var-201201-0316
Vulnerability from variot
The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite. NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorized_keys file in its own home directory. The Debian openssh-server package is prone to an information-disclosure vulnerability. Successful exploits will allow attackers to gain access to sensitive information; this may lead to further attacks. Debian openssh-server 1:5.5p1-6+squeeze1 is affected; other versions may also be vulnerable.
The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections (CVE-2010-5107).
The updated packages have been patched to correct these issues.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5107 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0814
Updated Packages:
Mandriva Enterprise Server 5: d4dc59e94c2f0f4ca4ed3d29c05afd9d mes5/i586/openssh-5.1p1-2.3mdvmes5.2.i586.rpm 6bb053a5d82451594d433c0059c5f7a7 mes5/i586/openssh-askpass-5.1p1-2.3mdvmes5.2.i586.rpm cc26585ed65704d2fa6c0bcb102953c7 mes5/i586/openssh-askpass-common-5.1p1-2.3mdvmes5.2.i586.rpm 06ded6e5614c7a188a676550934e98bb mes5/i586/openssh-askpass-gnome-5.1p1-2.3mdvmes5.2.i586.rpm 860932e1a599ec68a150879b9c9abe52 mes5/i586/openssh-clients-5.1p1-2.3mdvmes5.2.i586.rpm fe26afea6473e680a45979a904bb7e3d mes5/i586/openssh-server-5.1p1-2.3mdvmes5.2.i586.rpm baa4beb7bfb76b7706166e7870ddd210 mes5/SRPMS/openssh-5.1p1-2.3mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64: 1c43725b46c279b7295c16e0fb9f43bf mes5/x86_64/openssh-5.1p1-2.3mdvmes5.2.x86_64.rpm d0231e13471148dfed86f75c4f99a2d0 mes5/x86_64/openssh-askpass-5.1p1-2.3mdvmes5.2.x86_64.rpm 2c06080b369ab13a9c95df47336aeb13 mes5/x86_64/openssh-askpass-common-5.1p1-2.3mdvmes5.2.x86_64.rpm 9fc99fb86e43c00139329787c7b3829d mes5/x86_64/openssh-askpass-gnome-5.1p1-2.3mdvmes5.2.x86_64.rpm 63621dfc8b9c4bf731711af418ea5c5f mes5/x86_64/openssh-clients-5.1p1-2.3mdvmes5.2.x86_64.rpm ea5653a3e6d790ce02f11fbcd722801d mes5/x86_64/openssh-server-5.1p1-2.3mdvmes5.2.x86_64.rpm baa4beb7bfb76b7706166e7870ddd210 mes5/SRPMS/openssh-5.1p1-2.3mdvmes5.2.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFRQFi+mqjQ0CJFipgRAuIuAJ9D6e15JXI7YDeAIZqQalKdXEmEWwCgjBoe quBwSmmMLE/orEkpMzGwKbQ= =PJAx -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
ESA-2014-016: EMC VPLEX Multiple Vulnerabilities
EMC Identifier: ESA-2014-016
CVE Identifier: See below for individual CVEs
Severity Rating: CVSS v2 Base Score: See below for individual CVSS scores
Affected products:
All versions from VPLEX GeoSynchrony 4.0 through VPLEX GeoSynchrony 5.2.1 are affected
Summary:
EMC VPLEX GeoSynchrony 5.3 contains fixes for multiple vulnerabilities that could potentially be exploited by malicious users.
Details:
\x95Multiple Vulnerabilities affecting the VPLEX Web GUI. Please refer to the NVD website (http://web.nvd.nist.gov/) for more details on the below CVEs
Path Traversal vulnerability in VPLEX GUI \x96 CVE-2014-0632 CVSS v2 Base Score: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
VPLEX GUI Session Timeout validity vulnerability \x96 CVE-2014-0633 CVSS v2 Base Score: 7.7 (AV:A/AC:L/Au:S/C:C/I:C/A:C)
Missing HttpOnly attribute vulnerability \x96 CVE-2014-0634 CVSS v2 Base Score: 6 (AV:N/AC:M/Au:S/C:P/I:P/A:P)
Session Fixation vulnerability \x96 CVE-2014-0635 CVSS v2 Base Score: 7.5 (AV:N/AC:M/Au:S/C:C/I:P/A:P)
BEAST Attack \x96 CVE-2011-3389 CVSS v2 Base Score: See NVD advisory for the CVSS score.
\x95Multiple Embedded Component Vulnerabilities
Multiple vulnerabilities in the following embedded components of the SLES Operating System have been fixed: Kernel: CVE-2011-1044, CVE-2011-4110, CVE-2012-2136 perl: CVE-2002-2443 krb5: CVE-2013-1667 bind packages: CVE-2012-5166 CVSS v2 Base Score: See NVD advisory for the individual CVSS scores.
Remote Information Disclosure vulnerability in OpenSSH - CVE-2012-0814 CVSS v2 Base Score: See NVD advisory for the CVSS score.
Multiple vulnerabilities in Oracle Java and Apache Tomcat: This release also contains critical security updates for Oracle Java and Apache Tomcat. Oracle Java has been upgraded to 1.6.0_45 and Apache tomcat has been upgraded to 6.0.36. Please refer the following links for more information: Java: http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html Tomcat: https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.36 CVSS v2 Base Score: See vendor advisory for the individual CVSS scores.
Resolution:
EMC recommends all customers to upgrade to VPLEX GeoSynchrony version 5.3 at their earliest opportunity.
Link to remedies:
Customers can download the software from Support Zone.
Read and use the information in this EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact EMC Software Technical Support at 1-877-534-2867.
For an explanation of Severity Ratings, refer to EMC Knowledgebase solution emc218831. EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability.
EMC Corporation distributes EMC Security Advisories, in order to bring to the attention of users of the affected EMC products, important security information. EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (Cygwin)
iEYEARECAAYFAlMy6mgACgkQtjd2rKp+ALwqbACgmMupmaxQ1GTwg1a1onHdgo4Q BxYAn1iAOq12nZ2WudlyECe9hrNp/DEc =7q/t -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201405-06
http://security.gentoo.org/
Severity: High Title: OpenSSH: Multiple vulnerabilities Date: May 11, 2014 Bugs: #231292, #247466, #386307, #410869, #419357, #456006, #505066 ID: 201405-06
Synopsis
Multiple vulnerabilities have been found in OpenSSH, the worst of which may allow remote attackers to execute arbitrary code.
Background
OpenSSH is a complete SSH protocol implementation that includes an SFTP client and server support.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/openssh < 6.6_p1-r1 >= 6.6_p1-r1
Description
Multiple vulnerabilities have been discovered in OpenSSH. Please review the CVE identifiers referenced below for details.
Impact
A remote attacker could execute arbitrary code, cause a Denial of Service condition, obtain sensitive information, or bypass environment restrictions.
Workaround
There is no known workaround at this time.
Resolution
All OpenSSH users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/openssh-6.6_p1-r1"
NOTE: One or more of the issues described in this advisory have been fixed in previous updates. They are included in this advisory for the sake of completeness. It is likely that your system is already no longer affected by them.
References
[ 1 ] CVE-2008-5161 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5161 [ 2 ] CVE-2010-4478 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4478 [ 3 ] CVE-2010-4755 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4755 [ 4 ] CVE-2010-5107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-5107 [ 5 ] CVE-2011-5000 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-5000 [ 6 ] CVE-2012-0814 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0814 [ 7 ] CVE-2014-2532 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2532
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201405-06.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201201-0316",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "openssh",
"scope": "eq",
"trust": 1.6,
"vendor": "openbsd",
"version": "5.3"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.6,
"vendor": "openbsd",
"version": "5.5"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.6,
"vendor": "openbsd",
"version": "1.2"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.6,
"vendor": "openbsd",
"version": "5.4"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.6,
"vendor": "openbsd",
"version": "5.1"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.6,
"vendor": "openbsd",
"version": "5.2"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.6,
"vendor": "openbsd",
"version": "5.0"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.6,
"vendor": "openbsd",
"version": "4.5"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.6,
"vendor": "openbsd",
"version": "4.6"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "3.2.3p1"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "2.9p2"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "2.1"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "3.5p1"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "2.1.1"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "3.2"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "3.2.2p1"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "4.7"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "3.0.1p1"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "4.4"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "3.7.1p1"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "1.5.8"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "3.7.1"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "3.7"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "3.6.1"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "3.8.1"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "3.2.2"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "3.3p1"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "3.0.2"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "2"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "4.9"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "3.1p1"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "4.4p1"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "2.9p1"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "2.9.9"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "1.2.2"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "3.9.1p1"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "3.9"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "3.9.1"
},
{
"model": "openssh",
"scope": "lte",
"trust": 1.0,
"vendor": "openbsd",
"version": "5.6"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "2.5.1"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "4.3p2"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "3.3"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "3.6"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "4.8"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "4.2"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "3.0p1"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "3.1"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "3.8"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "1.2.27"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "2.5.2"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "4.1p1"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "3.0.1"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "4.3"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "2.9.9p2"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "4.0"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "2.5"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "3.8.1p1"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "1.5.7"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "2.3"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "3.4"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "3.6.1p2"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "3.6.1p1"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "3.0"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "3.4p1"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "4.3p1"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "3.7.1p2"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "4.1"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "1.5"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "4.0p1"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "2.9"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "2.3.1"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "4.2p1"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "1.2.1"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "2.2"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "3.5"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "1.3"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "3.0.2p1"
},
{
"model": "openssh",
"scope": "eq",
"trust": 1.0,
"vendor": "openbsd",
"version": "1.2.3"
},
{
"model": "openssh",
"scope": "lt",
"trust": 0.8,
"vendor": "openbsd",
"version": "5.7"
},
{
"model": "openssh",
"scope": "eq",
"trust": 0.6,
"vendor": "openbsd",
"version": "5.6"
},
{
"model": "freeflow print server 93.e0.21c",
"scope": null,
"trust": 0.3,
"vendor": "xerox",
"version": null
},
{
"model": "freeflow print server 91.d2.32",
"scope": null,
"trust": 0.3,
"vendor": "xerox",
"version": null
},
{
"model": "freeflow print server 82.d1.44",
"scope": null,
"trust": 0.3,
"vendor": "xerox",
"version": null
},
{
"model": "freeflow print server 81.d0.73",
"scope": null,
"trust": 0.3,
"vendor": "xerox",
"version": null
},
{
"model": "freeflow print server 73.d2.33",
"scope": null,
"trust": 0.3,
"vendor": "xerox",
"version": null
},
{
"model": "freeflow print server 73.c5.11",
"scope": null,
"trust": 0.3,
"vendor": "xerox",
"version": null
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10"
},
{
"model": "enterprise server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "idp",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "5.1"
},
{
"model": "system integrated management module",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x2"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "flex system integrated management module",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2"
},
{
"model": "flex system chassis management module",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "bladecenter advanced management module",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "vplex geosynchrony",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "5.2.1"
},
{
"model": "vplex geosynchrony sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "5.2"
},
{
"model": "vplex geosynchrony",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "4.0"
},
{
"model": "openssh-server 1:5.5p1-6+squeeze1",
"scope": null,
"trust": 0.3,
"vendor": "debian",
"version": null
},
{
"model": "ip deskphone",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "96x16.2"
},
{
"model": "ip deskphone",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "96x16"
},
{
"model": "solaris",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.7.5.0"
},
{
"model": "idp 5.1r4",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "vplex geosynchrony",
"scope": "ne",
"trust": 0.3,
"vendor": "emc",
"version": "5.3"
}
],
"sources": [
{
"db": "BID",
"id": "51702"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001239"
},
{
"db": "NVD",
"id": "CVE-2012-0814"
},
{
"db": "CNNVD",
"id": "CNNVD-201201-399"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:5.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.8.1p1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:4.3p2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:5.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:1.5.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:2.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.7.1p2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:4.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:4.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.1p1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:2.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:2.9.9p2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.6.1p2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:1.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:4.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:1.5.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:1.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:4.0p1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.5p1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:2.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.7.1p1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.9.1p1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.4p1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:2.9.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:4.1p1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:1.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:4.2p1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:4.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:2.9p1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:2.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:1.2.27:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:2.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:4.4p1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:4.3p1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.3p1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:2.9p2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:4.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-0814"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Bjoern Buerger",
"sources": [
{
"db": "BID",
"id": "51702"
}
],
"trust": 0.3
},
"cve": "CVE-2012-0814",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2012-0814",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-0814",
"trust": 1.8,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201201-399",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2012-0814",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2012-0814"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001239"
},
{
"db": "NVD",
"id": "CVE-2012-0814"
},
{
"db": "CNNVD",
"id": "CNNVD-201201-399"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite. NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorized_keys file in its own home directory. The Debian openssh-server package is prone to an information-disclosure vulnerability. \nSuccessful exploits will allow attackers to gain access to sensitive information; this may lead to further attacks. \nDebian openssh-server 1:5.5p1-6+squeeze1 is affected; other versions may also be vulnerable. \n \n The default configuration of OpenSSH through 6.1 enforces a fixed\n time limit between establishing a TCP connection and completing a\n login, which makes it easier for remote attackers to cause a denial\n of service (connection-slot exhaustion) by periodically making many\n new TCP connections (CVE-2010-5107). \n \n The updated packages have been patched to correct these issues. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5107\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0814\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Enterprise Server 5:\n d4dc59e94c2f0f4ca4ed3d29c05afd9d mes5/i586/openssh-5.1p1-2.3mdvmes5.2.i586.rpm\n 6bb053a5d82451594d433c0059c5f7a7 mes5/i586/openssh-askpass-5.1p1-2.3mdvmes5.2.i586.rpm\n cc26585ed65704d2fa6c0bcb102953c7 mes5/i586/openssh-askpass-common-5.1p1-2.3mdvmes5.2.i586.rpm\n 06ded6e5614c7a188a676550934e98bb mes5/i586/openssh-askpass-gnome-5.1p1-2.3mdvmes5.2.i586.rpm\n 860932e1a599ec68a150879b9c9abe52 mes5/i586/openssh-clients-5.1p1-2.3mdvmes5.2.i586.rpm\n fe26afea6473e680a45979a904bb7e3d mes5/i586/openssh-server-5.1p1-2.3mdvmes5.2.i586.rpm \n baa4beb7bfb76b7706166e7870ddd210 mes5/SRPMS/openssh-5.1p1-2.3mdvmes5.2.src.rpm\n\n Mandriva Enterprise Server 5/X86_64:\n 1c43725b46c279b7295c16e0fb9f43bf mes5/x86_64/openssh-5.1p1-2.3mdvmes5.2.x86_64.rpm\n d0231e13471148dfed86f75c4f99a2d0 mes5/x86_64/openssh-askpass-5.1p1-2.3mdvmes5.2.x86_64.rpm\n 2c06080b369ab13a9c95df47336aeb13 mes5/x86_64/openssh-askpass-common-5.1p1-2.3mdvmes5.2.x86_64.rpm\n 9fc99fb86e43c00139329787c7b3829d mes5/x86_64/openssh-askpass-gnome-5.1p1-2.3mdvmes5.2.x86_64.rpm\n 63621dfc8b9c4bf731711af418ea5c5f mes5/x86_64/openssh-clients-5.1p1-2.3mdvmes5.2.x86_64.rpm\n ea5653a3e6d790ce02f11fbcd722801d mes5/x86_64/openssh-server-5.1p1-2.3mdvmes5.2.x86_64.rpm \n baa4beb7bfb76b7706166e7870ddd210 mes5/SRPMS/openssh-5.1p1-2.3mdvmes5.2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (GNU/Linux)\n\niD8DBQFRQFi+mqjQ0CJFipgRAuIuAJ9D6e15JXI7YDeAIZqQalKdXEmEWwCgjBoe\nquBwSmmMLE/orEkpMzGwKbQ=\n=PJAx\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nESA-2014-016: EMC VPLEX Multiple Vulnerabilities\n\nEMC Identifier: ESA-2014-016 \n\nCVE Identifier: See below for individual CVEs\n\nSeverity Rating: CVSS v2 Base Score: See below for individual CVSS scores\n\nAffected products: \n\nAll versions from VPLEX GeoSynchrony 4.0 through VPLEX GeoSynchrony 5.2.1 are affected\n\nSummary: \n\nEMC VPLEX GeoSynchrony 5.3 contains fixes for multiple vulnerabilities that could potentially be exploited by malicious users. \n\nDetails: \n\n\\x95Multiple Vulnerabilities affecting the VPLEX Web GUI. Please refer to the NVD website (http://web.nvd.nist.gov/) for more details on the below CVEs\n\nPath Traversal vulnerability in VPLEX GUI \\x96 CVE-2014-0632\nCVSS v2 Base Score: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C) \n\nVPLEX GUI Session Timeout validity vulnerability \\x96 CVE-2014-0633 \nCVSS v2 Base Score: 7.7 (AV:A/AC:L/Au:S/C:C/I:C/A:C)\n\nMissing HttpOnly attribute vulnerability \\x96 CVE-2014-0634\nCVSS v2 Base Score: 6 (AV:N/AC:M/Au:S/C:P/I:P/A:P)\n\nSession Fixation vulnerability \\x96 CVE-2014-0635\nCVSS v2 Base Score: 7.5 (AV:N/AC:M/Au:S/C:C/I:P/A:P)\n\nBEAST Attack \\x96 CVE-2011-3389\nCVSS v2 Base Score: See NVD advisory for the CVSS score. \n\n\\x95Multiple Embedded Component Vulnerabilities\n\nMultiple vulnerabilities in the following embedded components of the SLES Operating System have been fixed:\n\tKernel: CVE-2011-1044, CVE-2011-4110, CVE-2012-2136\n\tperl: CVE-2002-2443\n\tkrb5: CVE-2013-1667\n\tbind packages: CVE-2012-5166\nCVSS v2 Base Score: See NVD advisory for the individual CVSS scores. \n\nRemote Information Disclosure vulnerability in OpenSSH - CVE-2012-0814\nCVSS v2 Base Score: See NVD advisory for the CVSS score. \n\nMultiple vulnerabilities in Oracle Java and Apache Tomcat: This release also contains critical security updates for Oracle Java and Apache Tomcat. Oracle Java has been upgraded to 1.6.0_45 and Apache tomcat has been upgraded to 6.0.36. Please refer the following links for more information:\n\tJava: http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html \n\tTomcat: https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.36 \nCVSS v2 Base Score: See vendor advisory for the individual CVSS scores. \n\nResolution:\n \nEMC recommends all customers to upgrade to VPLEX GeoSynchrony version 5.3 at their earliest opportunity. \n\nLink to remedies:\n\nCustomers can download the software from Support Zone. \n\n\nRead and use the information in this EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact EMC Software Technical Support at 1-877-534-2867. \n\nFor an explanation of Severity Ratings, refer to EMC Knowledgebase solution emc218831. EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. \n\nEMC Corporation distributes EMC Security Advisories, in order to bring to the attention of users of the affected EMC products, important security information. EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided \"as is\" without warranty of any kind. EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.13 (Cygwin)\n\niEYEARECAAYFAlMy6mgACgkQtjd2rKp+ALwqbACgmMupmaxQ1GTwg1a1onHdgo4Q\nBxYAn1iAOq12nZ2WudlyECe9hrNp/DEc\n=7q/t\n-----END PGP SIGNATURE-----\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201405-06\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: OpenSSH: Multiple vulnerabilities\n Date: May 11, 2014\n Bugs: #231292, #247466, #386307, #410869, #419357, #456006, #505066\n ID: 201405-06\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSH, the worst of which\nmay allow remote attackers to execute arbitrary code. \n\nBackground\n==========\n\nOpenSSH is a complete SSH protocol implementation that includes an SFTP\nclient and server support. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/openssh \u003c 6.6_p1-r1 \u003e= 6.6_p1-r1 \n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenSSH. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nA remote attacker could execute arbitrary code, cause a Denial of\nService condition, obtain sensitive information, or bypass environment\nrestrictions. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSH users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/openssh-6.6_p1-r1\"\n\nNOTE: One or more of the issues described in this advisory have been\nfixed in previous updates. They are included in this advisory for the\nsake of completeness. It is likely that your system is already no\nlonger affected by them. \n\nReferences\n==========\n\n[ 1 ] CVE-2008-5161\n http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5161\n[ 2 ] CVE-2010-4478\n http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4478\n[ 3 ] CVE-2010-4755\n http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4755\n[ 4 ] CVE-2010-5107\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-5107\n[ 5 ] CVE-2011-5000\n http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-5000\n[ 6 ] CVE-2012-0814\n http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0814\n[ 7 ] CVE-2014-2532\n http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2532\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201405-06.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-0814"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001239"
},
{
"db": "BID",
"id": "51702"
},
{
"db": "VULMON",
"id": "CVE-2012-0814"
},
{
"db": "PACKETSTORM",
"id": "120781"
},
{
"db": "PACKETSTORM",
"id": "125919"
},
{
"db": "PACKETSTORM",
"id": "126580"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-0814",
"trust": 3.1
},
{
"db": "BID",
"id": "51702",
"trust": 1.9
},
{
"db": "OSVDB",
"id": "78706",
"trust": 1.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2012/01/26/15",
"trust": 1.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2012/01/27/4",
"trust": 1.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2012/01/27/1",
"trust": 1.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2012/01/26/16",
"trust": 1.6
},
{
"db": "JUNIPER",
"id": "JSA10673",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001239",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201201-399",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2012-0814",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "120781",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "125919",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126580",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2012-0814"
},
{
"db": "BID",
"id": "51702"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001239"
},
{
"db": "PACKETSTORM",
"id": "120781"
},
{
"db": "PACKETSTORM",
"id": "125919"
},
{
"db": "PACKETSTORM",
"id": "126580"
},
{
"db": "NVD",
"id": "CVE-2012-0814"
},
{
"db": "CNNVD",
"id": "CNNVD-201201-399"
}
]
},
"id": "VAR-201201-0316",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.33333334
},
"last_update_date": "2023-12-18T11:44:45.623000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "657445",
"trust": 0.8,
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657445"
},
{
"title": "auth-options.c",
"trust": 0.8,
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth-options.c"
},
{
"title": "auth-options.c.diff",
"trust": 0.8,
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth-options.c.diff?r1=1.53;r2=1.54"
},
{
"title": "CVE-2012-0814 Credentials Management vulnerability in SSH",
"trust": 0.8,
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2012_0814_credentials_management"
},
{
"title": "Debian CVElist Bug Report Logs: openssh-server: Forced Command handling leaks private information to ssh clients",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=118af0e3124b7ca54e16372b905cb734"
},
{
"title": "EHAPT-Group-Project",
"trust": 0.1,
"url": "https://github.com/amnesthesia/ehapt-group-project "
},
{
"title": "ssh-enum",
"trust": 0.1,
"url": "https://github.com/kaio6fellipe/ssh-enum "
},
{
"title": "pigat",
"trust": 0.1,
"url": "https://github.com/teamssix/pigat "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2012-0814"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001239"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001239"
},
{
"db": "NVD",
"id": "CVE-2012-0814"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657445"
},
{
"trust": 1.6,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10673"
},
{
"trust": 1.6,
"url": "http://openwall.com/lists/oss-security/2012/01/26/15"
},
{
"trust": 1.6,
"url": "http://openwall.com/lists/oss-security/2012/01/26/16"
},
{
"trust": 1.6,
"url": "http://openwall.com/lists/oss-security/2012/01/27/1"
},
{
"trust": 1.6,
"url": "http://openwall.com/lists/oss-security/2012/01/27/4"
},
{
"trust": 1.6,
"url": "http://osvdb.org/78706"
},
{
"trust": 1.6,
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth-options.c.diff?r1=1.53%3br2=1.54"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/51702"
},
{
"trust": 1.6,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72756"
},
{
"trust": 1.0,
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth-options.c"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0814"
},
{
"trust": 0.9,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0814"
},
{
"trust": 0.3,
"url": "http://packages.debian.org/squeeze/openssh-server"
},
{
"trust": 0.3,
"url": "https://downloads.avaya.com/css/p8/documents/100161262"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0814"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-5107"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/advisories/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-5107"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0634"
},
{
"trust": 0.1,
"url": "https://tomcat.apache.org/security-6.html#fixed_in_apache_tomcat_6.0.36"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3389"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1667"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2136"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4110"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-5166"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2002-2443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1044"
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/)"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0632"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0633"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0635"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html"
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-4478"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-5107"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201405-06.xml"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4478"
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-4755"
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2532"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-5161"
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-5161"
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-5000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-2532"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-5000"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4755"
}
],
"sources": [
{
"db": "BID",
"id": "51702"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001239"
},
{
"db": "PACKETSTORM",
"id": "120781"
},
{
"db": "PACKETSTORM",
"id": "125919"
},
{
"db": "PACKETSTORM",
"id": "126580"
},
{
"db": "NVD",
"id": "CVE-2012-0814"
},
{
"db": "CNNVD",
"id": "CNNVD-201201-399"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2012-0814"
},
{
"db": "BID",
"id": "51702"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001239"
},
{
"db": "PACKETSTORM",
"id": "120781"
},
{
"db": "PACKETSTORM",
"id": "125919"
},
{
"db": "PACKETSTORM",
"id": "126580"
},
{
"db": "NVD",
"id": "CVE-2012-0814"
},
{
"db": "CNNVD",
"id": "CNNVD-201201-399"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-01-27T00:00:00",
"db": "VULMON",
"id": "CVE-2012-0814"
},
{
"date": "2012-01-26T00:00:00",
"db": "BID",
"id": "51702"
},
{
"date": "2012-02-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001239"
},
{
"date": "2013-03-13T22:22:00",
"db": "PACKETSTORM",
"id": "120781"
},
{
"date": "2014-03-27T22:22:22",
"db": "PACKETSTORM",
"id": "125919"
},
{
"date": "2014-05-12T18:51:17",
"db": "PACKETSTORM",
"id": "126580"
},
{
"date": "2012-01-27T19:55:01.063000",
"db": "NVD",
"id": "CVE-2012-0814"
},
{
"date": "2012-01-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201201-399"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-13T00:00:00",
"db": "VULMON",
"id": "CVE-2012-0814"
},
{
"date": "2015-05-12T19:46:00",
"db": "BID",
"id": "51702"
},
{
"date": "2013-05-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001239"
},
{
"date": "2023-11-07T02:10:02.853000",
"db": "NVD",
"id": "CVE-2012-0814"
},
{
"date": "2023-04-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201201-399"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "120781"
},
{
"db": "PACKETSTORM",
"id": "126580"
},
{
"db": "CNNVD",
"id": "CNNVD-201201-399"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSSH Vulnerability in which important information is obtained",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001239"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201201-399"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.