VAR-201006-0051
Vulnerability from variot - Updated: 2024-07-23 20:46Cross-site request forgery (CSRF) vulnerability in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, allows remote attackers to hijack the authentication of administrators for requests that change settings. CUPS is prone to a cross-site request-forgery vulnerability. This issue affects the CUPS web interface component. Attackers can exploit this issue to perform certain administrative actions and gain unauthorized access to the affected application. NOTE: This issue was previously covered in BID 40871 (Apple Mac OS X Prior to 10.6.4 Multiple Security Vulnerabilities), but has been given its own record to better document it. Apple Mac OS X is the operating system used by Apple family computers, and Font Book is a font management tool included in Mac OS X. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Debian Security Advisory DSA-2176-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff March 02, 2011 http://www.debian.org/security/faq
Package : cups Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2008-5183 CVE-2009-3553 CVE-2010-0540 CVE-2010-0542 CVE-2010-1748 CVE-2010-2431 CVE-2010-2432 CVE-2010-2941
Several vulnerabilities have been discovered in the Common UNIX Printing System:
CVE-2008-5183
A null pointer dereference in RSS job completion notifications could lead to denial of service.
CVE-2009-3553
It was discovered that incorrect file descriptor handling could lead to denial of service.
CVE-2010-0540
A cross-site request forgery vulnerability was discovered in the web interface.
CVE-2010-0542
Incorrect memory management in the filter subsystem could lead to denial of service.
CVE-2010-2431
Emmanuel Bouillon discovered a symlink vulnerability in handling of cache files.
CVE-2010-2432
Denial of service in the authentication code.
CVE-2010-2941
Incorrect memory management in the IPP code could lead to denial of service or the execution of arbitrary code.
For the oldstable distribution (lenny), this problem has been fixed in version 1.3.8-1+lenny9.
The stable distribution (squeeze) and the unstable distribution (sid) had already been fixed prior to the initial Squeeze release.
We recommend that you upgrade your cups packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk1tgPIACgkQXm3vHE4uyloDXQCgxy/m5yHvjnIopjEdPcmdzIW5 HaAAn1r6v/N27Y5g5O4vudCQgLt7uBPx =j7wC -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ .
Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct these issues.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0540 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0542 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1748 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2431 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2941
Updated Packages:
Mandriva Linux 2009.0: f659df34ee2b206427a38cefbca99cc2 2009.0/i586/cups-1.3.10-0.4mdv2009.0.i586.rpm 1b92d2762a23b983f0da6ed527c9cee8 2009.0/i586/cups-common-1.3.10-0.4mdv2009.0.i586.rpm a0719dfedbcce4ca02b8f1d69250c67b 2009.0/i586/cups-serial-1.3.10-0.4mdv2009.0.i586.rpm 130c8d5b44e513e52d6d40fc22974139 2009.0/i586/libcups2-1.3.10-0.4mdv2009.0.i586.rpm 06d0f7f3754246e67ff100ee3e15a6c2 2009.0/i586/libcups2-devel-1.3.10-0.4mdv2009.0.i586.rpm 7179976e3a7490deced5374723453065 2009.0/i586/php-cups-1.3.10-0.4mdv2009.0.i586.rpm d457f260b56c65d119f3f4577a7dc90f 2009.0/SRPMS/cups-1.3.10-0.4mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64: 109c1f41b21fbb8e2c97aaeafae1340a 2009.0/x86_64/cups-1.3.10-0.4mdv2009.0.x86_64.rpm d0fca9c94c5269fec27a31086c399145 2009.0/x86_64/cups-common-1.3.10-0.4mdv2009.0.x86_64.rpm 4ff96778ae90f228ef99d94487d87f77 2009.0/x86_64/cups-serial-1.3.10-0.4mdv2009.0.x86_64.rpm 3f0127d51b2cdc9bf661e9de91b52f39 2009.0/x86_64/lib64cups2-1.3.10-0.4mdv2009.0.x86_64.rpm 473bdbea1f1379fc46f0523ab5a91e92 2009.0/x86_64/lib64cups2-devel-1.3.10-0.4mdv2009.0.x86_64.rpm 6d720a64deac48ca276266bb6895f72d 2009.0/x86_64/php-cups-1.3.10-0.4mdv2009.0.x86_64.rpm d457f260b56c65d119f3f4577a7dc90f 2009.0/SRPMS/cups-1.3.10-0.4mdv2009.0.src.rpm
Mandriva Linux 2010.0: b896bb55528f9b3f7329bdefbd06e907 2010.0/i586/cups-1.4.1-12.2mdv2010.0.i586.rpm 9915c592984b953fc97caeaff6adfd51 2010.0/i586/cups-common-1.4.1-12.2mdv2010.0.i586.rpm 9301ef3c2f510317064d543603ce2093 2010.0/i586/cups-serial-1.4.1-12.2mdv2010.0.i586.rpm 30b760a74bfe1338139c810e727321c0 2010.0/i586/libcups2-1.4.1-12.2mdv2010.0.i586.rpm d6bb4b1902321d01065f5523fe8b8bd1 2010.0/i586/libcups2-devel-1.4.1-12.2mdv2010.0.i586.rpm 1e9b384c4ca7bfdd0a5294662e167cbb 2010.0/i586/php-cups-1.4.1-12.2mdv2010.0.i586.rpm a3ade5cdca9098f024c821f02e2497d1 2010.0/SRPMS/cups-1.4.1-12.2mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64: b85a2eb58e0321e8bbe9f0db0b67b270 2010.0/x86_64/cups-1.4.1-12.2mdv2010.0.x86_64.rpm c3e5f2aaab48b3569af9adc0fe066e36 2010.0/x86_64/cups-common-1.4.1-12.2mdv2010.0.x86_64.rpm 8cae31ce49c4d45093a09aab4317c452 2010.0/x86_64/cups-serial-1.4.1-12.2mdv2010.0.x86_64.rpm 330e6c0d2fb1c00c63ac3750b0e3044a 2010.0/x86_64/lib64cups2-1.4.1-12.2mdv2010.0.x86_64.rpm bc7348bba4476c16c35e651b9826431c 2010.0/x86_64/lib64cups2-devel-1.4.1-12.2mdv2010.0.x86_64.rpm cc0081d5748a4e538b1154e110eb74ea 2010.0/x86_64/php-cups-1.4.1-12.2mdv2010.0.x86_64.rpm a3ade5cdca9098f024c821f02e2497d1 2010.0/SRPMS/cups-1.4.1-12.2mdv2010.0.src.rpm
Mandriva Enterprise Server 5: 27242832f57d843a6e96f7be948060f7 mes5/i586/cups-1.3.10-0.4mdvmes5.1.i586.rpm c68061ebd7157579308ba9e3c0a0e988 mes5/i586/cups-common-1.3.10-0.4mdvmes5.1.i586.rpm 2a06820729e49c98883494971dbd839e mes5/i586/cups-serial-1.3.10-0.4mdvmes5.1.i586.rpm f959dac3e1ce73a9c228a56956f50277 mes5/i586/libcups2-1.3.10-0.4mdvmes5.1.i586.rpm eb7ab898a4c42c095cdd82a12527ce78 mes5/i586/libcups2-devel-1.3.10-0.4mdvmes5.1.i586.rpm 64c94ac46b571cafb1610c49a6134031 mes5/i586/php-cups-1.3.10-0.4mdvmes5.1.i586.rpm e2adcd8eec6039164aa45738cec40586 mes5/SRPMS/cups-1.3.10-0.4mdvmes5.1.src.rpm
Mandriva Enterprise Server 5/X86_64: 992e12cd8507d0d58fb6e72ca402429f mes5/x86_64/cups-1.3.10-0.4mdvmes5.1.x86_64.rpm 4528d0e4dccbc15507e8575c98255711 mes5/x86_64/cups-common-1.3.10-0.4mdvmes5.1.x86_64.rpm 3e840cbe6f1883706c14cbafc838478c mes5/x86_64/cups-serial-1.3.10-0.4mdvmes5.1.x86_64.rpm a8cfe7e9c3e82ae1c61b7da0ba7daf26 mes5/x86_64/lib64cups2-1.3.10-0.4mdvmes5.1.x86_64.rpm b377f64dff30db3b76cd7b651f796783 mes5/x86_64/lib64cups2-devel-1.3.10-0.4mdvmes5.1.x86_64.rpm d2b4d6a768bd6083c970d53744e4aeb1 mes5/x86_64/php-cups-1.3.10-0.4mdvmes5.1.x86_64.rpm e2adcd8eec6039164aa45738cec40586 mes5/SRPMS/cups-1.3.10-0.4mdvmes5.1.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. ----------------------------------------------------------------------
Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management
Free webinars
http://secunia.com/vulnerability_scanning/corporate/webinars/
TITLE: Apple Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA40220
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40220/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40220
RELEASE DATE: 2010-06-24
DISCUSS ADVISORY: http://secunia.com/advisories/40220/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/40220/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=40220
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.
1) The CUPS web interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to change CUPS settings if a logged-in administrative user visits a malicious web site.
2) A use-after-free error in CUPS when processing "get-printer-jobs" requests can be exploited to crash "cupsd".
NOTE: "cupsd" is automatically restarted after the crash occurs.
3) An uninitialised memory access error in the CUPS web interface when handling form variables can be exploited to disclose potentially sensitive "cupsd" memory.
4) The "Finder" implementation leaves the ownership of selected files unchanged when "Apply to enclosed items..." is selected in the "Get Info" window, resulting in unexpected permissions.
5) An error in Adobe Flash Player can be exploited to bypass domain sandbox limitations and perform unauthorized cross-domain requests.
For more information: SA38547
6) An error in "Folder Manager" when unmounting disk images containing a malicious "Cleanup At Startup" directory can be exploited to delete arbitrary directories via symlink attacks.
7) An input sanitation error exists in "Help Viewer" when handling "help:" URLs. This can be exploited to execute arbitrary JavaScript code in the context of the local domain and disclose sensitive information or potentially execute arbitrary code.
8) An error in iChat when handling inline image transfers can be exploited to upload files to arbitrary locations on an AIM user's system via directory traversal attacks.
9) Multiple integer overflow errors in LibTIFF can be exploited to cause heap-based buffer overflows and potentially execute arbitrary code.
For more information: SA40181
10) An unspecified error in ImageIO when processing MPEG2 movie files can be exploited to corrupt memory and potentially execute arbitrary code.
11) Multiple integer underflow errors in Kerberos can be exploited to corrupt heap memory and potentially execute arbitrary code.
For more information: SA38080
12) An error in Kerberos can be exploited by malicious users to trigger a double-free and potentially execute arbitrary code.
For more information: SA39420
13) An error in Kerberos when handling authorization data can be exploited to terminate an affected server.
14) An error in libcurl when handling compressed web content can potentially be exploited to cause a buffer overflow and execute arbitrary code.
16) A format string error when handling "afp:", "cifs:", and "smb:" URLs can be exploited to potentially execute arbitrary code.
17) Open Directory establishes plain text connections when binding to network account servers without SSL support. This can be exploited to potentially execute arbitrary code via Man-in-the-Middle (MitM) attacks.
18) An error when handling local network printers having a Unicode character in the service name can be exploited to trigger a printing failure in certain applications.
19) An integer overflow error in the CUPS "cgtexttops" filter can be exploited to corrupt memory and potentially execute arbitrary code.
20) An error in the Ruby WEBrick HTTP server can be exploited to generate error pages interpreted as having an UTF-7 character set. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
21) An error in the configuration of the included Samba distribution can be exploited to gain access to arbitrary files via symlink attacks.
This may be related to: SA38454
22) Multiple errors in SquirrelMail can be exploited to conduct cross-site scripting, cross-site request forgery, session fixation, and phishing attacks.
For more information: SA34627 SA35073
23) Wiki Server does not specify a character set when serving HTML documents. This can be exploited to execute arbitrary HTML and script code in a user's browser session by making a specially crafted post or comment.
SOLUTION: Apply Security Update 2010-004 or update to version 10.6.4.
Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
PROVIDED AND/OR DISCOVERED BY: 1) Adrian 'pagvac' Pastor of Gnucitizen 6, 8, 10, 15, 20) Reported by the vendor.
The vendor also credits: 1) Tim Starling 2) Tim Waugh 3) Luca Carettoni 4) Michi Ruepp of pianobakery.com 7) Clint Ruoho of Laconic Security 9) Kevin Finisterre of digitalmunition.com 16) Ilja van Sprundel of IOActive, and Chris Ries of Carnegie Mellon University Computing Services 18) Filipp Lepalaan of mcare Oy 19) regenrecht working with iDefense
ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT4188
Gnucitizen: http://www.gnucitizen.org/blog/apple-further-locks-down-cups-cve-2010-0540/
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201207-10
http://security.gentoo.org/
Severity: High Title: CUPS: Multiple vulnerabilities Date: July 09, 2012 Bugs: #295256, #308045, #325551, #380771 ID: 201207-10
Synopsis
Multiple vulnerabilities have been found in CUPS, some of which may allow execution of arbitrary code or local privilege escalation.
Background
CUPS, the Common Unix Printing System, is a full-featured print server.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-print/cups < 1.4.8-r1 >= 1.4.8-r1
Description
Multiple vulnerabilities have been discovered in CUPS. Please review the CVE identifiers referenced below for details.
Impact
A remote attacker may be able to execute arbitrary code using specially crafted streams, IPP requests or files, or cause a Denial of Service (daemon crash or hang). A local attacker may be able to gain escalated privileges or overwrite arbitrary files. Furthermore, a remote attacker may be able to obtain sensitive information from the CUPS process or hijack a CUPS administrator authentication request.
Workaround
There is no known workaround at this time.
Resolution
All CUPS users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-print/cups-1.4.8-r1"
NOTE: This is a legacy GLSA. Updates for all affected architectures are available since September 03, 2011. It is likely that your system is already no longer affected by this issue.
References
[ 1 ] CVE-2009-3553 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3553 [ 2 ] CVE-2010-0302 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0302 [ 3 ] CVE-2010-0393 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0393 [ 4 ] CVE-2010-0540 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0540 [ 5 ] CVE-2010-0542 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0542 [ 6 ] CVE-2010-1748 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1748 [ 7 ] CVE-2010-2431 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2431 [ 8 ] CVE-2010-2432 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2432 [ 9 ] CVE-2010-2941 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2941 [ 10 ] CVE-2011-3170 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3170
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201207-10.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201006-0051",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.6.3"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.6.2"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.6.2"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.6.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.5.8"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.6.3"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.6.1"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.5.8"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.6.0"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.6.0"
},
{
"model": "cups",
"scope": "lt",
"trust": 0.8,
"vendor": "cups",
"version": "1.4.4"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.5.8"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.6 to v10.6.3"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.5.8"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.6 to v10.6.3"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "11 express"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3 (x86)"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3 (x86-64)"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3.0"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3.0 (x86-64)"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "4.0"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "4.0 (x86-64)"
},
{
"model": "turbolinux appliance server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "3.0"
},
{
"model": "turbolinux appliance server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "3.0 (x64)"
},
{
"model": "turbolinux client",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "2008"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "11"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "11 (x64)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (ws)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (ws)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.8 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.8 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (server)"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3.0"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.0"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5.0 (client)"
},
{
"model": "rhel desktop workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (client)"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "linux lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"model": "linux lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "solaris express",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "11"
},
{
"model": "linux x86 64 -current",
"scope": null,
"trust": 0.3,
"vendor": "slackware",
"version": null
},
{
"model": "linux x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.1"
},
{
"model": "linux -current",
"scope": null,
"trust": 0.3,
"vendor": "slackware",
"version": null
},
{
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "enterprise linux desktop supplementary client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "enterprise linux desktop multi os client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "enterprise linux as for sap",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "enterprise linux as extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "enterprise linux as extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"model": "enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5.3"
},
{
"model": "enterprise linux as 4.8.z",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "enterprise linux as 4.7.z",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "enterprise linux as 4.6.z",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "enterprise linux as 4.5.z",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"model": "enterprise linux desktop version",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "enterprise linux 5.4.z server",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "enterprise linux beta",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5.4"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5.4"
},
{
"model": "enterprise linux 5.3.z server",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "enterprise linux 5.2.z server",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5.1"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "pardus",
"version": "20090"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.1"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.1"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.0"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.0"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.0"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.0"
},
{
"model": "enterprise server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "software products cups",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.4.2"
},
{
"model": "software products cups",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.4.1"
},
{
"model": "software products cups",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.3.10"
},
{
"model": "software products cups",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.3.9"
},
{
"model": "software products cups",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.3.8"
},
{
"model": "software products cups",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.3.7"
},
{
"model": "software products cups",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.3.6"
},
{
"model": "software products cups",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.3.5"
},
{
"model": "software products cups",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.3.3"
},
{
"model": "software products cups",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.3.2"
},
{
"model": "software products cups",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.2.12"
},
{
"model": "software products cups",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.2.10"
},
{
"model": "software products cups",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.2.9"
},
{
"model": "software products cups",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.2.8"
},
{
"model": "software products cups",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.2.4"
},
{
"model": "software products cups",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.2.2"
},
{
"model": "software products cups rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.1.23"
},
{
"model": "software products cups",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.1.23"
},
{
"model": "software products cups rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.1.22"
},
{
"model": "software products cups",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.1.22"
},
{
"model": "software products cups",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.1.21"
},
{
"model": "software products cups",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.1.20"
},
{
"model": "software products cups rc5",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.1.19"
},
{
"model": "software products cups",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.1.19"
},
{
"model": "software products cups",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.1.18"
},
{
"model": "software products cups",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.1.17"
},
{
"model": "software products cups",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.1.16"
},
{
"model": "software products cups",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.1.15"
},
{
"model": "software products cups",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.1.14"
},
{
"model": "software products cups",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.1.13"
},
{
"model": "software products cups",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.1.12"
},
{
"model": "software products cups",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.1.10"
},
{
"model": "software products cups",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.1.7"
},
{
"model": "software products cups",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.1.6"
},
{
"model": "software products cups",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.1.4-5"
},
{
"model": "software products cups",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.1.4-3"
},
{
"model": "software products cups",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.1.4-2"
},
{
"model": "software products cups",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.1.4"
},
{
"model": "software products cups",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.1.1"
},
{
"model": "software products cups",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.0.4-8"
},
{
"model": "software products cups",
"scope": "eq",
"trust": 0.3,
"vendor": "easy",
"version": "1.0.4"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux armel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1.2"
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1.1"
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1"
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"model": "messaging storage server mm3.0",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"model": "messaging storage server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.0"
},
{
"model": "messaging storage server",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "message networking mn",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"model": "message networking",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1"
},
{
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5"
},
{
"model": "intuity audix lx r1.1",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "intuity audix lx sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"model": "intuity audix lx sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"model": "intuity audix lx",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"model": "intuity audix lx",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.0"
},
{
"model": "intuity audix",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "aura system manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.0"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.8"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.7"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.6"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.7"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5"
},
{
"model": "software products cups",
"scope": "ne",
"trust": 0.3,
"vendor": "easy",
"version": "1.4.4"
},
{
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.4"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.4"
}
],
"sources": [
{
"db": "BID",
"id": "40889"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001645"
},
{
"db": "CNNVD",
"id": "CNNVD-201006-280"
},
{
"db": "NVD",
"id": "CVE-2010-0540"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.5.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2010-0540"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple; Adrian \u0027pagvac\u0027 Pastor of GNUCITIZEN, and Tim Starling; Tim Waugh; Luca Carettoni; Michi Ruepp of pianobakery.com; Clint Ruoho of Laconic Security; Kevin Finisterre of digitalmunition.com; MIT Kerberos Team; Joel Johnson, Debian, Brian Almeida; Emm",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201006-280"
}
],
"trust": 0.6
},
"cve": "CVE-2010-0540",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2010-0540",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "VHN-43145",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2010-0540",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201006-280",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-43145",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-43145"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001645"
},
{
"db": "CNNVD",
"id": "CNNVD-201006-280"
},
{
"db": "NVD",
"id": "CVE-2010-0540"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site request forgery (CSRF) vulnerability in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, allows remote attackers to hijack the authentication of administrators for requests that change settings. CUPS is prone to a cross-site request-forgery vulnerability. This issue affects the CUPS web interface component. \nAttackers can exploit this issue to perform certain administrative actions and gain unauthorized access to the affected application. \nNOTE: This issue was previously covered in BID 40871 (Apple Mac OS X Prior to 10.6.4 Multiple Security Vulnerabilities), but has been given its own record to better document it. Apple Mac OS X is the operating system used by Apple family computers, and Font Book is a font management tool included in Mac OS X. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2176-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nMarch 02, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : cups\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2008-5183 CVE-2009-3553 CVE-2010-0540 CVE-2010-0542 CVE-2010-1748 CVE-2010-2431 CVE-2010-2432 CVE-2010-2941\n\nSeveral vulnerabilities have been discovered in the Common UNIX Printing\nSystem:\n\nCVE-2008-5183\n\n A null pointer dereference in RSS job completion notifications\n could lead to denial of service. \n\nCVE-2009-3553\n\n It was discovered that incorrect file descriptor handling\n could lead to denial of service. \n\nCVE-2010-0540\n\n A cross-site request forgery vulnerability was discovered in\n the web interface. \n\nCVE-2010-0542\n\n Incorrect memory management in the filter subsystem could lead\n to denial of service. \n \nCVE-2010-2431\n \n Emmanuel Bouillon discovered a symlink vulnerability in handling\n of cache files. \n\nCVE-2010-2432\n\n Denial of service in the authentication code. \n\nCVE-2010-2941\n\n Incorrect memory management in the IPP code could lead to denial\n of service or the execution of arbitrary code. \n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.3.8-1+lenny9. \n\nThe stable distribution (squeeze) and the unstable distribution (sid)\nhad already been fixed prior to the initial Squeeze release. \n\nWe recommend that you upgrade your cups packages. \n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.10 (GNU/Linux)\n\niEYEARECAAYFAk1tgPIACgkQXm3vHE4uyloDXQCgxy/m5yHvjnIopjEdPcmdzIW5\nHaAAn1r6v/N27Y5g5O4vudCQgLt7uBPx\n=j7wC\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \n \n Packages for 2009.0 are provided as of the Extended Maintenance\n Program. Please visit this link to learn more:\n http://store.mandriva.com/product_info.php?cPath=149\u0026products_id=490\n \n The updated packages have been patched to correct these issues. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0540\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0542\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1748\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2431\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2941\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2009.0:\n f659df34ee2b206427a38cefbca99cc2 2009.0/i586/cups-1.3.10-0.4mdv2009.0.i586.rpm\n 1b92d2762a23b983f0da6ed527c9cee8 2009.0/i586/cups-common-1.3.10-0.4mdv2009.0.i586.rpm\n a0719dfedbcce4ca02b8f1d69250c67b 2009.0/i586/cups-serial-1.3.10-0.4mdv2009.0.i586.rpm\n 130c8d5b44e513e52d6d40fc22974139 2009.0/i586/libcups2-1.3.10-0.4mdv2009.0.i586.rpm\n 06d0f7f3754246e67ff100ee3e15a6c2 2009.0/i586/libcups2-devel-1.3.10-0.4mdv2009.0.i586.rpm\n 7179976e3a7490deced5374723453065 2009.0/i586/php-cups-1.3.10-0.4mdv2009.0.i586.rpm \n d457f260b56c65d119f3f4577a7dc90f 2009.0/SRPMS/cups-1.3.10-0.4mdv2009.0.src.rpm\n\n Mandriva Linux 2009.0/X86_64:\n 109c1f41b21fbb8e2c97aaeafae1340a 2009.0/x86_64/cups-1.3.10-0.4mdv2009.0.x86_64.rpm\n d0fca9c94c5269fec27a31086c399145 2009.0/x86_64/cups-common-1.3.10-0.4mdv2009.0.x86_64.rpm\n 4ff96778ae90f228ef99d94487d87f77 2009.0/x86_64/cups-serial-1.3.10-0.4mdv2009.0.x86_64.rpm\n 3f0127d51b2cdc9bf661e9de91b52f39 2009.0/x86_64/lib64cups2-1.3.10-0.4mdv2009.0.x86_64.rpm\n 473bdbea1f1379fc46f0523ab5a91e92 2009.0/x86_64/lib64cups2-devel-1.3.10-0.4mdv2009.0.x86_64.rpm\n 6d720a64deac48ca276266bb6895f72d 2009.0/x86_64/php-cups-1.3.10-0.4mdv2009.0.x86_64.rpm \n d457f260b56c65d119f3f4577a7dc90f 2009.0/SRPMS/cups-1.3.10-0.4mdv2009.0.src.rpm\n\n Mandriva Linux 2010.0:\n b896bb55528f9b3f7329bdefbd06e907 2010.0/i586/cups-1.4.1-12.2mdv2010.0.i586.rpm\n 9915c592984b953fc97caeaff6adfd51 2010.0/i586/cups-common-1.4.1-12.2mdv2010.0.i586.rpm\n 9301ef3c2f510317064d543603ce2093 2010.0/i586/cups-serial-1.4.1-12.2mdv2010.0.i586.rpm\n 30b760a74bfe1338139c810e727321c0 2010.0/i586/libcups2-1.4.1-12.2mdv2010.0.i586.rpm\n d6bb4b1902321d01065f5523fe8b8bd1 2010.0/i586/libcups2-devel-1.4.1-12.2mdv2010.0.i586.rpm\n 1e9b384c4ca7bfdd0a5294662e167cbb 2010.0/i586/php-cups-1.4.1-12.2mdv2010.0.i586.rpm \n a3ade5cdca9098f024c821f02e2497d1 2010.0/SRPMS/cups-1.4.1-12.2mdv2010.0.src.rpm\n\n Mandriva Linux 2010.0/X86_64:\n b85a2eb58e0321e8bbe9f0db0b67b270 2010.0/x86_64/cups-1.4.1-12.2mdv2010.0.x86_64.rpm\n c3e5f2aaab48b3569af9adc0fe066e36 2010.0/x86_64/cups-common-1.4.1-12.2mdv2010.0.x86_64.rpm\n 8cae31ce49c4d45093a09aab4317c452 2010.0/x86_64/cups-serial-1.4.1-12.2mdv2010.0.x86_64.rpm\n 330e6c0d2fb1c00c63ac3750b0e3044a 2010.0/x86_64/lib64cups2-1.4.1-12.2mdv2010.0.x86_64.rpm\n bc7348bba4476c16c35e651b9826431c 2010.0/x86_64/lib64cups2-devel-1.4.1-12.2mdv2010.0.x86_64.rpm\n cc0081d5748a4e538b1154e110eb74ea 2010.0/x86_64/php-cups-1.4.1-12.2mdv2010.0.x86_64.rpm \n a3ade5cdca9098f024c821f02e2497d1 2010.0/SRPMS/cups-1.4.1-12.2mdv2010.0.src.rpm\n\n Mandriva Enterprise Server 5:\n 27242832f57d843a6e96f7be948060f7 mes5/i586/cups-1.3.10-0.4mdvmes5.1.i586.rpm\n c68061ebd7157579308ba9e3c0a0e988 mes5/i586/cups-common-1.3.10-0.4mdvmes5.1.i586.rpm\n 2a06820729e49c98883494971dbd839e mes5/i586/cups-serial-1.3.10-0.4mdvmes5.1.i586.rpm\n f959dac3e1ce73a9c228a56956f50277 mes5/i586/libcups2-1.3.10-0.4mdvmes5.1.i586.rpm\n eb7ab898a4c42c095cdd82a12527ce78 mes5/i586/libcups2-devel-1.3.10-0.4mdvmes5.1.i586.rpm\n 64c94ac46b571cafb1610c49a6134031 mes5/i586/php-cups-1.3.10-0.4mdvmes5.1.i586.rpm \n e2adcd8eec6039164aa45738cec40586 mes5/SRPMS/cups-1.3.10-0.4mdvmes5.1.src.rpm\n\n Mandriva Enterprise Server 5/X86_64:\n 992e12cd8507d0d58fb6e72ca402429f mes5/x86_64/cups-1.3.10-0.4mdvmes5.1.x86_64.rpm\n 4528d0e4dccbc15507e8575c98255711 mes5/x86_64/cups-common-1.3.10-0.4mdvmes5.1.x86_64.rpm\n 3e840cbe6f1883706c14cbafc838478c mes5/x86_64/cups-serial-1.3.10-0.4mdvmes5.1.x86_64.rpm\n a8cfe7e9c3e82ae1c61b7da0ba7daf26 mes5/x86_64/lib64cups2-1.3.10-0.4mdvmes5.1.x86_64.rpm\n b377f64dff30db3b76cd7b651f796783 mes5/x86_64/lib64cups2-devel-1.3.10-0.4mdvmes5.1.x86_64.rpm\n d2b4d6a768bd6083c970d53744e4aeb1 mes5/x86_64/php-cups-1.3.10-0.4mdvmes5.1.x86_64.rpm \n e2adcd8eec6039164aa45738cec40586 mes5/SRPMS/cups-1.3.10-0.4mdvmes5.1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. ----------------------------------------------------------------------\n\n\nSecunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management\n\nFree webinars\n\nhttp://secunia.com/vulnerability_scanning/corporate/webinars/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nApple Mac OS X Security Update Fixes Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA40220\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/40220/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=40220\n\nRELEASE DATE:\n2010-06-24\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/40220/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/40220/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=40220\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nApple has issued a security update for Mac OS X, which fixes multiple\nvulnerabilities. \n\n1) The CUPS web interface allows users to perform certain actions via\nHTTP requests without performing any validity checks to verify the\nrequests. This can be exploited to change CUPS settings if a\nlogged-in administrative user visits a malicious web site. \n\n2) A use-after-free error in CUPS when processing \"get-printer-jobs\"\nrequests can be exploited to crash \"cupsd\". \n\nNOTE: \"cupsd\" is automatically restarted after the crash occurs. \n\n3) An uninitialised memory access error in the CUPS web interface\nwhen handling form variables can be exploited to disclose potentially\nsensitive \"cupsd\" memory. \n\n4) The \"Finder\" implementation leaves the ownership of selected files\nunchanged when \"Apply to enclosed items...\" is selected in the \"Get\nInfo\" window, resulting in unexpected permissions. \n\n5) An error in Adobe Flash Player can be exploited to bypass domain\nsandbox limitations and perform unauthorized cross-domain requests. \n\nFor more information:\nSA38547\n\n6) An error in \"Folder Manager\" when unmounting disk images\ncontaining a malicious \"Cleanup At Startup\" directory can be\nexploited to delete arbitrary directories via symlink attacks. \n\n7) An input sanitation error exists in \"Help Viewer\" when handling\n\"help:\" URLs. This can be exploited to execute arbitrary JavaScript\ncode in the context of the local domain and disclose sensitive\ninformation or potentially execute arbitrary code. \n\n8) An error in iChat when handling inline image transfers can be\nexploited to upload files to arbitrary locations on an AIM user\u0027s\nsystem via directory traversal attacks. \n\n9) Multiple integer overflow errors in LibTIFF can be exploited to\ncause heap-based buffer overflows and potentially execute arbitrary\ncode. \n\nFor more information:\nSA40181\n\n10) An unspecified error in ImageIO when processing MPEG2 movie files\ncan be exploited to corrupt memory and potentially execute arbitrary\ncode. \n\n11) Multiple integer underflow errors in Kerberos can be exploited to\ncorrupt heap memory and potentially execute arbitrary code. \n\nFor more information:\nSA38080\n\n12) An error in Kerberos can be exploited by malicious users to\ntrigger a double-free and potentially execute arbitrary code. \n\nFor more information:\nSA39420\n\n13) An error in Kerberos when handling authorization data can be\nexploited to terminate an affected server. \n\n14) An error in libcurl when handling compressed web content can\npotentially be exploited to cause a buffer overflow and execute\narbitrary code. \n\n16) A format string error when handling \"afp:\", \"cifs:\", and \"smb:\"\nURLs can be exploited to potentially execute arbitrary code. \n\n17) Open Directory establishes plain text connections when binding to\nnetwork account servers without SSL support. This can be exploited to\npotentially execute arbitrary code via Man-in-the-Middle (MitM)\nattacks. \n\n18) An error when handling local network printers having a Unicode\ncharacter in the service name can be exploited to trigger a printing\nfailure in certain applications. \n\n19) An integer overflow error in the CUPS \"cgtexttops\" filter can be\nexploited to corrupt memory and potentially execute arbitrary code. \n\n20) An error in the Ruby WEBrick HTTP server can be exploited to\ngenerate error pages interpreted as having an UTF-7 character set. \nThis can be exploited to execute arbitrary HTML and script code in a\nuser\u0027s browser session in context of an affected site. \n\n21) An error in the configuration of the included Samba distribution\ncan be exploited to gain access to arbitrary files via symlink\nattacks. \n\nThis may be related to:\nSA38454\n\n22) Multiple errors in SquirrelMail can be exploited to conduct\ncross-site scripting, cross-site request forgery, session fixation,\nand phishing attacks. \n\nFor more information:\nSA34627\nSA35073\n\n23) Wiki Server does not specify a character set when serving HTML\ndocuments. This can be exploited to execute arbitrary HTML and script\ncode in a user\u0027s browser session by making a specially crafted post or\ncomment. \n\nSOLUTION:\nApply Security Update 2010-004 or update to version 10.6.4. \n\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nPROVIDED AND/OR DISCOVERED BY:\n1) Adrian \u0027pagvac\u0027 Pastor of Gnucitizen\n6, 8, 10, 15, 20) Reported by the vendor. \n\nThe vendor also credits:\n1) Tim Starling\n2) Tim Waugh\n3) Luca Carettoni\n4) Michi Ruepp of pianobakery.com\n7) Clint Ruoho of Laconic Security\n9) Kevin Finisterre of digitalmunition.com\n16) Ilja van Sprundel of IOActive, and Chris Ries of Carnegie Mellon\nUniversity Computing Services\n18) Filipp Lepalaan of mcare Oy\n19) regenrecht working with iDefense\n\nORIGINAL ADVISORY:\nApple:\nhttp://support.apple.com/kb/HT4188\n\nGnucitizen:\nhttp://www.gnucitizen.org/blog/apple-further-locks-down-cups-cve-2010-0540/\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201207-10\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: CUPS: Multiple vulnerabilities\n Date: July 09, 2012\n Bugs: #295256, #308045, #325551, #380771\n ID: 201207-10\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in CUPS, some of which may\nallow execution of arbitrary code or local privilege escalation. \n\nBackground\n==========\n\nCUPS, the Common Unix Printing System, is a full-featured print server. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-print/cups \u003c 1.4.8-r1 \u003e= 1.4.8-r1\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in CUPS. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nA remote attacker may be able to execute arbitrary code using specially\ncrafted streams, IPP requests or files, or cause a Denial of Service\n(daemon crash or hang). A local attacker may be able to gain escalated\nprivileges or overwrite arbitrary files. Furthermore, a remote attacker\nmay be able to obtain sensitive information from the CUPS process or\nhijack a CUPS administrator authentication request. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll CUPS users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-print/cups-1.4.8-r1\"\n\nNOTE: This is a legacy GLSA. Updates for all affected architectures are\navailable since September 03, 2011. It is likely that your system is\nalready no longer affected by this issue. \n\nReferences\n==========\n\n[ 1 ] CVE-2009-3553\n http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3553\n[ 2 ] CVE-2010-0302\n http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0302\n[ 3 ] CVE-2010-0393\n http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0393\n[ 4 ] CVE-2010-0540\n http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0540\n[ 5 ] CVE-2010-0542\n http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0542\n[ 6 ] CVE-2010-1748\n http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1748\n[ 7 ] CVE-2010-2431\n http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2431\n[ 8 ] CVE-2010-2432\n http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2432\n[ 9 ] CVE-2010-2941\n http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2941\n[ 10 ] CVE-2011-3170\n http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3170\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201207-10.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-0540"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001645"
},
{
"db": "BID",
"id": "40889"
},
{
"db": "VULHUB",
"id": "VHN-43145"
},
{
"db": "PACKETSTORM",
"id": "95855"
},
{
"db": "PACKETSTORM",
"id": "98814"
},
{
"db": "PACKETSTORM",
"id": "95852"
},
{
"db": "PACKETSTORM",
"id": "90942"
},
{
"db": "PACKETSTORM",
"id": "114577"
},
{
"db": "PACKETSTORM",
"id": "95860"
}
],
"trust": 2.52
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-43145",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-43145"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-0540",
"trust": 3.4
},
{
"db": "SECUNIA",
"id": "40220",
"trust": 2.7
},
{
"db": "VUPEN",
"id": "ADV-2010-1481",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1024122",
"trust": 1.9
},
{
"db": "BID",
"id": "40871",
"trust": 1.7
},
{
"db": "BID",
"id": "40889",
"trust": 1.2
},
{
"db": "SECUNIA",
"id": "43521",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2011-0535",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2010-1524",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001645",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201006-280",
"trust": 0.7
},
{
"db": "APPLE",
"id": "APPLE-SA-2010-06-15-1",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "95860",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "95852",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "95855",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "90900",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-43145",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "98814",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "90942",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "114577",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-43145"
},
{
"db": "BID",
"id": "40889"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001645"
},
{
"db": "PACKETSTORM",
"id": "95855"
},
{
"db": "PACKETSTORM",
"id": "98814"
},
{
"db": "PACKETSTORM",
"id": "95852"
},
{
"db": "PACKETSTORM",
"id": "90942"
},
{
"db": "PACKETSTORM",
"id": "114577"
},
{
"db": "PACKETSTORM",
"id": "95860"
},
{
"db": "CNNVD",
"id": "CNNVD-201006-280"
},
{
"db": "NVD",
"id": "CVE-2010-0540"
}
]
},
"id": "VAR-201006-0051",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-43145"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T20:46:54.348000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT4188",
"trust": 0.8,
"url": "http://support.apple.com/kb/ht4188"
},
{
"title": "HT4188",
"trust": 0.8,
"url": "http://support.apple.com/kb/ht4188?viewlocale=ja_jp"
},
{
"title": "cups-1.3.7-18.4.0.1.AXS3",
"trust": 0.8,
"url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=1058"
},
{
"title": "STR #3498",
"trust": 0.8,
"url": "http://www.cups.org/str.php?l3498"
},
{
"title": "L596",
"trust": 0.8,
"url": "http://www.cups.org/articles.php?l596"
},
{
"title": "2070",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=2070"
},
{
"title": "RHSA-2010:0490",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2010-0490.html"
},
{
"title": "cross_site_request_forgery_csrf",
"trust": 0.8,
"url": "http://blogs.sun.com/security/entry/cross_site_request_forgery_csrf"
},
{
"title": "TLSA-2010-25",
"trust": 0.8,
"url": "http://www.turbolinux.co.jp/security/2010/tlsa-2010-25j.txt"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-001645"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-43145"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001645"
},
{
"db": "NVD",
"id": "CVE-2010-0540"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://secunia.com/advisories/40220"
},
{
"trust": 2.5,
"url": "http://www.vupen.com/english/advisories/2010/1481"
},
{
"trust": 1.9,
"url": "http://www.securitytracker.com/id?1024122"
},
{
"trust": 1.8,
"url": "http://support.apple.com/kb/ht4188"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2010//jun/msg00001.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/40871"
},
{
"trust": 1.4,
"url": "http://cups.org/articles.php?l596"
},
{
"trust": 1.2,
"url": "http://security.gentoo.org/glsa/glsa-201207-10.xml"
},
{
"trust": 1.1,
"url": "http://cups.org/str.php?l3498"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2011/dsa-2176"
},
{
"trust": 1.1,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2010:232"
},
{
"trust": 1.1,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2010:233"
},
{
"trust": 1.1,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2010:234"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10382"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/43521"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2011/0535"
},
{
"trust": 1.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0540"
},
{
"trust": 0.9,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0540"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/40889"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2010/1524"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0540"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2941"
},
{
"trust": 0.4,
"url": "http://secunia.com/"
},
{
"trust": 0.4,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1748"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2431"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0542"
},
{
"trust": 0.3,
"url": "http://www.apple.com/macosx/"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100091916"
},
{
"trust": 0.3,
"url": "http://blogs.sun.com/security/entry/cross_site_request_forgery_csrf"
},
{
"trust": 0.3,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.3,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.3,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2941"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3553"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2432"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2431"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1748"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0542"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-5183"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "http://store.mandriva.com/product_info.php?cpath=149\u0026products_id=490"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/evm/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/40220/"
},
{
"trust": 0.1,
"url": "http://www.gnucitizen.org/blog/apple-further-locks-down-cups-cve-2010-0540/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=40220"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/webinars/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/40220/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-3553"
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0302"
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0542"
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-1748"
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-2431"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3170"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0393"
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-2941"
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3170"
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-2432"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0302"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0393"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-43145"
},
{
"db": "BID",
"id": "40889"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001645"
},
{
"db": "PACKETSTORM",
"id": "95855"
},
{
"db": "PACKETSTORM",
"id": "98814"
},
{
"db": "PACKETSTORM",
"id": "95852"
},
{
"db": "PACKETSTORM",
"id": "90942"
},
{
"db": "PACKETSTORM",
"id": "114577"
},
{
"db": "PACKETSTORM",
"id": "95860"
},
{
"db": "CNNVD",
"id": "CNNVD-201006-280"
},
{
"db": "NVD",
"id": "CVE-2010-0540"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-43145"
},
{
"db": "BID",
"id": "40889"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001645"
},
{
"db": "PACKETSTORM",
"id": "95855"
},
{
"db": "PACKETSTORM",
"id": "98814"
},
{
"db": "PACKETSTORM",
"id": "95852"
},
{
"db": "PACKETSTORM",
"id": "90942"
},
{
"db": "PACKETSTORM",
"id": "114577"
},
{
"db": "PACKETSTORM",
"id": "95860"
},
{
"db": "CNNVD",
"id": "CNNVD-201006-280"
},
{
"db": "NVD",
"id": "CVE-2010-0540"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-06-17T00:00:00",
"db": "VULHUB",
"id": "VHN-43145"
},
{
"date": "2010-06-15T00:00:00",
"db": "BID",
"id": "40889"
},
{
"date": "2010-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-001645"
},
{
"date": "2010-11-16T01:25:14",
"db": "PACKETSTORM",
"id": "95855"
},
{
"date": "2011-03-02T03:30:00",
"db": "PACKETSTORM",
"id": "98814"
},
{
"date": "2010-11-16T01:04:27",
"db": "PACKETSTORM",
"id": "95852"
},
{
"date": "2010-06-24T15:47:15",
"db": "PACKETSTORM",
"id": "90942"
},
{
"date": "2012-07-10T13:46:02",
"db": "PACKETSTORM",
"id": "114577"
},
{
"date": "2010-11-16T01:29:48",
"db": "PACKETSTORM",
"id": "95860"
},
{
"date": "2010-06-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201006-280"
},
{
"date": "2010-06-17T16:30:01.327000",
"db": "NVD",
"id": "CVE-2010-0540"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-19T00:00:00",
"db": "VULHUB",
"id": "VHN-43145"
},
{
"date": "2015-05-07T17:16:00",
"db": "BID",
"id": "40889"
},
{
"date": "2011-03-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-001645"
},
{
"date": "2010-06-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201006-280"
},
{
"date": "2017-09-19T01:30:26.470000",
"db": "NVD",
"id": "CVE-2010-0540"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "95855"
},
{
"db": "CNNVD",
"id": "CNNVD-201006-280"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple Mac OS X Run on CUPS Vulnerable to cross-site request forgery",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-001645"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201006-280"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.