnerability and Camera Connect\u0027s typical deployment on Windows systems significantly reduces applicability.\n",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.9,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.9,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2016-6153"
},
{
"cve": "CVE-2015-6607",
"notes": [
{
"category": "description",
"text": "SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows attackers to gain privileges via a crafted application, aka internal bug 20099586.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2015-6607 ",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-6607"
},
{
"category": "external",
"summary": "NVD CVSS v2.0 Calculator\n- CVSS v2.0 Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P\n- CVSS v2.0 Base Score : 6.8 ",
"url": "https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n- ABB Ability Camera Connect 2.0.0.49.\nThe easiest path to mitigate the problem is an update of ABB Ability Camera Connect system by the customer. ABB recommends that customers apply the update at earliest convenience.\n",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "This vulnerability is specific to Android environments:\n- Platform-Specific: This CVE specifically affects Android operating systems (before version 5.1.1 LMY48T). Camera Connect is a Windows-based application for industrial environments, not an Android mobile application.\n- Different Attack Surface: The vulnerability involves Android\u0027s application sandbox and privilege model, which is fundamentally different from Windows desktop application security.\n- Application Context: As noted in the CVE description, it\u0027s \"internal bug 20099586\" - an Android-specific internal vulnerability in how Android handled SQLite.\n- Non-Applicable Platform: Since Camera Connect operates on Windows systems in OT environments rather than Android mobile devices, this CVE does not apply to Camera Connect deployments.\n\nThis CVE is effectively not relevant to Camera Connect due to platform incompatibility.",
"product_ids": [
"AV1"
]
}
],
"title": "CVE-2015-6607"
},
{
"cve": "CVE-2015-5895",
"notes": [
{
"category": "description",
"text": "Multiple unspecified vulnerabilities in SQLite before 3.8.10.2, as used in Apple iOS before 9, have unknown impact and attack vectors.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2015-5895 ",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5895"
},
{
"category": "external",
"summary": "NVD CVSS v2.0 Calculator \n- CVSS v2.0 Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C\n- CVSS v2.0 Base Score : 10 ",
"url": "https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n- ABB Ability Camera Connect 2.0.0.49.\nThe easiest path to mitigate the problem is an update of ABB Ability Camera Connect system by the customer. ABB recommends that customers apply the update at earliest convenience.\n",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "This CVE has limited public information:\n- Platform-Specific Context: these vulnerabilities were identified and fixed in the context of mobile iOS devices. Camera Connect operates on Windows platforms in industrial environments.\n- Unspecified Details: The CVE notes \"unspecified vulnerabilities\" with \"unknown impact and attack vectors,\" suggesting these may be vendor-specific issues in Apple\u0027s SQLite implementation or integration rather than core SQLite vulnerabilities.\n- Mobile vs. Desktop: iOS and desktop Windows environments have fundamentally different security models, application sandboxing, and attack surfaces.\n- Apple-Specific Fixes: These vulnerabilities were addressed in iOS 9 through Apple-specific patches, which may have included iOS-specific security hardening rather than core SQLite fixes.\n- Limited Applicability: Without specific attack vector information, and given the iOS-specific context, there is insufficient evidence that these vulnerabilities affect Camera Connect on Windows platforms.\n\nThe mobile platform-specific nature and lack of detailed vulnerability information make risk assessment and mitigation difficult, but the platform differences suggest limited applicability.\n",
"product_ids": [
"AV1"
]
}
],
"title": "CVE-2015-5895"
},
{
"cve": "CVE-2015-3717",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "description",
"text": "Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2015-3717 ",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3717"
},
{
"category": "external",
"summary": "NVD CVSS v2.0 Calculator\n- CVSS v2.0 Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P\n- CVSS v2.0 Base Score : 7.5 ",
"url": "https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P)"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n- ABB Ability Camera Connect 2.0.0.49.\nThe easiest path to mitigate the problem is an update of ABB Ability Camera Connect system by the customer. ABB recommends that customers apply the update at earliest convenience.\n",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "This vulnerability affects printf functionality in Apple platforms:\n- Apple Platform Context: The CVE specifically references Apple iOS and OS X implementations. Camera Connect runs on Windows operating systems, which may have different SQLite implementations and security controls.\n- Printf Functionality: The vulnerability is in printf functionality, which is internal string formatting. Camera Connect uses parameterized database queries and typed data operations, limiting exposure to format string vulnerabilities.\n- Remote Attackers: The CVE mentions \"remote attackers,\" but Camera Connect operates in isolated ISA-95 Level 2 networks with no direct remote access from the internet.\n- Apple-Specific Fixes: The vulnerability was addressed through Apple platform-specific security updates, which may have included platform-specific protections not present in or needed for Windows deployments.\n- String Handling: Modern development practices in Camera Connect likely use safe string handling APIs and input validation that reduce exposure to buffer overflow conditions.\n\nThe Apple platform-specific nature of this CVE and Camera Connect\u0027s Windows deployment environment suggest limited cross-platform applicability.\n",
"product_ids": [
"AV1"
]
}
],
"title": "CVE-2015-3717"
},
{
"cve": "CVE-2015-3416",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "description",
"text": "The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer over-flow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2015-3416 ",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3416"
},
{
"category": "external",
"summary": "NVD CVSS v2.0 Calculator\n- CVSS v2.0 Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P\n- CVSS v2.0 Base Score : 7.5 ",
"url": "https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P)"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n- ABB Ability Camera Connect 2.0.0.49.\nThe easiest path to mitigate the problem is an update of ABB Ability Camera Connect system by the customer. ABB recommends that customers apply the update at earliest convenience.\n",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "This vulnerability involves printf-style formatting in SQL SELECT statements:\n- Query Control: The vulnerability requires crafting specific printf function calls with very large integer precision/width values within SELECT statements. Camera Connect\u0027s SQL queries are generated by the application code, not provided directly by untrusted users.\n- Input Validation: Any user inputs that influence query parameters undergo validation and sanitization before being incorporated into SQL statements, limiting the ability to inject malicious printf patterns.\n- Parameterized Queries: Camera Connect uses parameterized queries and prepared statements where possible, reducing exposure to SQL injection vectors that could be used to introduce malicious printf calls.\n- Limited printf Usage: The vulnerability specifically affects printf-style formatting functions in SQLite. Camera Connect\u0027s typical query patterns do not extensively use printf-style formatting operations.\n- Stack Overflow Detection: Modern compiler protections (stack canaries, ASLR) and operating system safe-guards provide additional defense-in-depth against stack-based buffer overflow exploitation.\n\nThe controlled nature of SQL query generation in Camera Connect, combined with input validation and parameterized query usage, significantly reduces the practical exploitability of this vulnerability in production deployments.",
"product_ids": [
"AV1"
]
}
],
"title": "CVE-2015-3416"
},
{
"cve": "CVE-2015-3415",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "description",
"text": "The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0\u0026O\u003eO) in a CREATE TABLE statement.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2015-3415 ",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3415"
},
{
"category": "external",
"summary": "NVD CVSS v2.0 Calculator\n- CVSS v2.0 Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P\n- CVSS v2.0 Base Score : 7.5 ",
"url": "https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P)"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n- ABB Ability Camera Connect 2.0.0.49.\nThe easiest path to mitigate the problem is an update of ABB Ability Camera Connect system by the customer. ABB recommends that customers apply the update at earliest convenience.\n",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "This vulnerability involves malformed CHECK constraints that can trigger improper resource release behavior (CWE-404):\n- CHECK Constraint: The vulnerability requires a malformed CHECK constraint in a CREATE TABLE statement, such as CHECK(0\u0026O\u003eO). CHECK constraints are part of database schema definition, not runtime queries.\n- DDL Access Required: Creating or modifying tables with CHECK constraints requires database administrative privileges and DDL access, which is not available to normal Camera Connect users.\n- Schema Validation: Camera Connect\u0027s database schema is established during installation and undergoes vali-dation testing. Malformed CHECK constraints would be identified and corrected during development.\n- Static Schema: Camera Connect uses a predefined database schema that is not dynamically generated or modified during normal operation. New table creation does not occur during runtime.\n- Development Detection: The specific CHECK constraint pattern (bitwise operation in comparison) is clearly malformed and would be detected by code review and database testing procedures.\n- DoS Containment: Even if triggered, impact is typically process-level instability (invalid free/crash). OT deployments mitigate this with service monitoring, restart policies, and incident response procedures.\n\nThe requirement for schema-level modification access and the static nature of Camera Connect\u0027s database design effectively eliminate this vulnerability in deployed systems.\n",
"product_ids": [
"AV1"
]
}
],
"title": "CVE-2015-3415"
},
{
"cve": "CVE-2025-6965",
"cwe": {
"id": "CWE-197",
"name": "Numeric Truncation Error"
},
"notes": [
{
"category": "description",
"text": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2025-6965 ",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965"
},
{
"category": "external",
"summary": "FIRST CVSS v4.0 Calculator \n- CVSS v4.0 Vector : AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/S:N/AU:N/R:U/V:D/RE:L/U:Green\n- CVSS v4.0 Base Score : 7.2 ",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/S:N/AU:N/R:U/V:D/RE:L/U:Green"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n- ABB Ability Camera Connect 2.0.0.49.\nThe easiest path to mitigate the problem is an update of ABB Ability Camera Connect system by the customer. ABB recommends that customers apply the update at earliest convenience.\n",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "Camera Connect is deployed as an OT solution typically operating in ISA-95 Level 2 (control/supervisory level) environments. This deployment architecture provides inherent risk mitigation:\n- Network Segmentation: The solution operates within isolated industrial control networks, separated from IT networks and the internet by firewalls and demilitarized zones (DMZs).\n- Access Control: Access to the Camera Connect system is restricted to authorized plant operators and maintenance personnel through role-based access controls and authentication mechanisms.\n- Limited Attack Surface: The CVSS v4.0 vector indicates Network attack vector (AV:N), High attack complexity (AC:H), and requires Low privileges (PR:L), significantly reducing the likelihood of exploitation in a controlled OT environment.\n- Physical Security: Level 2 systems are typically located in secure facilities with physical access controls.\n- Operational Monitoring: Industrial environments maintain operational monitoring that can detect anomalous behavior.\n\nGiven these factors, successful exploitation would require an authenticated attacker with specific knowledge of the system, positioned within the control network, making this vulnerability Low risk in properly segmented OT deployments.\n",
"product_ids": [
"AV1"
]
}
],
"title": "CVE-2025-6965"
},
{
"cve": "CVE-2025-3277",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "An integer overflow can be triggered in SQLite\u0027s concat_ws() function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild heap buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2025-3277 ",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3277"
},
{
"category": "external",
"summary": "FIRST CVSS v4.0 Calculator\n- CVSS v4.0 Vector : AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L\n- CVSS v4.0 Base Score : 6.9 ",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n- ABB Ability Camera Connect 2.0.0.49.\nThe easiest path to mitigate the problem is an update of ABB Ability Camera Connect system by the customer. ABB recommends that customers apply the update at earliest convenience.\n",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "While this vulnerability has a CVSS v4.0 score of 6.9 and theoretically allows arbitrary code execution, Camera Connect\u0027s deployment model provides significant protection:\n- Function-Specific Vulnerability: The vulnerability requires specific use of the concat_ws() SQL function, which is not utilized in Camera Connect\u0027s standard database operations.\n- Input Validation: Camera Connect implements input validation and sanitization mechanisms that limit the ability to craft malicious SQL queries.\n- Network Isolation: As an ISA-95 Level 2 OT solution, Camera Connect operates within protected industrial networks with limited external connectivity.\n- Authenticated Access Required: Database operations in Camera Connect require user authentication and are performed within the context of the application\u0027s business logic rather than through direct user-supplied SQL.\n- Memory Protection: Modern operating systems deployed in industrial environments typically include memory protection mechanisms (DEP, ASLR) that make heap exploitation more difficult.\n\nThe risk is further reduced by operational procedures requiring change management and validation testing before any modifications to the system configuration or database queries.",
"product_ids": [
"AV1"
]
}
],
"title": "CVE-2025-3277"
}
]
}
Summary
B&R Automation Studio Update of SQLite version
Notes
Summary: ABB became aware of vulnerability in the product versions listed as affected in the advisory. An update is available that replaces an outdated third-party component.
Although no successful exploitation was observed during testing of the affected B&R products, the identified vulnerabilities could present potential attack vectors that might enable unauthorized access, data exposure, or remote code execution.
Support: For additional instructions and support please contact your local B&R service organization. For contact information, see https://www.br-automation.com/en/about-us/locations/.
Information about ABB’s cyber security program and capabilities can be found at www.abb.com/cybersecurity.
Notice: The information in this document is subject to change without notice, and should not be construed as a commitment by B&R.
B&R provides no warranty, express or implied, including warranties of merchantability and fitness for a particular purpose, for the information contained in this document, and assumes no responsibility for any errors that may appear in this document. In no event shall B&R or any of its suppliers be liable for direct, indirect, special, incidental or consequential damages of any nature or kind arising from the use of this document, or from the use of any hardware or software described in this document, even if B&R or its suppliers have been advised of the possibility of such damages.
This document and parts hereof must not be reproduced or copied without written permission from B&R, and the contents hereof must not be imparted to a third party nor used for any unauthorized purpose.
All rights to registrations and trademarks reside with their respective owners.
General security recommendations: For any installation of software related ABB products we strongly recommend the following (non-exhaustive) list of cyber security practices:
– Isolate special purpose networks (e.g. for automation systems) and remote devices behind firewalls and separate them from any general purpose network (e.g. office or home networks).
– Install physical controls so no unauthorized personnel can access your devices, components, peripheral equipment, and networks.
– Never connect programming software or computers containing programing software to any network other than the network for the devices that it is intended for.
– Scan all data imported into your environment before use to detect potential malware infections.
– Minimize network exposure for all applications and endpoints to ensure that they are not accessible from the Internet unless they are designed for such exposure and the intended use requires such.
– Ensure all nodes are always up to date in terms of installed software, operating system, and firmware patches as well as anti-virus and firewall.
– When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Recognize that VPNs may have vulnerabilities and should be updated to the most current version available. Also, understand that VPNs are only as secure as the connected devices.
More information on recommended practices can be found in the following documents:
Defense in Depth for B&R products - https://www.br-automation.com/fileadmin/Cyber_Security_-_Defense_in_Depth_for_BR_Products-bdd37e82.pdf
Purpose: B&R has a rigorous internal cyber security continuous improvement process which involves regular testing with industry leading tools and periodic assessments to identify potential product issues. Occasionally an issue is determined to be a design or coding flaw with implications that may impact product cyber security.
When a potential product vulnerability is identified or reported, B&R immediately initiates our vulnerability handling process. This entails validating if the issue is in fact a product issue, identifying root causes, determining what related products may be impacted, developing a remediation, and notifying end users and governmental organizations.
The resulting Cyber Security Advisory intends to notify customers of the vulnerability and provide details on which products are impacted, how to mitigate the vulnerability or explain workarounds that minimize the potential risk as much as possible. The release of a Cyber Security Advisory should not be misconstrued as an affirmation or indication of an active threat or ongoing campaign targeting the products mentioned here. If B&R is aware of any specific threats, it will be clearly mentioned in the communication.
The publication of this Cyber Security Advisory is an example of B&R’s commitment to the user community in support of this critical topic. Responsible disclosure is an important element in the chain of trust we work to maintain with our many customers. The release of an Advisory provides timely information which is essential to help ensure our customers are fully informed.
There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue.
9.8 (Critical)
Vendor Fix
The problem is corrected in the following product versions:
B&R Automation Studio 6.5
B&R recommends that customers apply the update at earliest convenience.
The process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.
Mitigation
Refer to section “General security recommendations” for advice on how to keep your system secure.
An integer overflow vulnerability exists in SQLite's concat_ws() function that can lead to a massive heap buffer overflow. When triggered, the integer overflow results in a truncated size value being used for buffer allocation, while the original untruncated size is used for writing the resulting string, causing a heap buffer overflow of approximately 4GB.
9.8 (Critical)
Vendor Fix
The problem is corrected in the following product versions:
B&R Automation Studio 6.5
B&R recommends that customers apply the update at earliest convenience.
The process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.
Mitigation
Refer to section “General security recommendations” for advice on how to keep your system secure.
A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow.
CWE-122 - Heap-based Buffer Overflow
Vendor Fix
The problem is corrected in the following product versions:
B&R Automation Studio 6.5
B&R recommends that customers apply the update at earliest convenience.
The process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.
Mitigation
Refer to section “General security recommendations” for advice on how to keep your system secure.
SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Vendor Fix
The problem is corrected in the following product versions:
B&R Automation Studio 6.5
B&R recommends that customers apply the update at earliest convenience.
The process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.
Mitigation
Refer to section “General security recommendations” for advice on how to keep your system secure.
In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.
CWE-787 - Out-of-bounds Write
Vendor Fix
The problem is corrected in the following product versions:
B&R Automation Studio 6.5
B&R recommends that customers apply the update at earliest convenience.
The process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.
Mitigation
Refer to section “General security recommendations” for advice on how to keep your system secure.
There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue.
CWE-476 - NULL Pointer Dereference
Vendor Fix
The problem is corrected in the following product versions:
B&R Automation Studio 6.5
B&R recommends that customers apply the update at earliest convenience.
The process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.
Mitigation
Refer to section “General security recommendations” for advice on how to keep your system secure.
SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.
CWE-286 - Incorrect User Management
Vendor Fix
The problem is corrected in the following product versions:
B&R Automation Studio 6.5
B&R recommends that customers apply the update at earliest convenience.
The process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.
Mitigation
Refer to section “General security recommendations” for advice on how to keep your system secure.
ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.
CWE-416 - Use After Free
Vendor Fix
The problem is corrected in the following product versions:
B&R Automation Studio 6.5
B&R recommends that customers apply the update at earliest convenience.
The process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.
Mitigation
Refer to section “General security recommendations” for advice on how to keep your system secure.
SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.
CWE-476 - NULL Pointer Dereference
Vendor Fix
The problem is corrected in the following product versions:
B&R Automation Studio 6.5
B&R recommends that customers apply the update at earliest convenience.
The process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.
Mitigation
Refer to section “General security recommendations” for advice on how to keep your system secure.
SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.
CWE-190 - Integer Overflow or Wraparound
Vendor Fix
The problem is corrected in the following product versions:
B&R Automation Studio 6.5
B&R recommends that customers apply the update at earliest convenience.
The process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.
Mitigation
Refer to section “General security recommendations” for advice on how to keep your system secure.
In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.
CWE-416 - Use After Free
Vendor Fix
The problem is corrected in the following product versions:
B&R Automation Studio 6.5
B&R recommends that customers apply the update at earliest convenience.
The process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.
Mitigation
Refer to section “General security recommendations” for advice on how to keep your system secure.
SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
CWE-754 - Improper Check for Unusual or Exceptional Conditions
Vendor Fix
The problem is corrected in the following product versions:
B&R Automation Studio 6.5
B&R recommends that customers apply the update at earliest convenience.
The process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.
Mitigation
Refer to section “General security recommendations” for advice on how to keep your system secure.
pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.
9.8 (Critical)
Vendor Fix
The problem is corrected in the following product versions:
B&R Automation Studio 6.5
B&R recommends that customers apply the update at earliest convenience.
The process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.
Mitigation
Refer to section “General security recommendations” for advice on how to keep your system secure.
alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.
CWE-674 - Uncontrolled Recursion
Vendor Fix
The problem is corrected in the following product versions:
B&R Automation Studio 6.5
B&R recommends that customers apply the update at earliest convenience.
The process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.
Mitigation
Refer to section “General security recommendations” for advice on how to keep your system secure.
SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.
9.8 (Critical)
Vendor Fix
The problem is corrected in the following product versions:
B&R Automation Studio 6.5
B&R recommends that customers apply the update at earliest convenience.
The process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.
Mitigation
Refer to section “General security recommendations” for advice on how to keep your system secure.
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allow-ing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.
CWE-190 - Integer Overflow or Wraparound
Vendor Fix
The problem is corrected in the following product versions:
B&R Automation Studio 6.5
B&R recommends that customers apply the update at earliest convenience.
The process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.
Mitigation
Refer to section “General security recommendations” for advice on how to keep your system secure.
SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).
CWE-20 - Improper Input Validation
Vendor Fix
The problem is corrected in the following product versions:
B&R Automation Studio 6.5
B&R recommends that customers apply the update at earliest convenience.
The process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.
Mitigation
Refer to section “General security recommendations” for advice on how to keep your system secure.
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.
CWE-190 - Integer Overflow or Wraparound
Vendor Fix
The problem is corrected in the following product versions:
B&R Automation Studio 6.5
B&R recommends that customers apply the update at earliest convenience.
The process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.
Mitigation
Refer to section “General security recommendations” for advice on how to keep your system secure.
In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.
CWE-476 - NULL Pointer Dereference
Vendor Fix
The problem is corrected in the following product versions:
B&R Automation Studio 6.5
B&R recommends that customers apply the update at earliest convenience.
The process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.
Mitigation
Refer to section “General security recommendations” for advice on how to keep your system secure.
The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mis-handles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly un-specified other impact.
9.8 (Critical)
Vendor Fix
The problem is corrected in the following product versions:
B&R Automation Studio 6.5
B&R recommends that customers apply the update at earliest convenience.
The process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.
Mitigation
Refer to section “General security recommendations” for advice on how to keep your system secure.
There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue.
CWE-20 - Improper Input Validation
Vendor Fix
The problem is corrected in the following product versions:
B&R Automation Studio 6.5
B&R recommends that customers apply the update at earliest convenience.
The process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.
Mitigation
Refer to section “General security recommendations” for advice on how to keep your system secure.
SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows attackers to gain privileges via a crafted application, aka internal bug 20099586.
CWE-286 - Incorrect User Management
Vendor Fix
The problem is corrected in the following product versions:
B&R Automation Studio 6.5
B&R recommends that customers apply the update at earliest convenience.
The process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.
Mitigation
Refer to section “General security recommendations” for advice on how to keep your system secure.
Multiple unspecified vulnerabilities in SQLite before 3.8.10.2, as used in Apple iOS before 9, have unknown im-pact and attack vectors.
9.8 (Critical)
Vendor Fix
The problem is corrected in the following product versions:
B&R Automation Studio 6.5
B&R recommends that customers apply the update at earliest convenience.
The process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.
Mitigation
Refer to section “General security recommendations” for advice on how to keep your system secure.
Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via un-specified vectors.
CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Vendor Fix
The problem is corrected in the following product versions:
B&R Automation Studio 6.5
B&R recommends that customers apply the update at earliest convenience.
The process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.
Mitigation
Refer to section “General security recommendations” for advice on how to keep your system secure.
The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.
CWE-190 - Integer Overflow or Wraparound
Vendor Fix
The problem is corrected in the following product versions:
B&R Automation Studio 6.5
B&R recommends that customers apply the update at earliest convenience.
The process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.
Mitigation
Refer to section “General security recommendations” for advice on how to keep your system secure.
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "ABB became aware of vulnerability in the product versions listed as affected in the advisory. An update is available that replaces an outdated third-party component.\n\nAlthough no successful exploitation was observed during testing of the affected B\u0026R products, the identified vulnerabilities could present potential attack vectors that might enable unauthorized access, data exposure, or remote code execution.\n",
"title": "Summary"
},
{
"category": "other",
"text": "For additional instructions and support please contact your local B\u0026R service organization. For contact information, see https://www.br-automation.com/en/about-us/locations/.\n\nInformation about ABB\u2019s cyber security program and capabilities can be found at www.abb.com/cybersecurity.\n\n",
"title": "Support"
},
{
"category": "legal_disclaimer",
"text": "The information in this document is subject to change without notice, and should not be construed as a commitment by B\u0026R.\n\nB\u0026R provides no warranty, express or implied, including warranties of merchantability and fitness for a particular purpose, for the information contained in this document, and assumes no responsibility for any errors that may appear in this document. In no event shall B\u0026R or any of its suppliers be liable for direct, indirect, special, incidental or consequential damages of any nature or kind arising from the use of this document, or from the use of any hardware or software described in this document, even if B\u0026R or its suppliers have been advised of the possibility of such damages.\n\nThis document and parts hereof must not be reproduced or copied without written permission from B\u0026R, and the contents hereof must not be imparted to a third party nor used for any unauthorized purpose.\n\nAll rights to registrations and trademarks reside with their respective owners.",
"title": "Notice"
},
{
"category": "other",
"text": "For any installation of software related ABB products we strongly recommend the following (non-exhaustive) list of cyber security practices:\n\n\u2013 Isolate special purpose networks (e.g. for automation systems) and remote devices behind firewalls and separate them from any general purpose network (e.g. office or home networks).\n\n\u2013 Install physical controls so no unauthorized personnel can access your devices, components, peripheral equipment, and networks.\n\n\u2013 Never connect programming software or computers containing programing software to any network other than the network for the devices that it is intended for.\n\n\u2013 Scan all data imported into your environment before use to detect potential malware infections.\n\n\u2013 Minimize network exposure for all applications and endpoints to ensure that they are not accessible from the Internet unless they are designed for such exposure and the intended use requires such.\n\n\u2013 Ensure all nodes are always up to date in terms of installed software, operating system, and firmware patches as well as anti-virus and firewall.\n\n\u2013 When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Recognize that VPNs may have vulnerabilities and should be updated to the most current version available. Also, understand that VPNs are only as secure as the connected devices.\n\nMore information on recommended practices can be found in the following documents:\n\nDefense in Depth for B\u0026R products - https://www.br-automation.com/fileadmin/Cyber_Security_-_Defense_in_Depth_for_BR_Products-bdd37e82.pdf\n",
"title": "General security recommendations"
},
{
"category": "other",
"text": "B\u0026R has a rigorous internal cyber security continuous improvement process which involves regular testing with industry leading tools and periodic assessments to identify potential product issues. Occasionally an issue is determined to be a design or coding flaw with implications that may impact product cyber security.\n\nWhen a potential product vulnerability is identified or reported, B\u0026R immediately initiates our vulnerability handling process. This entails validating if the issue is in fact a product issue, identifying root causes, determining what related products may be impacted, developing a remediation, and notifying end users and governmental organizations.\n\nThe resulting Cyber Security Advisory intends to notify customers of the vulnerability and provide details on which products are impacted, how to mitigate the vulnerability or explain workarounds that minimize the potential risk as much as possible. The release of a Cyber Security Advisory should not be misconstrued as an affirmation or indication of an active threat or ongoing campaign targeting the products mentioned here. If B\u0026R is aware of any specific threats, it will be clearly mentioned in the communication.\n\nThe publication of this Cyber Security Advisory is an example of B\u0026R\u2019s commitment to the user community in support of this critical topic. Responsible disclosure is an important element in the chain of trust we work to maintain with our many customers. The release of an Advisory provides timely information which is essential to help ensure our customers are fully informed.",
"title": "Purpose"
}
],
"publisher": {
"category": "vendor",
"name": "ABB PSIRT",
"namespace": "https://www.abb.com/global/en/company/about/cybersecurity/alerts-and-notifications"
},
"references": [
{
"category": "self",
"summary": "ABB CYBERSECURITY ADVISORY - PDF Version ",
"url": "https://www.br-automation.com/fileadmin/SA25P007-097a386d.pdf"
},
{
"category": "self",
"summary": "ABB CYBERSECURITY ADVISORY - CSAF Version ",
"url": "https://psirt.abb.com/csaf/2026/sa25p007.json"
}
],
"title": "B\u0026R Automation Studio Update of SQLite version",
"tracking": {
"current_release_date": "2026-02-18T00:30:00.000Z",
"generator": {
"date": "2026-02-18T11:44:03.289Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.43"
}
},
"id": "SA25P007",
"initial_release_date": "2026-02-18T00:30:00.000Z",
"revision_history": [
{
"date": "2026-02-18T00:30:00.000Z",
"legacy_version": "A",
"number": "1",
"summary": "Initial version."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.5",
"product": {
"name": "ABB B\u0026R Automation Studio \u003c6.5",
"product_id": "AV1"
}
},
{
"category": "product_version",
"name": "6.5",
"product": {
"name": "ABB B\u0026R Automation Studio 6.5",
"product_id": "FX1"
}
}
],
"category": "product_name",
"name": "B\u0026R Automation Studio"
}
],
"category": "vendor",
"name": "ABB"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-6965",
"cwe": {
"id": "CWE-197",
"name": "Numeric Truncation Error"
},
"notes": [
{
"category": "description",
"text": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2025-6965",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n\nB\u0026R Automation Studio 6.5\n\nB\u0026R recommends that customers apply the update at earliest convenience.\n\nThe process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "Refer to section \u201cGeneral security recommendations\u201d for advice on how to keep your system secure.",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2025-6965"
},
{
"cve": "CVE-2025-3277",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "An integer overflow vulnerability exists in SQLite\u0027s concat_ws() function that can lead to a massive heap buffer overflow. When triggered, the integer overflow results in a truncated size value being used for buffer allocation, while the original untruncated size is used for writing the resulting string, causing a heap buffer overflow of approximately 4GB.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2025-3277",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3277"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n\nB\u0026R Automation Studio 6.5\n\nB\u0026R recommends that customers apply the update at earliest convenience.\n\nThe process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "Refer to section \u201cGeneral security recommendations\u201d for advice on how to keep your system secure.",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2025-3277"
},
{
"cve": "CVE-2023-7104",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2023-7104",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-7104"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n\nB\u0026R Automation Studio 6.5\n\nB\u0026R recommends that customers apply the update at earliest convenience.\n\nThe process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "Refer to section \u201cGeneral security recommendations\u201d for advice on how to keep your system secure.",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"environmentalScore": 6.6,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2023-7104"
},
{
"cve": "CVE-2022-35737",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "description",
"text": "SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2022-35737",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35737"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n\nB\u0026R Automation Studio 6.5\n\nB\u0026R recommends that customers apply the update at earliest convenience.\n\nThe process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "Refer to section \u201cGeneral security recommendations\u201d for advice on how to keep your system secure.",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 6.7,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2022-35737"
},
{
"cve": "CVE-2020-15358",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2020-15358",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15358"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n\nB\u0026R Automation Studio 6.5\n\nB\u0026R recommends that customers apply the update at earliest convenience.\n\nThe process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "Refer to section \u201cGeneral security recommendations\u201d for advice on how to keep your system secure.",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2020-15358"
},
{
"cve": "CVE-2020-13632",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2020-13632",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13632"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n\nB\u0026R Automation Studio 6.5\n\nB\u0026R recommends that customers apply the update at earliest convenience.\n\nThe process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "Refer to section \u201cGeneral security recommendations\u201d for advice on how to keep your system secure.",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.0"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2020-13632"
},
{
"cve": "CVE-2020-13631",
"cwe": {
"id": "CWE-286",
"name": "Incorrect User Management"
},
"notes": [
{
"category": "description",
"text": "SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2020-13631",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13631"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n\nB\u0026R Automation Studio 6.5\n\nB\u0026R recommends that customers apply the update at earliest convenience.\n\nThe process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "Refer to section \u201cGeneral security recommendations\u201d for advice on how to keep your system secure.",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2020-13631"
},
{
"cve": "CVE-2020-13630",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2020-13630",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13630"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n\nB\u0026R Automation Studio 6.5\n\nB\u0026R recommends that customers apply the update at earliest convenience.\n\nThe process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "Refer to section \u201cGeneral security recommendations\u201d for advice on how to keep your system secure.",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 6.3,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.0"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2020-13630"
},
{
"cve": "CVE-2020-13435",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2020-13435",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13435"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n\nB\u0026R Automation Studio 6.5\n\nB\u0026R recommends that customers apply the update at earliest convenience.\n\nThe process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "Refer to section \u201cGeneral security recommendations\u201d for advice on how to keep your system secure.",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 6.7,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2020-13435"
},
{
"cve": "CVE-2020-13434",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "description",
"text": "SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2020-13434",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13434"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n\nB\u0026R Automation Studio 6.5\n\nB\u0026R recommends that customers apply the update at earliest convenience.\n\nThe process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "Refer to section \u201cGeneral security recommendations\u201d for advice on how to keep your system secure.",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.0"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2020-13434"
},
{
"cve": "CVE-2020-11656",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2020-11656",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11656"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n\nB\u0026R Automation Studio 6.5\n\nB\u0026R recommends that customers apply the update at earliest convenience.\n\nThe process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "Refer to section \u201cGeneral security recommendations\u201d for advice on how to keep your system secure.",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 6.7,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2020-11656"
},
{
"cve": "CVE-2020-11655",
"cwe": {
"id": "CWE-754",
"name": "Improper Check for Unusual or Exceptional Conditions"
},
"notes": [
{
"category": "description",
"text": "SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object\u0027s initialization is mishandled.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2020-11655",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11655"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n\nB\u0026R Automation Studio 6.5\n\nB\u0026R recommends that customers apply the update at earliest convenience.\n\nThe process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "Refer to section \u201cGeneral security recommendations\u201d for advice on how to keep your system secure.",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 6.7,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2020-11655"
},
{
"cve": "CVE-2019-19646",
"cwe": {
"id": "CWE-754",
"name": "Improper Check for Unusual or Exceptional Conditions"
},
"notes": [
{
"category": "description",
"text": "pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2019-19646",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19646"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n\nB\u0026R Automation Studio 6.5\n\nB\u0026R recommends that customers apply the update at earliest convenience.\n\nThe process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "Refer to section \u201cGeneral security recommendations\u201d for advice on how to keep your system secure.",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2019-19646"
},
{
"cve": "CVE-2019-19645",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "description",
"text": "alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2019-19645",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19645"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n\nB\u0026R Automation Studio 6.5\n\nB\u0026R recommends that customers apply the update at earliest convenience.\n\nThe process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "Refer to section \u201cGeneral security recommendations\u201d for advice on how to keep your system secure.",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2019-19645"
},
{
"cve": "CVE-2019-8457",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2019-8457",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8457"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n\nB\u0026R Automation Studio 6.5\n\nB\u0026R recommends that customers apply the update at earliest convenience.\n\nThe process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "Refer to section \u201cGeneral security recommendations\u201d for advice on how to keep your system secure.",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2019-8457"
},
{
"cve": "CVE-2018-20506",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "description",
"text": "SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a \"merge\" operation that occurs after crafted changes to FTS3 shadow tables, allow-ing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2018-20506",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n\nB\u0026R Automation Studio 6.5\n\nB\u0026R recommends that customers apply the update at earliest convenience.\n\nThe process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "Refer to section \u201cGeneral security recommendations\u201d for advice on how to keep your system secure.",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.3,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 7.3,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.0"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2018-20506"
},
{
"cve": "CVE-2018-20505",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "description",
"text": "SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2018-20505",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20505"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n\nB\u0026R Automation Studio 6.5\n\nB\u0026R recommends that customers apply the update at earliest convenience.\n\nThe process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "Refer to section \u201cGeneral security recommendations\u201d for advice on how to keep your system secure.",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 6.7,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.0"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2018-20505"
},
{
"cve": "CVE-2018-20346",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "description",
"text": "SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2018-20346",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20346"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n\nB\u0026R Automation Studio 6.5\n\nB\u0026R recommends that customers apply the update at earliest convenience.\n\nThe process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "Refer to section \u201cGeneral security recommendations\u201d for advice on how to keep your system secure.",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.3,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 7.3,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.0"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2018-20346"
},
{
"cve": "CVE-2018-8740",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2018-8740",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8740"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n\nB\u0026R Automation Studio 6.5\n\nB\u0026R recommends that customers apply the update at earliest convenience.\n\nThe process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "Refer to section \u201cGeneral security recommendations\u201d for advice on how to keep your system secure.",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 6.7,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.0"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2018-8740"
},
{
"cve": "CVE-2017-10989",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mis-handles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly un-specified other impact.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2017-10989",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10989"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n\nB\u0026R Automation Studio 6.5\n\nB\u0026R recommends that customers apply the update at earliest convenience.\n\nThe process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "Refer to section \u201cGeneral security recommendations\u201d for advice on how to keep your system secure.",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.0"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2017-10989"
},
{
"cve": "CVE-2016-6153",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "description",
"text": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2016-6153",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6153"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n\nB\u0026R Automation Studio 6.5\n\nB\u0026R recommends that customers apply the update at earliest convenience.\n\nThe process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "Refer to section \u201cGeneral security recommendations\u201d for advice on how to keep your system secure.",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2016-6153"
},
{
"cve": "CVE-2015-6607",
"cwe": {
"id": "CWE-286",
"name": "Incorrect User Management"
},
"notes": [
{
"category": "description",
"text": "SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows attackers to gain privileges via a crafted application, aka internal bug 20099586.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2015-6607",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-6607"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n\nB\u0026R Automation Studio 6.5\n\nB\u0026R recommends that customers apply the update at earliest convenience.\n\nThe process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "Refer to section \u201cGeneral security recommendations\u201d for advice on how to keep your system secure.",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"environmentalScore": 3.4,
"environmentalSeverity": "LOW",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.4,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.0"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2015-6607"
},
{
"cve": "CVE-2015-5895",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "description",
"text": "Multiple unspecified vulnerabilities in SQLite before 3.8.10.2, as used in Apple iOS before 9, have unknown im-pact and attack vectors.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2015-5895",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5895"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n\nB\u0026R Automation Studio 6.5\n\nB\u0026R recommends that customers apply the update at earliest convenience.\n\nThe process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "Refer to section \u201cGeneral security recommendations\u201d for advice on how to keep your system secure.",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2015-5895"
},
{
"cve": "CVE-2015-3717",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "description",
"text": "Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via un-specified vectors.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2015-3717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3717"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n\nB\u0026R Automation Studio 6.5\n\nB\u0026R recommends that customers apply the update at earliest convenience.\n\nThe process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "Refer to section \u201cGeneral security recommendations\u201d for advice on how to keep your system secure.",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 6.7,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.0"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2015-3717"
},
{
"cve": "CVE-2015-3416",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "description",
"text": "The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1"
],
"known_affected": [
"AV1"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2015-3416",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3416"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The problem is corrected in the following product versions:\n\nB\u0026R Automation Studio 6.5\n\nB\u0026R recommends that customers apply the update at earliest convenience.\n\nThe process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.",
"product_ids": [
"AV1"
]
},
{
"category": "mitigation",
"details": "Refer to section \u201cGeneral security recommendations\u201d for advice on how to keep your system secure.",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 7,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.0"
},
"products": [
"AV1"
]
}
],
"title": "CVE-2015-3416"
}
]
}
CERTFR-2020-AVI-645
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS | Junos OS NFX Series versions antérieures à 20.2R1 | ||
| Juniper Networks | Junos OS | Junos OS versions antérieures à 12.3R12-S16, 12.3X48-D105, 14.1X53-D53, 15.1R7-S8, 15.1X49-D220, 15.1X53-D593, 16.1R7-S8, 16.2R2-S11, 17.1R2-S11, 17.2R3-S4, 17.2X75-D45, 17.3R3-S9, 17.4R2-S12, 17.4R3-S3, 18.1R3-S10, 18.2R2-S7, 18.2R3S6, 18.2X75-D435, 18.3R1-S7, 18.3R2-S4, 18.3R3-S3, 18.4R1-S7, 18.4R2-S5, 18.4R3-S4, 19.1R1-S5, 19.1R2-S2, 19.1R3-S2, 19.2R1-S5, 19.2R2, 19.3R2-S3, 19.3R3, 19.4R1-S3, 19.4R2-S1, 19.4R3, 20.1R1-S2, 20.1R2, 20.2R1 | ||
| Juniper Networks | Secure Analytics | Juniper Secure Analytics versions antérieures à 7.4.0 | ||
| Juniper Networks | N/A | Juniper Networks Junos Space et Junos Space Security Director versions antérieures à 20.2R1 | ||
| Juniper Networks | Junos OS | Junos OS MX series et EX9200 Series versions antérieures à 17.2R3-S4, 17.2X75-D102, 17.2X75-D110, 17.3R3-S8, 17.4R2-S11, 17.4R3-S2, 18.2R2-S7, 18.2R3, 18.2R3-S3, 18.2X75-D30, 18.3R2-S4, 18.3R3-S2 | ||
| Juniper Networks | Networks Junos OS Evolved | Juniper Networks Junos OS Evolved versions antérieures à 20.1R2-EVO | ||
| Juniper Networks | Junos OS | Junos OS NFX150, SRX1500, SRX4100, SRX4200, vSRX versions antérieures à 15.1X49-D220, 17.4R3-S3, 18.1R3-S11, 18.2R3-S5, 18.3R2-S4, 18.3R3-S3, 18.4R2-S5, 18.4R3-S4, 19.1R3-S2, 19.2R1-S5, 19.2R3 | ||
| Juniper Networks | Junos OS | Junos OS SRX Series versions antérieures à 12.3X48-D90, 15.1X49-D190, 17.4R2-S9, 17.4R3, 18.1R3-S9, 18.2R3, 18.3R1-S7, 18.3R2-S3, 18.3R3, 18.4R1-S6, 18.4R2-S3, 18.4R3, 19.1R1-S4, 19.1R2 | ||
| Juniper Networks | Junos OS | Junos OS MX Series versions antérieures à 17.3R3-S8, 18.3R3-S1, 18.4R3, 19.1R3, 19.2R2, 19.3R3 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Junos OS NFX Series versions ant\u00e9rieures \u00e0 20.2R1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 12.3R12-S16, 12.3X48-D105, 14.1X53-D53, 15.1R7-S8, 15.1X49-D220, 15.1X53-D593, 16.1R7-S8, 16.2R2-S11, 17.1R2-S11, 17.2R3-S4, 17.2X75-D45, 17.3R3-S9, 17.4R2-S12, 17.4R3-S3, 18.1R3-S10, 18.2R2-S7, 18.2R3S6, 18.2X75-D435, 18.3R1-S7, 18.3R2-S4, 18.3R3-S3, 18.4R1-S7, 18.4R2-S5, 18.4R3-S4, 19.1R1-S5, 19.1R2-S2, 19.1R3-S2, 19.2R1-S5, 19.2R2, 19.3R2-S3, 19.3R3, 19.4R1-S3, 19.4R2-S1, 19.4R3, 20.1R1-S2, 20.1R2, 20.2R1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Secure Analytics versions ant\u00e9rieures \u00e0 7.4.0",
"product": {
"name": "Secure Analytics",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos Space et Junos Space Security Director versions ant\u00e9rieures \u00e0 20.2R1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS MX series et EX9200 Series versions ant\u00e9rieures \u00e0 17.2R3-S4, 17.2X75-D102, 17.2X75-D110, 17.3R3-S8, 17.4R2-S11, 17.4R3-S2, 18.2R2-S7, 18.2R3, 18.2R3-S3, 18.2X75-D30, 18.3R2-S4, 18.3R3-S2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS Evolved versions ant\u00e9rieures \u00e0 20.1R2-EVO",
"product": {
"name": "Networks Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS NFX150, SRX1500, SRX4100, SRX4200, vSRX versions ant\u00e9rieures \u00e0 15.1X49-D220, 17.4R3-S3, 18.1R3-S11, 18.2R3-S5, 18.3R2-S4, 18.3R3-S3, 18.4R2-S5, 18.4R3-S4, 19.1R3-S2, 19.2R1-S5, 19.2R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS SRX Series versions ant\u00e9rieures \u00e0 12.3X48-D90, 15.1X49-D190, 17.4R2-S9, 17.4R3, 18.1R3-S9, 18.2R3, 18.3R1-S7, 18.3R2-S3, 18.3R3, 18.4R1-S6, 18.4R2-S3, 18.4R3, 19.1R1-S4, 19.1R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS MX Series versions ant\u00e9rieures \u00e0 17.3R3-S8, 18.3R3-S1, 18.4R3, 19.1R3, 19.2R2, 19.3R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-1661",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1661"
},
{
"name": "CVE-2020-7450",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7450"
},
{
"name": "CVE-2015-3416",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3416"
},
{
"name": "CVE-2019-15875",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15875"
},
{
"name": "CVE-2015-3415",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3415"
},
{
"name": "CVE-2019-11478",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11478"
},
{
"name": "CVE-2008-6592",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-6592"
},
{
"name": "CVE-2019-9936",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9936"
},
{
"name": "CVE-2020-1657",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1657"
},
{
"name": "CVE-2020-1682",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1682"
},
{
"name": "CVE-2019-5599",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5599"
},
{
"name": "CVE-2013-7443",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-7443"
},
{
"name": "CVE-2018-8740",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8740"
},
{
"name": "CVE-2015-6607",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6607"
},
{
"name": "CVE-2018-20506",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20506"
},
{
"name": "CVE-2018-20346",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20346"
},
{
"name": "CVE-2015-5895",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5895"
},
{
"name": "CVE-2015-3414",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3414"
},
{
"name": "CVE-2019-11135",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11135"
},
{
"name": "CVE-2020-10188",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10188"
},
{
"name": "CVE-2019-8457",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8457"
},
{
"name": "CVE-2017-13685",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13685"
},
{
"name": "CVE-2019-5018",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5018"
},
{
"name": "CVE-2008-6589",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-6589"
},
{
"name": "CVE-2020-1656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1656"
},
{
"name": "CVE-2019-11479",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11479"
},
{
"name": "CVE-2020-1665",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1665"
},
{
"name": "CVE-2016-6153",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6153"
},
{
"name": "CVE-2015-3717",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3717"
},
{
"name": "CVE-2019-11477",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11477"
},
{
"name": "CVE-2017-15286",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15286"
},
{
"name": "CVE-2020-1660",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1660"
},
{
"name": "CVE-2019-6593",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6593"
},
{
"name": "CVE-2008-6593",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-6593"
},
{
"name": "CVE-2019-16168",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16168"
},
{
"name": "CVE-2008-6590",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-6590"
},
{
"name": "CVE-2019-5610",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5610"
},
{
"name": "CVE-2019-9937",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9937"
},
{
"name": "CVE-2017-10989",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10989"
},
{
"name": "CVE-2020-1662",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1662"
},
{
"name": "CVE-2018-20505",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20505"
}
],
"links": [],
"reference": "CERTFR-2020-AVI-645",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-10-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, une ex\u00e9cution de code\narbitraire et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11055 du 14 octobre 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11055\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11050 du 14 octobre 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11050\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11079 du 14 octobre 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11079\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11053 du 14 octobre 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11053\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11059 du 14 octobre 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11059\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11049 du 14 octobre 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11049\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11046 du 14 octobre 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11046\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11048 du 14 octobre 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11048\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11057 du 14 octobre 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11057\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11054 du 14 octobre 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11054\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11062 du 14 octobre 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11062\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11056 du 14 octobre 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11056\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11045 du 14 octobre 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11045\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11058 du 14 octobre 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11058\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11047 du 14 octobre 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11047\u0026cat=SIRT_1\u0026actp=LIST"
}
]
}
CERTFR-2015-AVI-272
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans Apple iOS. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cp\u003e\u003c/p\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2015-3687",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3687"
},
{
"name": "CVE-2015-3658",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3658"
},
{
"name": "CVE-2015-3686",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3686"
},
{
"name": "CVE-2013-1741",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1741"
},
{
"name": "CVE-2015-1156",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1156"
},
{
"name": "CVE-2015-3685",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3685"
},
{
"name": "CVE-2014-8130",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8130"
},
{
"name": "CVE-2015-3690",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3690"
},
{
"name": "CVE-2014-8129",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8129"
},
{
"name": "CVE-2015-3724",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3724"
},
{
"name": "CVE-2015-3725",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3725"
},
{
"name": "CVE-2015-1152",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1152"
},
{
"name": "CVE-2015-3689",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3689"
},
{
"name": "CVE-2015-3710",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3710"
},
{
"name": "CVE-2015-4000",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4000"
},
{
"name": "CVE-2015-3694",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3694"
},
{
"name": "CVE-2014-8128",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8128"
},
{
"name": "CVE-2015-3719",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3719"
},
{
"name": "CVE-2015-1153",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1153"
},
{
"name": "CVE-2015-3721",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3721"
},
{
"name": "CVE-2015-3684",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3684"
},
{
"name": "CVE-2015-3723",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3723"
},
{
"name": "CVE-2015-3659",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3659"
},
{
"name": "CVE-2015-3688",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3688"
},
{
"name": "CVE-2015-3717",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3717"
},
{
"name": "CVE-2015-3722",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3722"
},
{
"name": "CVE-2015-1155",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1155"
},
{
"name": "CVE-2015-1157",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1157"
},
{
"name": "CVE-2015-3726",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3726"
},
{
"name": "CVE-2014-8127",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8127"
},
{
"name": "CVE-2015-3703",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3703"
},
{
"name": "CVE-2015-3727",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3727"
},
{
"name": "CVE-2015-3728",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3728"
}
],
"links": [],
"reference": "CERTFR-2015-AVI-272",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2015-07-01T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eApple iOS\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple iOS",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple du 30 juin 2015",
"url": "https://support.apple.com/en-us/HT204941"
}
]
}
CERTFR-2020-AVI-645
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS | Junos OS NFX Series versions antérieures à 20.2R1 | ||
| Juniper Networks | Junos OS | Junos OS versions antérieures à 12.3R12-S16, 12.3X48-D105, 14.1X53-D53, 15.1R7-S8, 15.1X49-D220, 15.1X53-D593, 16.1R7-S8, 16.2R2-S11, 17.1R2-S11, 17.2R3-S4, 17.2X75-D45, 17.3R3-S9, 17.4R2-S12, 17.4R3-S3, 18.1R3-S10, 18.2R2-S7, 18.2R3S6, 18.2X75-D435, 18.3R1-S7, 18.3R2-S4, 18.3R3-S3, 18.4R1-S7, 18.4R2-S5, 18.4R3-S4, 19.1R1-S5, 19.1R2-S2, 19.1R3-S2, 19.2R1-S5, 19.2R2, 19.3R2-S3, 19.3R3, 19.4R1-S3, 19.4R2-S1, 19.4R3, 20.1R1-S2, 20.1R2, 20.2R1 | ||
| Juniper Networks | Secure Analytics | Juniper Secure Analytics versions antérieures à 7.4.0 | ||
| Juniper Networks | N/A | Juniper Networks Junos Space et Junos Space Security Director versions antérieures à 20.2R1 | ||
| Juniper Networks | Junos OS | Junos OS MX series et EX9200 Series versions antérieures à 17.2R3-S4, 17.2X75-D102, 17.2X75-D110, 17.3R3-S8, 17.4R2-S11, 17.4R3-S2, 18.2R2-S7, 18.2R3, 18.2R3-S3, 18.2X75-D30, 18.3R2-S4, 18.3R3-S2 | ||
| Juniper Networks | Networks Junos OS Evolved | Juniper Networks Junos OS Evolved versions antérieures à 20.1R2-EVO | ||
| Juniper Networks | Junos OS | Junos OS NFX150, SRX1500, SRX4100, SRX4200, vSRX versions antérieures à 15.1X49-D220, 17.4R3-S3, 18.1R3-S11, 18.2R3-S5, 18.3R2-S4, 18.3R3-S3, 18.4R2-S5, 18.4R3-S4, 19.1R3-S2, 19.2R1-S5, 19.2R3 | ||
| Juniper Networks | Junos OS | Junos OS SRX Series versions antérieures à 12.3X48-D90, 15.1X49-D190, 17.4R2-S9, 17.4R3, 18.1R3-S9, 18.2R3, 18.3R1-S7, 18.3R2-S3, 18.3R3, 18.4R1-S6, 18.4R2-S3, 18.4R3, 19.1R1-S4, 19.1R2 | ||
| Juniper Networks | Junos OS | Junos OS MX Series versions antérieures à 17.3R3-S8, 18.3R3-S1, 18.4R3, 19.1R3, 19.2R2, 19.3R3 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Junos OS NFX Series versions ant\u00e9rieures \u00e0 20.2R1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 12.3R12-S16, 12.3X48-D105, 14.1X53-D53, 15.1R7-S8, 15.1X49-D220, 15.1X53-D593, 16.1R7-S8, 16.2R2-S11, 17.1R2-S11, 17.2R3-S4, 17.2X75-D45, 17.3R3-S9, 17.4R2-S12, 17.4R3-S3, 18.1R3-S10, 18.2R2-S7, 18.2R3S6, 18.2X75-D435, 18.3R1-S7, 18.3R2-S4, 18.3R3-S3, 18.4R1-S7, 18.4R2-S5, 18.4R3-S4, 19.1R1-S5, 19.1R2-S2, 19.1R3-S2, 19.2R1-S5, 19.2R2, 19.3R2-S3, 19.3R3, 19.4R1-S3, 19.4R2-S1, 19.4R3, 20.1R1-S2, 20.1R2, 20.2R1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Secure Analytics versions ant\u00e9rieures \u00e0 7.4.0",
"product": {
"name": "Secure Analytics",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos Space et Junos Space Security Director versions ant\u00e9rieures \u00e0 20.2R1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS MX series et EX9200 Series versions ant\u00e9rieures \u00e0 17.2R3-S4, 17.2X75-D102, 17.2X75-D110, 17.3R3-S8, 17.4R2-S11, 17.4R3-S2, 18.2R2-S7, 18.2R3, 18.2R3-S3, 18.2X75-D30, 18.3R2-S4, 18.3R3-S2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS Evolved versions ant\u00e9rieures \u00e0 20.1R2-EVO",
"product": {
"name": "Networks Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS NFX150, SRX1500, SRX4100, SRX4200, vSRX versions ant\u00e9rieures \u00e0 15.1X49-D220, 17.4R3-S3, 18.1R3-S11, 18.2R3-S5, 18.3R2-S4, 18.3R3-S3, 18.4R2-S5, 18.4R3-S4, 19.1R3-S2, 19.2R1-S5, 19.2R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS SRX Series versions ant\u00e9rieures \u00e0 12.3X48-D90, 15.1X49-D190, 17.4R2-S9, 17.4R3, 18.1R3-S9, 18.2R3, 18.3R1-S7, 18.3R2-S3, 18.3R3, 18.4R1-S6, 18.4R2-S3, 18.4R3, 19.1R1-S4, 19.1R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS MX Series versions ant\u00e9rieures \u00e0 17.3R3-S8, 18.3R3-S1, 18.4R3, 19.1R3, 19.2R2, 19.3R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-1661",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1661"
},
{
"name": "CVE-2020-7450",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7450"
},
{
"name": "CVE-2015-3416",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3416"
},
{
"name": "CVE-2019-15875",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15875"
},
{
"name": "CVE-2015-3415",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3415"
},
{
"name": "CVE-2019-11478",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11478"
},
{
"name": "CVE-2008-6592",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-6592"
},
{
"name": "CVE-2019-9936",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9936"
},
{
"name": "CVE-2020-1657",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1657"
},
{
"name": "CVE-2020-1682",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1682"
},
{
"name": "CVE-2019-5599",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5599"
},
{
"name": "CVE-2013-7443",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-7443"
},
{
"name": "CVE-2018-8740",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8740"
},
{
"name": "CVE-2015-6607",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6607"
},
{
"name": "CVE-2018-20506",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20506"
},
{
"name": "CVE-2018-20346",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20346"
},
{
"name": "CVE-2015-5895",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5895"
},
{
"name": "CVE-2015-3414",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3414"
},
{
"name": "CVE-2019-11135",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11135"
},
{
"name": "CVE-2020-10188",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10188"
},
{
"name": "CVE-2019-8457",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8457"
},
{
"name": "CVE-2017-13685",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13685"
},
{
"name": "CVE-2019-5018",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5018"
},
{
"name": "CVE-2008-6589",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-6589"
},
{
"name": "CVE-2020-1656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1656"
},
{
"name": "CVE-2019-11479",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11479"
},
{
"name": "CVE-2020-1665",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1665"
},
{
"name": "CVE-2016-6153",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6153"
},
{
"name": "CVE-2015-3717",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3717"
},
{
"name": "CVE-2019-11477",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11477"
},
{
"name": "CVE-2017-15286",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15286"
},
{
"name": "CVE-2020-1660",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1660"
},
{
"name": "CVE-2019-6593",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6593"
},
{
"name": "CVE-2008-6593",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-6593"
},
{
"name": "CVE-2019-16168",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16168"
},
{
"name": "CVE-2008-6590",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-6590"
},
{
"name": "CVE-2019-5610",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5610"
},
{
"name": "CVE-2019-9937",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9937"
},
{
"name": "CVE-2017-10989",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10989"
},
{
"name": "CVE-2020-1662",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1662"
},
{
"name": "CVE-2018-20505",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20505"
}
],
"links": [],
"reference": "CERTFR-2020-AVI-645",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-10-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, une ex\u00e9cution de code\narbitraire et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11055 du 14 octobre 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11055\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11050 du 14 octobre 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11050\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11079 du 14 octobre 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11079\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11053 du 14 octobre 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11053\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11059 du 14 octobre 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11059\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11049 du 14 octobre 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11049\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11046 du 14 octobre 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11046\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11048 du 14 octobre 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11048\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11057 du 14 octobre 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11057\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11054 du 14 octobre 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11054\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11062 du 14 octobre 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11062\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11056 du 14 octobre 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11056\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11045 du 14 octobre 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11045\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11058 du 14 octobre 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11058\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11047 du 14 octobre 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11047\u0026cat=SIRT_1\u0026actp=LIST"
}
]
}
CERTFR-2015-AVI-273
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans Apple OSX. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "OS X Mountain Lion versions ant\u00e9rieures \u00e0 v10.8.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "OS X Yosemite versions ant\u00e9rieures \u00e0 v10.10.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "OS X Mavericks versions ant\u00e9rieures \u00e0 v10.9.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2015-3687",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3687"
},
{
"name": "CVE-2015-3686",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3686"
},
{
"name": "CVE-2014-8141",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8141"
},
{
"name": "CVE-2015-3680",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3680"
},
{
"name": "CVE-2015-3676",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3676"
},
{
"name": "CVE-2013-1741",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1741"
},
{
"name": "CVE-2015-3668",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3668"
},
{
"name": "CVE-2015-3679",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3679"
},
{
"name": "CVE-2015-3714",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3714"
},
{
"name": "CVE-2015-3685",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3685"
},
{
"name": "CVE-2014-8130",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8130"
},
{
"name": "CVE-2015-3681",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3681"
},
{
"name": "CVE-2015-3706",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3706"
},
{
"name": "CVE-2015-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0286"
},
{
"name": "CVE-2015-3690",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3690"
},
{
"name": "CVE-2014-8129",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8129"
},
{
"name": "CVE-2015-3682",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3682"
},
{
"name": "CVE-2015-3667",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3667"
},
{
"name": "CVE-2015-3691",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3691"
},
{
"name": "CVE-2015-0288",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0288"
},
{
"name": "CVE-2015-3689",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3689"
},
{
"name": "CVE-2015-3720",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3720"
},
{
"name": "CVE-2015-3700",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3700"
},
{
"name": "CVE-2015-3710",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3710"
},
{
"name": "CVE-2015-4000",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4000"
},
{
"name": "CVE-2015-3695",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3695"
},
{
"name": "CVE-2015-3708",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3708"
},
{
"name": "CVE-2015-3694",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3694"
},
{
"name": "CVE-2014-8139",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8139"
},
{
"name": "CVE-2015-0273",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0273"
},
{
"name": "CVE-2014-8128",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8128"
},
{
"name": "CVE-2015-3719",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3719"
},
{
"name": "CVE-2015-3674",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3674"
},
{
"name": "CVE-2015-1798",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1798"
},
{
"name": "CVE-2015-1799",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1799"
},
{
"name": "CVE-2015-3721",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3721"
},
{
"name": "CVE-2015-3684",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3684"
},
{
"name": "CVE-2015-3677",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3677"
},
{
"name": "CVE-2015-3671",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3671"
},
{
"name": "CVE-2015-3697",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3697"
},
{
"name": "CVE-2015-3666",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3666"
},
{
"name": "CVE-2015-3675",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3675"
},
{
"name": "CVE-2015-3662",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3662"
},
{
"name": "CVE-2015-3688",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3688"
},
{
"name": "CVE-2015-3673",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3673"
},
{
"name": "CVE-2015-3661",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3661"
},
{
"name": "CVE-2015-3701",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3701"
},
{
"name": "CVE-2015-3717",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3717"
},
{
"name": "CVE-2015-3718",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3718"
},
{
"name": "CVE-2015-0293",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0293"
},
{
"name": "CVE-2015-3715",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3715"
},
{
"name": "CVE-2015-0287",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0287"
},
{
"name": "CVE-2015-3672",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3672"
},
{
"name": "CVE-2015-3716",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3716"
},
{
"name": "CVE-2015-1157",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1157"
},
{
"name": "CVE-2015-3713",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3713"
},
{
"name": "CVE-2014-8140",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8140"
},
{
"name": "CVE-2015-3699",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3699"
},
{
"name": "CVE-2015-0209",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0209"
},
{
"name": "CVE-2015-0235",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0235"
},
{
"name": "CVE-2015-3693",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3693"
},
{
"name": "CVE-2014-8127",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8127"
},
{
"name": "CVE-2015-3707",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3707"
},
{
"name": "CVE-2015-3709",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3709"
},
{
"name": "CVE-2015-3711",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3711"
},
{
"name": "CVE-2015-3705",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3705"
},
{
"name": "CVE-2015-3712",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3712"
},
{
"name": "CVE-2015-0289",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0289"
},
{
"name": "CVE-2015-3703",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3703"
},
{
"name": "CVE-2015-3696",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3696"
},
{
"name": "CVE-2015-3678",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3678"
},
{
"name": "CVE-2015-3698",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3698"
},
{
"name": "CVE-2015-3663",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3663"
},
{
"name": "CVE-2015-3704",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3704"
},
{
"name": "CVE-2015-3702",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3702"
},
{
"name": "CVE-2015-3683",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3683"
},
{
"name": "CVE-2015-3692",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3692"
}
],
"links": [],
"reference": "CERTFR-2015-AVI-273",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2015-07-01T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eApple OSX\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple OSX",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT204942 du 30 juin 2015",
"url": "https://support.apple.com/en-us/HT204942"
}
]
}
CERTFR-2015-AVI-272
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans Apple iOS. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cp\u003e\u003c/p\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2015-3687",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3687"
},
{
"name": "CVE-2015-3658",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3658"
},
{
"name": "CVE-2015-3686",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3686"
},
{
"name": "CVE-2013-1741",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1741"
},
{
"name": "CVE-2015-1156",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1156"
},
{
"name": "CVE-2015-3685",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3685"
},
{
"name": "CVE-2014-8130",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8130"
},
{
"name": "CVE-2015-3690",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3690"
},
{
"name": "CVE-2014-8129",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8129"
},
{
"name": "CVE-2015-3724",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3724"
},
{
"name": "CVE-2015-3725",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3725"
},
{
"name": "CVE-2015-1152",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1152"
},
{
"name": "CVE-2015-3689",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3689"
},
{
"name": "CVE-2015-3710",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3710"
},
{
"name": "CVE-2015-4000",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4000"
},
{
"name": "CVE-2015-3694",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3694"
},
{
"name": "CVE-2014-8128",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8128"
},
{
"name": "CVE-2015-3719",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3719"
},
{
"name": "CVE-2015-1153",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1153"
},
{
"name": "CVE-2015-3721",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3721"
},
{
"name": "CVE-2015-3684",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3684"
},
{
"name": "CVE-2015-3723",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3723"
},
{
"name": "CVE-2015-3659",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3659"
},
{
"name": "CVE-2015-3688",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3688"
},
{
"name": "CVE-2015-3717",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3717"
},
{
"name": "CVE-2015-3722",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3722"
},
{
"name": "CVE-2015-1155",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1155"
},
{
"name": "CVE-2015-1157",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1157"
},
{
"name": "CVE-2015-3726",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3726"
},
{
"name": "CVE-2014-8127",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8127"
},
{
"name": "CVE-2015-3703",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3703"
},
{
"name": "CVE-2015-3727",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3727"
},
{
"name": "CVE-2015-3728",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3728"
}
],
"links": [],
"reference": "CERTFR-2015-AVI-272",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2015-07-01T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eApple iOS\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple iOS",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple du 30 juin 2015",
"url": "https://support.apple.com/en-us/HT204941"
}
]
}
CERTFR-2015-AVI-273
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans Apple OSX. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "OS X Mountain Lion versions ant\u00e9rieures \u00e0 v10.8.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "OS X Yosemite versions ant\u00e9rieures \u00e0 v10.10.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "OS X Mavericks versions ant\u00e9rieures \u00e0 v10.9.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2015-3687",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3687"
},
{
"name": "CVE-2015-3686",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3686"
},
{
"name": "CVE-2014-8141",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8141"
},
{
"name": "CVE-2015-3680",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3680"
},
{
"name": "CVE-2015-3676",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3676"
},
{
"name": "CVE-2013-1741",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1741"
},
{
"name": "CVE-2015-3668",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3668"
},
{
"name": "CVE-2015-3679",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3679"
},
{
"name": "CVE-2015-3714",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3714"
},
{
"name": "CVE-2015-3685",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3685"
},
{
"name": "CVE-2014-8130",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8130"
},
{
"name": "CVE-2015-3681",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3681"
},
{
"name": "CVE-2015-3706",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3706"
},
{
"name": "CVE-2015-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0286"
},
{
"name": "CVE-2015-3690",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3690"
},
{
"name": "CVE-2014-8129",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8129"
},
{
"name": "CVE-2015-3682",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3682"
},
{
"name": "CVE-2015-3667",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3667"
},
{
"name": "CVE-2015-3691",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3691"
},
{
"name": "CVE-2015-0288",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0288"
},
{
"name": "CVE-2015-3689",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3689"
},
{
"name": "CVE-2015-3720",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3720"
},
{
"name": "CVE-2015-3700",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3700"
},
{
"name": "CVE-2015-3710",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3710"
},
{
"name": "CVE-2015-4000",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4000"
},
{
"name": "CVE-2015-3695",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3695"
},
{
"name": "CVE-2015-3708",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3708"
},
{
"name": "CVE-2015-3694",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3694"
},
{
"name": "CVE-2014-8139",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8139"
},
{
"name": "CVE-2015-0273",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0273"
},
{
"name": "CVE-2014-8128",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8128"
},
{
"name": "CVE-2015-3719",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3719"
},
{
"name": "CVE-2015-3674",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3674"
},
{
"name": "CVE-2015-1798",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1798"
},
{
"name": "CVE-2015-1799",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1799"
},
{
"name": "CVE-2015-3721",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3721"
},
{
"name": "CVE-2015-3684",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3684"
},
{
"name": "CVE-2015-3677",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3677"
},
{
"name": "CVE-2015-3671",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3671"
},
{
"name": "CVE-2015-3697",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3697"
},
{
"name": "CVE-2015-3666",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3666"
},
{
"name": "CVE-2015-3675",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3675"
},
{
"name": "CVE-2015-3662",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3662"
},
{
"name": "CVE-2015-3688",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3688"
},
{
"name": "CVE-2015-3673",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3673"
},
{
"name": "CVE-2015-3661",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3661"
},
{
"name": "CVE-2015-3701",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3701"
},
{
"name": "CVE-2015-3717",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3717"
},
{
"name": "CVE-2015-3718",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3718"
},
{
"name": "CVE-2015-0293",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0293"
},
{
"name": "CVE-2015-3715",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3715"
},
{
"name": "CVE-2015-0287",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0287"
},
{
"name": "CVE-2015-3672",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3672"
},
{
"name": "CVE-2015-3716",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3716"
},
{
"name": "CVE-2015-1157",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1157"
},
{
"name": "CVE-2015-3713",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3713"
},
{
"name": "CVE-2014-8140",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8140"
},
{
"name": "CVE-2015-3699",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3699"
},
{
"name": "CVE-2015-0209",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0209"
},
{
"name": "CVE-2015-0235",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0235"
},
{
"name": "CVE-2015-3693",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3693"
},
{
"name": "CVE-2014-8127",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8127"
},
{
"name": "CVE-2015-3707",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3707"
},
{
"name": "CVE-2015-3709",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3709"
},
{
"name": "CVE-2015-3711",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3711"
},
{
"name": "CVE-2015-3705",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3705"
},
{
"name": "CVE-2015-3712",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3712"
},
{
"name": "CVE-2015-0289",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0289"
},
{
"name": "CVE-2015-3703",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3703"
},
{
"name": "CVE-2015-3696",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3696"
},
{
"name": "CVE-2015-3678",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3678"
},
{
"name": "CVE-2015-3698",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3698"
},
{
"name": "CVE-2015-3663",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3663"
},
{
"name": "CVE-2015-3704",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3704"
},
{
"name": "CVE-2015-3702",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3702"
},
{
"name": "CVE-2015-3683",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3683"
},
{
"name": "CVE-2015-3692",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3692"
}
],
"links": [],
"reference": "CERTFR-2015-AVI-273",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2015-07-01T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eApple OSX\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple OSX",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT204942 du 30 juin 2015",
"url": "https://support.apple.com/en-us/HT204942"
}
]
}
FKIE_CVE-2015-3717
Vulnerability from fkie_nvd - Published: 2015-07-03 02:00 - Updated: 2025-04-12 10:46
Severity ?
Summary
Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
References
| URL | Tags | ||
|---|---|---|---|
| product-security@apple.com | http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html | Mailing List, Vendor Advisory | |
| product-security@apple.com | http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html | Mailing List, Patch, Vendor Advisory | |
| product-security@apple.com | http://support.apple.com/kb/HT204941 | Vendor Advisory | |
| product-security@apple.com | http://support.apple.com/kb/HT204942 | Vendor Advisory | |
| product-security@apple.com | http://www.securityfocus.com/bid/75491 | Third Party Advisory, VDB Entry | |
| product-security@apple.com | http://www.securitytracker.com/id/1032760 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html | Mailing List, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT204941 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT204942 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/75491 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1032760 | Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD392CB9-FD3B-4021-B31A-77157B107A07",
"versionEndExcluding": "3.8.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "774F1A5C-2633-4A8F-8462-B53FE0291F04",
"versionEndExcluding": "10.10.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "825878C4-F06B-4F99-BF47-B2CEC57BC070",
"versionEndExcluding": "8.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de buffer en la funcionalidad printf en SQLite, utilizado en Apple iOS anterior a 8.4 y OS X anterior a 10.10.4, permiten a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2015-3717",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-07-03T02:00:08.993",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT204941"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT204942"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/75491"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032760"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT204941"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT204942"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/75491"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032760"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
MSRC_CVE-2015-3717
Vulnerability from csaf_microsoft - Published: 2015-07-02 00:00 - Updated: 2020-09-25 00:00Summary
Multiple buffer overflows in the printf functionality in SQLite as used in Apple iOS before 8.4 and OS X before 10.10.4 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Vendor Fix
3.32.3-2:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
https://learn.microsoft.com/en-us/azure/azure-lin…
References
| URL | Category | |
|---|---|---|
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2015-3717 Multiple buffer overflows in the printf functionality in SQLite as used in Apple iOS before 8.4 and OS X before 10.10.4 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2015/msrc_cve-2015-3717.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Multiple buffer overflows in the printf functionality in SQLite as used in Apple iOS before 8.4 and OS X before 10.10.4 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.",
"tracking": {
"current_release_date": "2020-09-25T00:00:00.000Z",
"generator": {
"date": "2025-10-19T17:01:28.713Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2015-3717",
"initial_release_date": "2015-07-02T00:00:00.000Z",
"revision_history": [
{
"date": "2020-09-25T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "1.0",
"product": {
"name": "CBL Mariner 1.0",
"product_id": "16820"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccm1 sqlite 3.32.3-2",
"product": {
"name": "\u003ccm1 sqlite 3.32.3-2",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "cm1 sqlite 3.32.3-2",
"product": {
"name": "cm1 sqlite 3.32.3-2",
"product_id": "16834"
}
}
],
"category": "product_name",
"name": "sqlite"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccm1 sqlite 3.32.3-2 as a component of CBL Mariner 1.0",
"product_id": "16820-1"
},
"product_reference": "1",
"relates_to_product_reference": "16820"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cm1 sqlite 3.32.3-2 as a component of CBL Mariner 1.0",
"product_id": "16834-16820"
},
"product_reference": "16834",
"relates_to_product_reference": "16820"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-3717",
"notes": [
{
"category": "general",
"text": "apple",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"16834-16820"
],
"known_affected": [
"16820-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2015-3717 Multiple buffer overflows in the printf functionality in SQLite as used in Apple iOS before 8.4 and OS X before 10.10.4 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2015/msrc_cve-2015-3717.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-25T00:00:00.000Z",
"details": "3.32.3-2:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"16820-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"title": "Multiple buffer overflows in the printf functionality in SQLite as used in Apple iOS before 8.4 and OS X before 10.10.4 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors."
}
]
}
VAR-201507-0411
Vulnerability from variot - Updated: 2023-12-18 11:36Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SQLite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of the printf function. The issue lies in the ability to use an arbitrary format string as an argument to an insecure printf function. An attacker can leverage this vulnerability to achieve code execution under the context of the current process. Apple Mac OS X and iOS are prone to the following security vulnerabilities: 1. Multiple memory-corruption vulnerabilities 2. Multiple information-disclosure vulnerabilities 3. A security vulnerability 4. Failed exploit attempts will likely result in denial-of-service conditions. SQLite is an American software developer D.Richard Hipp developed a set based on C language for an open-source embedded relational database management system. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2015-06-30-1 iOS 8.4
iOS 8.4 is now available and addresses the following:
Application Store Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious universal provisioning profile app may prevent apps from launching Description: An issue existed in the install logic for universal provisioning profile apps, which allowed a collision to occur with existing bundle IDs. This issue was addressed through improved collision checking. CVE-ID CVE-2015-3722 : Zhaofeng Chen, Hui Xue, and Tao (Lenx) Wei from FireEye, Inc.
Certificate Trust Policy Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker with a privileged network position may be able to intercept network traffic Description: An intermediate certificate was incorrectly issued by the certificate authority CNNIC. This issue was addressed through the addition of a mechanism to trust only a subset of certificates issued prior to the mis-issuance of the intermediate. Further details are available at https://support.apple.com/en-us/HT204938
Certificate Trust Policy Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at https://support.apple.com/en- us/HT204132
CFNetwork HTTPAuthentication Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Following a maliciously crafted URL may lead to arbitrary code execution Description: A memory corruption issue existed in handling of certain URL credentials. This issue was addressed with improved memory handling. CVE-ID CVE-2015-3684 : Apple
CoreGraphics Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in the handling of ICC profiles. These issues were addressed through improved memory handling. CVE-ID CVE-2015-3723 : chaithanya (SegFault) working with HP's Zero Day Initiative CVE-2015-3724 : WanderingGlitch of HP's Zero Day Initiative
CoreText Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted text file may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in the processing of text files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-1157 CVE-2015-3685 : Apple CVE-2015-3686 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-3687 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-3688 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-3689 : Apple
coreTLS Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker with a privileged network position may intercept SSL/TLS connections Description: coreTLS accepted short ephemeral Diffie-Hellman (DH) keys, as used in export-strength ephemeral DH cipher suites. This issue, also known as Logjam, allowed an attacker with a privileged network position to downgrade security to 512-bit DH if the server supported an export-strength ephemeral DH cipher suite. The issue was addressed by increasing the default minimum size allowed for DH ephemeral keys to 768 bits. CVE-ID CVE-2015-4000 : The weakdh team at weakdh.org, Hanno Boeck
DiskImages Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to determine kernel memory layout Description: An information disclosure issue existed in the processing of disk images. This issue was addressed through improved memory management. CVE-ID CVE-2015-3690 : Peter Rutenbar working with HP's Zero Day Initiative
FontParser Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in the processing of font files. These issues were addressed through improved input validation. CVE-ID CVE-2015-3694 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-3719 : John Villamil (@day6reak), Yahoo Pentest Team
ImageIO Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted .tiff file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of .tiff files. This issue was addressed with improved bounds checking. CVE-ID CVE-2015-3703 : Apple
ImageIO Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Multiple vulnerabilities exist in libtiff, the most serious of which may lead to arbitrary code execution Description: Multiple vulnerabilities existed in libtiff versions prior to 4.0.4. They were addressed by updating libtiff to version 4.0.4. CVE-ID CVE-2014-8127 CVE-2014-8128 CVE-2014-8129 CVE-2014-8130
Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to determine kernel memory layout Description: A memory management issue existed in the handling of HFS parameters which could have led to the disclosure of kernel memory layout. This issue was addressed through improved memory management. CVE-ID CVE-2015-3721 : Ian Beer of Google Project Zero
Mail Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A maliciously crafted email can replace the message content with an arbitrary webpage when the message is viewed Description: An issue existed in the support for HTML email which allowed message content to be refreshed with an arbitrary webpage. The issue was addressed through restricted support for HTML content. CVE-ID CVE-2015-3710 : Aaron Sigel of vtty.com, Jan Soucek
MobileInstallation Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious universal provisioning profile app can prevent a Watch app from launching Description: An issue existed in the install logic for universal provisioning profile apps on the Watch which allowed a collision to occur with existing bundle IDs. This issue was addressed through improved collision checking. CVE-ID CVE-2015-3725 : Zhaofeng Chen, Hui Xue, and Tao (Lenx) Wei from FireEye, Inc.
Safari Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may compromise user information on the filesystem Description: A state management issue existed in Safari that allowed unprivileged origins to access contents on the filesystem. This issue was addressed through improved state management. CVE-ID CVE-2015-1155 : Joe Vennix of Rapid7 Inc. working with HP's Zero Day Initiative
Safari Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to account takeover Description: An issue existed where Safari would preserve the Origin request header for cross-origin redirects, allowing malicious websites to circumvent CSRF protections. The issue was addressed through improved handling of redirects. CVE-ID CVE-2015-3658 : Brad Hill of Facebook
Security Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution Description: An integer overflow existed in the Security framework code for parsing S/MIME e-mail and some other signed or encrypted objects. This issue was addressed through improved validity checking. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-3717 : Peter Rutenbar working with HP's Zero Day Initiative
Telephony Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Maliciously crafted SIM cards may lead to arbitrary code execution Description: Multiple input validation issues existed in the parsing of SIM/UIM payloads. These issues were addressed through improved payload validation. CVE-ID CVE-2015-3726 : Matt Spisak of Endgame
WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website by clicking a link may lead to user interface spoofing Description: An issue existed in the handling of the rel attribute in anchor elements. Target objects could get unauthorized access to link objects. This issue was addressed through improved link type adherence. CVE-ID CVE-2015-1156 : Zachary Durber of Moodle
WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2015-1152 : Apple CVE-2015-1153 : Apple
WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted webpage may lead to an unexpected application termination or arbitrary code execution Description: An insufficient comparison issue existed in SQLite authorizer which allowed invocation of arbitrary SQL functions. This issue was addressed with improved authorization checks. CVE-ID CVE-2015-3659 : Peter Rutenbar working with HP's Zero Day Initiative
WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A maliciously crafted website can access the WebSQL databases of other websites Description: An issue existed in the authorization checks for renaming WebSQL tables which could have allowed a maliciously crafted website to access databases belonging to other websites. This was addressed through improved authorization checks. CVE-ID CVE-2015-3727 : Peter Rutenbar working with HP's Zero Day Initiative
WiFi Connectivity Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: iOS devices may auto-associate with untrusted access points advertising a known ESSID but with a downgraded security type Description: An insufficient comparison issue existed in WiFi manager's evaluation of known access point advertisements. This issue was addressed through improved matching of security parameters. CVE-ID CVE-2015-3728 : Brian W. Gray of Carnegie Mellon University, Craig Young from TripWire
Installation note:
This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
- Navigate to Settings
- Select General
- Select About. The version after applying this update will be "8.4".
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2 Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJVkr+6AAoJEBcWfLTuOo7tfDwP/1db2KLgQP+Pyb6av5awgS4m hQul1ihU0JO8jAI2ww345v6jMFq7MIAs82DobbRwqtI97aTep5bieqr5qUautlFz NtC4VQ5PsAyEoTo0cOSpvFOV3av6BdwFeNTI4w39n+bvKn6YUSJD0zswknUtI/G7 lpFx/KxvKBkXBhWWCg3cyVlo3Jap88svlyh9MZ+C0BYFyjZ+ZjYMlDZ6FdzRyBxI 4RHaXUFrtMQk3JAeIadSbevOH2mUwlCB9vDmFOC5BFTrMYV8nd3gyXMy924wLQli l3gtx+Kgq3+i71Zay7HGmshv06vZop8X82fC/lNZmTQFfNABLLug0ve0tLH9+IRm 516Yb4UxUZ51Pnhbv1wvwqATGoJpK4oFXHsTx0rCVpkcxGMLmeYRyaxQYBUzh+ns +9tcuqIBsvVudY8LGAF4yUxkmt2K5N6mqu9x+KqVmiI9M7DbBoc+AUNVJpoiEGmt qB/eqkpGYKvHal3UEV6P3sSM3gBrzb5aFYNa8R31/cE8U+INeKTwd99KNoixJa9y /rNOSnuwKsuD33NFUpOJo/MW70ts3BrjN8eIvtnZ7/GHVljkQde7LCCJ2k2iQWTW lp+C5jWsR/2qXoCkG1p2oipBP/2OKo9wRzklkOo+1LJiWY18r/FlRMWqfkFUyMrK +NEpxWhe8ytzIFIkrXDt =iv++ -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201507-0411",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sqlite",
"scope": null,
"trust": 2.1,
"vendor": "sqlite",
"version": null
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.10.4"
},
{
"model": "sqlite",
"scope": "lt",
"trust": 1.0,
"vendor": "sqlite",
"version": "3.8.9"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "8.4"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.10 to 10.10.3"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "8.4 (ipad 2 or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "8.4 (iphone 4s or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "8.4 (ipod touch first 5 after generation )"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.4.0.80"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.6"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.2.20"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.8"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.4.1.10"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1.1.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.6.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.3.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "itunes",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "12.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "8.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.10"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1.5"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.5.2"
},
{
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.7.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.4.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.6.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1.1"
},
{
"model": "sqlite",
"scope": "eq",
"trust": 0.3,
"vendor": "sqlite",
"version": "0"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.9"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2.2.12"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.5.1.42"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.5"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.0.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.5"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.7"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.8"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.5.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.7"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0.0.163"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.3.2"
},
{
"model": "ipad",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.72"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.6.1.7"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.1"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-290"
},
{
"db": "BID",
"id": "75491"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003402"
},
{
"db": "NVD",
"id": "CVE-2015-3717"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-078"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.8.9",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.10.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.4",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3717"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Peter Rutenbar",
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-290"
}
],
"trust": 0.7
},
"cve": "CVE-2015-3717",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-3717",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "CVE-2015-3717",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-81678",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-3717",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2015-3717",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201507-078",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-81678",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2015-3717",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-290"
},
{
"db": "VULHUB",
"id": "VHN-81678"
},
{
"db": "VULMON",
"id": "CVE-2015-3717"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003402"
},
{
"db": "NVD",
"id": "CVE-2015-3717"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-078"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SQLite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of the printf function. The issue lies in the ability to use an arbitrary format string as an argument to an insecure printf function. An attacker can leverage this vulnerability to achieve code execution under the context of the current process. Apple Mac OS X and iOS are prone to the following security vulnerabilities:\n1. Multiple memory-corruption vulnerabilities\n2. Multiple information-disclosure vulnerabilities\n3. A security vulnerability\n4. Failed exploit attempts will likely result in denial-of-service conditions. SQLite is an American software developer D.Richard Hipp developed a set based on C language for an open-source embedded relational database management system. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2015-06-30-1 iOS 8.4\n\niOS 8.4 is now available and addresses the following:\n\nApplication Store\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A malicious universal provisioning profile app may prevent\napps from launching\nDescription: An issue existed in the install logic for universal\nprovisioning profile apps, which allowed a collision to occur with\nexisting bundle IDs. This issue was addressed through improved\ncollision checking. \nCVE-ID\nCVE-2015-3722 : Zhaofeng Chen, Hui Xue, and Tao (Lenx) Wei from\nFireEye, Inc. \n\nCertificate Trust Policy\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: An attacker with a privileged network position may be able\nto intercept network traffic\nDescription: An intermediate certificate was incorrectly issued by\nthe certificate authority CNNIC. This issue was addressed through the\naddition of a mechanism to trust only a subset of certificates issued\nprior to the mis-issuance of the intermediate. Further details are\navailable at https://support.apple.com/en-us/HT204938\n\nCertificate Trust Policy\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Update to the certificate trust policy\nDescription: The certificate trust policy was updated. The complete\nlist of certificates may be viewed at https://support.apple.com/en-\nus/HT204132\n\nCFNetwork HTTPAuthentication\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Following a maliciously crafted URL may lead to arbitrary\ncode execution\nDescription: A memory corruption issue existed in handling of\ncertain URL credentials. This issue was addressed with improved\nmemory handling. \nCVE-ID\nCVE-2015-3684 : Apple\n\nCoreGraphics\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: Multiple memory corruption issues existed in the\nhandling of ICC profiles. These issues were addressed through\nimproved memory handling. \nCVE-ID\nCVE-2015-3723 : chaithanya (SegFault) working with HP\u0027s Zero Day\nInitiative\nCVE-2015-3724 : WanderingGlitch of HP\u0027s Zero Day Initiative\n\nCoreText\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Processing a maliciously crafted text file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: Multiple memory corruption issues existed in the\nprocessing of text files. These issues were addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2015-1157\nCVE-2015-3685 : Apple\nCVE-2015-3686 : John Villamil (@day6reak), Yahoo Pentest Team\nCVE-2015-3687 : John Villamil (@day6reak), Yahoo Pentest Team\nCVE-2015-3688 : John Villamil (@day6reak), Yahoo Pentest Team\nCVE-2015-3689 : Apple\n\ncoreTLS\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: An attacker with a privileged network position may intercept\nSSL/TLS connections\nDescription: coreTLS accepted short ephemeral Diffie-Hellman (DH)\nkeys, as used in export-strength ephemeral DH cipher suites. This\nissue, also known as Logjam, allowed an attacker with a privileged\nnetwork position to downgrade security to 512-bit DH if the server\nsupported an export-strength ephemeral DH cipher suite. The issue was\naddressed by increasing the default minimum size allowed for DH\nephemeral keys to 768 bits. \nCVE-ID\nCVE-2015-4000 : The weakdh team at weakdh.org, Hanno Boeck\n\nDiskImages\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: An information disclosure issue existed in the\nprocessing of disk images. This issue was addressed through improved\nmemory management. \nCVE-ID\nCVE-2015-3690 : Peter Rutenbar working with HP\u0027s Zero Day Initiative\n\nFontParser\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Processing a maliciously crafted font file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: Multiple memory corruption issues existed in the\nprocessing of font files. These issues were addressed through\nimproved input validation. \nCVE-ID\nCVE-2015-3694 : John Villamil (@day6reak), Yahoo Pentest Team\nCVE-2015-3719 : John Villamil (@day6reak), Yahoo Pentest Team\n\nImageIO\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Processing a maliciously crafted .tiff file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue existed in the processing of\n.tiff files. This issue was addressed with improved bounds checking. \nCVE-ID\nCVE-2015-3703 : Apple\n\nImageIO\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Multiple vulnerabilities exist in libtiff, the most serious\nof which may lead to arbitrary code execution\nDescription: Multiple vulnerabilities existed in libtiff versions\nprior to 4.0.4. They were addressed by updating libtiff to version\n4.0.4. \nCVE-ID\nCVE-2014-8127\nCVE-2014-8128\nCVE-2014-8129\nCVE-2014-8130\n\nKernel\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: A memory management issue existed in the handling of\nHFS parameters which could have led to the disclosure of kernel\nmemory layout. This issue was addressed through improved memory\nmanagement. \nCVE-ID\nCVE-2015-3721 : Ian Beer of Google Project Zero\n\nMail\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A maliciously crafted email can replace the message content\nwith an arbitrary webpage when the message is viewed\nDescription: An issue existed in the support for HTML email which\nallowed message content to be refreshed with an arbitrary webpage. \nThe issue was addressed through restricted support for HTML content. \nCVE-ID\nCVE-2015-3710 : Aaron Sigel of vtty.com, Jan Soucek\n\nMobileInstallation\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A malicious universal provisioning profile app can prevent a\nWatch app from launching\nDescription: An issue existed in the install logic for universal\nprovisioning profile apps on the Watch which allowed a collision to\noccur with existing bundle IDs. This issue was addressed through\nimproved collision checking. \nCVE-ID\nCVE-2015-3725 : Zhaofeng Chen, Hui Xue, and Tao (Lenx) Wei from\nFireEye, Inc. \n\nSafari\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a maliciously crafted website may compromise user\ninformation on the filesystem\nDescription: A state management issue existed in Safari that allowed\nunprivileged origins to access contents on the filesystem. This issue\nwas addressed through improved state management. \nCVE-ID\nCVE-2015-1155 : Joe Vennix of Rapid7 Inc. working with HP\u0027s Zero Day\nInitiative\n\n\nSafari\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a maliciously crafted website may lead to account\ntakeover\nDescription: An issue existed where Safari would preserve the Origin\nrequest header for cross-origin redirects, allowing malicious\nwebsites to circumvent CSRF protections. The issue was addressed\nthrough improved handling of redirects. \nCVE-ID\nCVE-2015-3658 : Brad Hill of Facebook\n\nSecurity\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A remote attacker may cause an unexpected application\ntermination or arbitrary code execution\nDescription: An integer overflow existed in the Security framework\ncode for parsing S/MIME e-mail and some other signed or encrypted\nobjects. This issue was addressed through improved validity checking. These issues were addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2015-3717 : Peter Rutenbar working with HP\u0027s Zero Day Initiative\n\nTelephony\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Maliciously crafted SIM cards may lead to arbitrary code\nexecution\nDescription: Multiple input validation issues existed in the parsing\nof SIM/UIM payloads. These issues were addressed through improved\npayload validation. \nCVE-ID\nCVE-2015-3726 : Matt Spisak of Endgame\n\nWebKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a malicious website by clicking a link may lead to\nuser interface spoofing\nDescription: An issue existed in the handling of the rel attribute\nin anchor elements. Target objects could get unauthorized access to\nlink objects. This issue was addressed through improved link type\nadherence. \nCVE-ID\nCVE-2015-1156 : Zachary Durber of Moodle\n\nWebKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a maliciously crafted website may lead to an\nunexpected application termination or arbitrary code execution\nDescription: Multiple memory corruption issues existed in WebKit. \nThese issues were addressed through improved memory handling. \nCVE-ID\nCVE-2015-1152 : Apple\nCVE-2015-1153 : Apple\n\nWebKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a maliciously crafted webpage may lead to an\nunexpected application termination or arbitrary code execution\nDescription: An insufficient comparison issue existed in SQLite\nauthorizer which allowed invocation of arbitrary SQL functions. This\nissue was addressed with improved authorization checks. \nCVE-ID\nCVE-2015-3659 : Peter Rutenbar working with HP\u0027s Zero Day Initiative\n\nWebKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A maliciously crafted website can access the WebSQL\ndatabases of other websites\nDescription: An issue existed in the authorization checks for\nrenaming WebSQL tables which could have allowed a maliciously crafted\nwebsite to access databases belonging to other websites. This was\naddressed through improved authorization checks. \nCVE-ID\nCVE-2015-3727 : Peter Rutenbar working with HP\u0027s Zero Day Initiative\n\nWiFi Connectivity\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: iOS devices may auto-associate with untrusted access points\nadvertising a known ESSID but with a downgraded security type\nDescription: An insufficient comparison issue existed in WiFi\nmanager\u0027s evaluation of known access point advertisements. This issue\nwas addressed through improved matching of security parameters. \nCVE-ID\nCVE-2015-3728 : Brian W. Gray of Carnegie Mellon University, Craig\nYoung from TripWire\n\n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"8.4\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBCAAGBQJVkr+6AAoJEBcWfLTuOo7tfDwP/1db2KLgQP+Pyb6av5awgS4m\nhQul1ihU0JO8jAI2ww345v6jMFq7MIAs82DobbRwqtI97aTep5bieqr5qUautlFz\nNtC4VQ5PsAyEoTo0cOSpvFOV3av6BdwFeNTI4w39n+bvKn6YUSJD0zswknUtI/G7\nlpFx/KxvKBkXBhWWCg3cyVlo3Jap88svlyh9MZ+C0BYFyjZ+ZjYMlDZ6FdzRyBxI\n4RHaXUFrtMQk3JAeIadSbevOH2mUwlCB9vDmFOC5BFTrMYV8nd3gyXMy924wLQli\nl3gtx+Kgq3+i71Zay7HGmshv06vZop8X82fC/lNZmTQFfNABLLug0ve0tLH9+IRm\n516Yb4UxUZ51Pnhbv1wvwqATGoJpK4oFXHsTx0rCVpkcxGMLmeYRyaxQYBUzh+ns\n+9tcuqIBsvVudY8LGAF4yUxkmt2K5N6mqu9x+KqVmiI9M7DbBoc+AUNVJpoiEGmt\nqB/eqkpGYKvHal3UEV6P3sSM3gBrzb5aFYNa8R31/cE8U+INeKTwd99KNoixJa9y\n/rNOSnuwKsuD33NFUpOJo/MW70ts3BrjN8eIvtnZ7/GHVljkQde7LCCJ2k2iQWTW\nlp+C5jWsR/2qXoCkG1p2oipBP/2OKo9wRzklkOo+1LJiWY18r/FlRMWqfkFUyMrK\n+NEpxWhe8ytzIFIkrXDt\n=iv++\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3717"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003402"
},
{
"db": "ZDI",
"id": "ZDI-15-290"
},
{
"db": "BID",
"id": "75491"
},
{
"db": "VULHUB",
"id": "VHN-81678"
},
{
"db": "VULMON",
"id": "CVE-2015-3717"
},
{
"db": "PACKETSTORM",
"id": "141808"
},
{
"db": "PACKETSTORM",
"id": "132517"
},
{
"db": "PACKETSTORM",
"id": "141796"
},
{
"db": "PACKETSTORM",
"id": "141937"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-3717",
"trust": 4.0
},
{
"db": "BID",
"id": "75491",
"trust": 2.1
},
{
"db": "SECTRACK",
"id": "1032760",
"trust": 1.8
},
{
"db": "ZDI",
"id": "ZDI-15-290",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003402",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2889",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201507-078",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.3573.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3573",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-15-283",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-81678",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-3717",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "141808",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132517",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "141796",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "141937",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-290"
},
{
"db": "VULHUB",
"id": "VHN-81678"
},
{
"db": "VULMON",
"id": "CVE-2015-3717"
},
{
"db": "BID",
"id": "75491"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003402"
},
{
"db": "PACKETSTORM",
"id": "141808"
},
{
"db": "PACKETSTORM",
"id": "132517"
},
{
"db": "PACKETSTORM",
"id": "141796"
},
{
"db": "PACKETSTORM",
"id": "141937"
},
{
"db": "NVD",
"id": "CVE-2015-3717"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-078"
}
]
},
"id": "VAR-201507-0411",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-81678"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:36:40.672000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2015/jun/msg00002.html"
},
{
"title": "APPLE-SA-2015-06-30-1 iOS 8.4",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2015/jun/msg00001.html"
},
{
"title": "HT204942",
"trust": 0.8,
"url": "http://support.apple.com/en-us/ht204942"
},
{
"title": "HT204941",
"trust": 0.8,
"url": "http://support.apple.com/en-us/ht204941"
},
{
"title": "HT204942",
"trust": 0.8,
"url": "http://support.apple.com/ja-jp/ht204942"
},
{
"title": "HT204941",
"trust": 0.8,
"url": "http://support.apple.com/ja-jp/ht204941"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.sqlite.org/index.html"
},
{
"title": "SQLite has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "http://support.apple.com/kb/ht201222"
},
{
"title": "quicktime7.7.7_installer",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=56517"
},
{
"title": "osxupd10.10.4",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=56516"
},
{
"title": "iPhone7,1_8.4_12H143_Restore",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=56515"
},
{
"title": "Apple: iTunes 12.6",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=a68da1048a006f5980c613c06ab6fbb6"
},
{
"title": "Apple: iTunes 12.6 for Windows",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=a2320462745411a5547ed48fe868a9a6"
},
{
"title": "Apple: OS X Yosemite v10.10.4 and Security Update 2015-005",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=50398602701d671602946005c7864211"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-290"
},
{
"db": "VULMON",
"id": "CVE-2015-3717"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003402"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-078"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.0
},
{
"problemtype": "CWE-119",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81678"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003402"
},
{
"db": "NVD",
"id": "CVE-2015-3717"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2015/jun/msg00001.html"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2015/jun/msg00002.html"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/75491"
},
{
"trust": 1.8,
"url": "http://support.apple.com/kb/ht204941"
},
{
"trust": 1.8,
"url": "http://support.apple.com/kb/ht204942"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1032760"
},
{
"trust": 1.0,
"url": "http://support.apple.com/kb/ht201222"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3717"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3717"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3573.2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3573/"
},
{
"trust": 0.4,
"url": "https://gpgtools.org"
},
{
"trust": 0.4,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3717"
},
{
"trust": 0.3,
"url": "http://www.apple.com/ios/"
},
{
"trust": 0.3,
"url": "https://www.apple.com/osx/"
},
{
"trust": 0.3,
"url": "https://support.apple.com/en-us/ht205221"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-283/"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-290/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5300"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0718"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3720"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6153"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3415"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3270"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-6607"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3560"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3416"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1283"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3414"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-7443"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-6702"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4472"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1148"
},
{
"trust": 0.3,
"url": "https://www.apple.com/itunes/download/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1147"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.rapid7.com/db/vulnerabilities/apple-itunes-cve-2015-3687"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht207598"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=53129"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3684"
},
{
"trust": 0.1,
"url": "https://www.apple.com/itunes/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3687"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3658"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3724"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3685"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3703"
},
{
"trust": 0.1,
"url": "https://support.apple.com/en-us/ht204938"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3688"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8127"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1741"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1155"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8130"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1153"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3686"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3721"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3659"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3723"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3690"
},
{
"trust": 0.1,
"url": "https://support.apple.com/en-"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3689"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3710"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1152"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8129"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1157"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1156"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht1222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3722"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3694"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2480"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5029"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2479"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2383"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2463"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-290"
},
{
"db": "VULHUB",
"id": "VHN-81678"
},
{
"db": "VULMON",
"id": "CVE-2015-3717"
},
{
"db": "BID",
"id": "75491"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003402"
},
{
"db": "PACKETSTORM",
"id": "141808"
},
{
"db": "PACKETSTORM",
"id": "132517"
},
{
"db": "PACKETSTORM",
"id": "141796"
},
{
"db": "PACKETSTORM",
"id": "141937"
},
{
"db": "NVD",
"id": "CVE-2015-3717"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-078"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-15-290"
},
{
"db": "VULHUB",
"id": "VHN-81678"
},
{
"db": "VULMON",
"id": "CVE-2015-3717"
},
{
"db": "BID",
"id": "75491"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003402"
},
{
"db": "PACKETSTORM",
"id": "141808"
},
{
"db": "PACKETSTORM",
"id": "132517"
},
{
"db": "PACKETSTORM",
"id": "141796"
},
{
"db": "PACKETSTORM",
"id": "141937"
},
{
"db": "NVD",
"id": "CVE-2015-3717"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-078"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-01T00:00:00",
"db": "ZDI",
"id": "ZDI-15-290"
},
{
"date": "2015-07-03T00:00:00",
"db": "VULHUB",
"id": "VHN-81678"
},
{
"date": "2015-07-03T00:00:00",
"db": "VULMON",
"id": "CVE-2015-3717"
},
{
"date": "2015-06-30T00:00:00",
"db": "BID",
"id": "75491"
},
{
"date": "2015-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003402"
},
{
"date": "2017-03-24T14:54:06",
"db": "PACKETSTORM",
"id": "141808"
},
{
"date": "2015-07-01T03:28:44",
"db": "PACKETSTORM",
"id": "132517"
},
{
"date": "2017-03-23T16:22:29",
"db": "PACKETSTORM",
"id": "141796"
},
{
"date": "2017-03-28T23:44:44",
"db": "PACKETSTORM",
"id": "141937"
},
{
"date": "2015-07-03T02:00:08.993000",
"db": "NVD",
"id": "CVE-2015-3717"
},
{
"date": "2015-07-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-078"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-01T00:00:00",
"db": "ZDI",
"id": "ZDI-15-290"
},
{
"date": "2017-09-22T00:00:00",
"db": "VULHUB",
"id": "VHN-81678"
},
{
"date": "2020-11-20T00:00:00",
"db": "VULMON",
"id": "CVE-2015-3717"
},
{
"date": "2017-03-29T04:01:00",
"db": "BID",
"id": "75491"
},
{
"date": "2015-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003402"
},
{
"date": "2020-11-20T19:03:29.870000",
"db": "NVD",
"id": "CVE-2015-3717"
},
{
"date": "2020-11-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-078"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201507-078"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple iOS and Apple OS X Used in SQLite of printf Buffer overflow vulnerability in functionality",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003402"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201507-078"
}
],
"trust": 0.6
}
}
GHSA-32VR-RGC3-2CCM
Vulnerability from github – Published: 2022-05-13 01:13 – Updated: 2022-05-13 01:13
VLAI?
Details
Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
{
"affected": [],
"aliases": [
"CVE-2015-3717"
],
"database_specific": {
"cwe_ids": [
"CWE-120"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2015-07-03T02:00:00Z",
"severity": "HIGH"
},
"details": "Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.",
"id": "GHSA-32vr-rgc3-2ccm",
"modified": "2022-05-13T01:13:24Z",
"published": "2022-05-13T01:13:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3717"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT204941"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT204942"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/75491"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1032760"
}
],
"schema_version": "1.4.0",
"severity": []
}
CNVD-2015-04247
Vulnerability from cnvd - Published: 2015-07-06
VLAI Severity ?
Title
Apple iOS SQLite缓冲区溢出漏洞
Description
Apple iOS是一款运行在苹果iPhone和iPod touch设备上的最新的操作系统。
Apple iOS SQLite的printf实现存在多个缓冲区溢出,允许攻击者利用漏洞进行拒绝服务攻击或执行任意代码。
Severity
高
Patch Name
Apple iOS SQLite缓冲区溢出漏洞的补丁
Patch Description
Apple iOS是一款运行在苹果iPhone和iPod touch设备上的最新的操作系统。Apple iOS SQLite的printf实现存在多个缓冲区溢出,允许攻击者利用漏洞进行拒绝服务攻击或执行任意代码。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
Apple iOS 8.4已经修复该漏洞,建议用户下载更新: https://support.apple.com
Reference
https://support.apple.com/zh-cn/HT204941
Impacted products
| Name | Apple IOS <8.4 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2015-3717"
}
},
"description": "Apple iOS\u662f\u4e00\u6b3e\u8fd0\u884c\u5728\u82f9\u679ciPhone\u548ciPod touch\u8bbe\u5907\u4e0a\u7684\u6700\u65b0\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nApple iOS SQLite\u7684printf\u5b9e\u73b0\u5b58\u5728\u591a\u4e2a\u7f13\u51b2\u533a\u6ea2\u51fa\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u8fdb\u884c\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
"discovererName": "Peter Rutenbar working with HP\u0027s Zero Day Initiative",
"formalWay": "Apple iOS 8.4\u5df2\u7ecf\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u66f4\u65b0\uff1a\r\nhttps://support.apple.com",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2015-04247",
"openTime": "2015-07-06",
"patchDescription": "Apple iOS\u662f\u4e00\u6b3e\u8fd0\u884c\u5728\u82f9\u679ciPhone\u548ciPod touch\u8bbe\u5907\u4e0a\u7684\u6700\u65b0\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002Apple iOS SQLite\u7684printf\u5b9e\u73b0\u5b58\u5728\u591a\u4e2a\u7f13\u51b2\u533a\u6ea2\u51fa\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u8fdb\u884c\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Apple iOS SQLite\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Apple IOS \u003c8.4"
},
"referenceLink": "https://support.apple.com/zh-cn/HT204941",
"serverity": "\u9ad8",
"submitTime": "2015-07-02",
"title": "Apple iOS SQLite\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}
Loading…
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…