Vulnerability-Lookup

CVE-2018-1060 (GCVE-0-2018-1060)

Vulnerability from cvelistv5 – Published: 2018-06-18 14:00 – Updated: 2024-08-05 03:44

Summary

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.

Severity ?

4.3 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CWE

CWE-20

Assigner

redhat

References

URL

Tags

	https://www.debian.org/security/2018/dsa-4306	vendor-advisoryx_refsource_DEBIAN
	http://www.securitytracker.com/id/1042001	vdb-entryx_refsource_SECTRACK
	https://lists.debian.org/debian-lts-announce/2018…	mailing-listx_refsource_MLIST
	https://bugs.python.org/issue32981	x_refsource_CONFIRM
	https://usn.ubuntu.com/3817-2/	vendor-advisoryx_refsource_UBUNTU
	https://docs.python.org/3.6/whatsnew/changelog.ht…	x_refsource_CONFIRM
	https://docs.python.org/3.5/whatsnew/changelog.ht…	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2018:3505	vendor-advisoryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2…	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2018:3041	vendor-advisoryx_refsource_REDHAT
	https://www.debian.org/security/2018/dsa-4307	vendor-advisoryx_refsource_DEBIAN
	https://usn.ubuntu.com/3817-1/	vendor-advisoryx_refsource_UBUNTU
	https://lists.debian.org/debian-lts-announce/2018…	mailing-listx_refsource_MLIST
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://access.redhat.com/errata/RHBA-2019:0327	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:1260	vendor-advisoryx_refsource_REDHAT
	https://support.hpe.com/hpsc/doc/public/display?d…	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2019:3725	vendor-advisoryx_refsource_REDHAT
	https://www.oracle.com/security-alerts/cpujan2020.html	x_refsource_MISC
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE

Impacted products

	Vendor	Product	Version
	[UNKNOWN]	python	Affected: python 2.7.15 Affected: python 3.4.9 Affected: python 3.5.6 Affected: python 3.7.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:44:12.002Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-4306",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4306"
          },
          {
            "name": "1042001",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1042001"
          },
          {
            "name": "[debian-lts-announce] 20180926 [SECURITY] [DLA 1520-1] python3.4 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.python.org/issue32981"
          },
          {
            "name": "USN-3817-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3817-2/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1"
          },
          {
            "name": "RHSA-2018:3505",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3505"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1060"
          },
          {
            "name": "RHSA-2018:3041",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3041"
          },
          {
            "name": "DSA-4307",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4307"
          },
          {
            "name": "USN-3817-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3817-1/"
          },
          {
            "name": "[debian-lts-announce] 20180925 [SECURITY] [DLA 1519-1] python2.7 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html"
          },
          {
            "name": "FEDORA-2019-6e1938a3c5",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/"
          },
          {
            "name": "FEDORA-2019-cf725dd20b",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/"
          },
          {
            "name": "FEDORA-2019-51f1e08207",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/"
          },
          {
            "name": "RHBA-2019:0327",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHBA-2019:0327"
          },
          {
            "name": "RHSA-2019:1260",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1260"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03951en_us"
          },
          {
            "name": "RHSA-2019:3725",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3725"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "name": "openSUSE-SU-2020:0086",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "python",
          "vendor": "[UNKNOWN]",
          "versions": [
            {
              "status": "affected",
              "version": "python 2.7.15"
            },
            {
              "status": "affected",
              "version": "python 3.4.9"
            },
            {
              "status": "affected",
              "version": "python 3.5.6"
            },
            {
              "status": "affected",
              "version": "python 3.7.0"
            }
          ]
        }
      ],
      "datePublic": "2018-03-14T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib\u0027s apop() method. An attacker could use this flaw to cause denial of service."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-21T21:06:22.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "DSA-4306",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4306"
        },
        {
          "name": "1042001",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1042001"
        },
        {
          "name": "[debian-lts-announce] 20180926 [SECURITY] [DLA 1520-1] python3.4 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.python.org/issue32981"
        },
        {
          "name": "USN-3817-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3817-2/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1"
        },
        {
          "name": "RHSA-2018:3505",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3505"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1060"
        },
        {
          "name": "RHSA-2018:3041",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3041"
        },
        {
          "name": "DSA-4307",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4307"
        },
        {
          "name": "USN-3817-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3817-1/"
        },
        {
          "name": "[debian-lts-announce] 20180925 [SECURITY] [DLA 1519-1] python2.7 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html"
        },
        {
          "name": "FEDORA-2019-6e1938a3c5",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/"
        },
        {
          "name": "FEDORA-2019-cf725dd20b",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/"
        },
        {
          "name": "FEDORA-2019-51f1e08207",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/"
        },
        {
          "name": "RHBA-2019:0327",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHBA-2019:0327"
        },
        {
          "name": "RHSA-2019:1260",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1260"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03951en_us"
        },
        {
          "name": "RHSA-2019:3725",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3725"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "name": "openSUSE-SU-2020:0086",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2018-1060",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "python",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "python 2.7.15"
                          },
                          {
                            "version_value": "python 3.4.9"
                          },
                          {
                            "version_value": "python 3.5.6"
                          },
                          {
                            "version_value": "python 3.7.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "[UNKNOWN]"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib\u0027s apop() method. An attacker could use this flaw to cause denial of service."
            }
          ]
        },
        "impact": {
          "cvss": [
            [
              {
                "vectorString": "4.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
                "version": "3.0"
              }
            ]
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-4306",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4306"
            },
            {
              "name": "1042001",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1042001"
            },
            {
              "name": "[debian-lts-announce] 20180926 [SECURITY] [DLA 1520-1] python3.4 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html"
            },
            {
              "name": "https://bugs.python.org/issue32981",
              "refsource": "CONFIRM",
              "url": "https://bugs.python.org/issue32981"
            },
            {
              "name": "USN-3817-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3817-2/"
            },
            {
              "name": "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1",
              "refsource": "CONFIRM",
              "url": "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1"
            },
            {
              "name": "https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1",
              "refsource": "CONFIRM",
              "url": "https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1"
            },
            {
              "name": "RHSA-2018:3505",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3505"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1060",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1060"
            },
            {
              "name": "RHSA-2018:3041",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3041"
            },
            {
              "name": "DSA-4307",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4307"
            },
            {
              "name": "USN-3817-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3817-1/"
            },
            {
              "name": "[debian-lts-announce] 20180925 [SECURITY] [DLA 1519-1] python2.7 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html"
            },
            {
              "name": "FEDORA-2019-6e1938a3c5",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/"
            },
            {
              "name": "FEDORA-2019-cf725dd20b",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/"
            },
            {
              "name": "FEDORA-2019-51f1e08207",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/"
            },
            {
              "name": "RHBA-2019:0327",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHBA-2019:0327"
            },
            {
              "name": "RHSA-2019:1260",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1260"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03951en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03951en_us"
            },
            {
              "name": "RHSA-2019:3725",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3725"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "openSUSE-SU-2020:0086",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2018-1060",
    "datePublished": "2018-06-18T14:00:00.000Z",
    "dateReserved": "2017-12-04T00:00:00.000Z",
    "dateUpdated": "2024-08-05T03:44:12.002Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1060

Vulnerability from fstec - Published: 19.07.2018

Title

Уязвимость метода pop3lib apop() интерпретатора языка программирования Python, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость метода pop3lib apop() интерпретатора языка программирования Python существует из-за недостаточной проверки входных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, вызвать отказ в обслуживании

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vendor

Canonical Ltd., Сообщество свободного программного обеспечения, Fedora Project, ООО «РусБИТех-Астра», Red Hat Inc., Python Software Foundation, Oracle Corp.

Software Name

Ubuntu, Debian GNU/Linux, Fedora, Astra Linux Special Edition (запись в едином реестре российских программ №369), Red Hat Enterprise Linux, Ansible Tower, Python, Sun ZFS Storage Appliance Kit

Software Version

14.04 LTS (Ubuntu), 16.04 LTS (Ubuntu), 9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), 28 (Fedora), 1.6 «Смоленск» (Astra Linux Special Edition), 29 (Fedora), 12.04 ESM (Ubuntu), Server 7.0 (Red Hat Enterprise Linux), Desktop 7.0 (Red Hat Enterprise Linux), Workstation 7.0 (Red Hat Enterprise Linux), 3.3 (Ansible Tower), 30 (Fedora), 8 (Debian GNU/Linux), до 2.7.15 (Python), от 3.0 до 3.4.9 (Python), от 3.5.0 до 3.5.5 (Python), от 3.6.0 до 3.6.4 (Python), от 3.6.5 до 3.7.0 (Python), 8.8.6 (Sun ZFS Storage Appliance Kit)

Possible Mitigations

Использование рекомендаций: Для Astra Linux: https://wiki.astralinux.ru/pages/viewpage.action?pageId=44892734 Для программных продутов Python Software Foundation: https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1 https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1 Для Debian GNU/Linux: https://www.debian.org/security/2018/dsa-4306 https://www.debian.org/security/2018/dsa-4307 https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html Для программных продутов Red Hat Inc.: https://access.redhat.com/errata/RHSA-2018:3041 https://access.redhat.com/security/cve/cve-2018-1060 Для Ubuntu: https://usn.ubuntu.com/3817-1/ https://usn.ubuntu.com/3817-2/ Для Fedora: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/ Для программных продутов Оracle Corp.: https://www.oracle.com/security-alerts/cpujan2020.html

Reference

https://www.cvedetails.com/cve/CVE-2018-1060/?q=CVE-2018-1060 https://wiki.astralinux.ru/pages/viewpage.action?pageId=44892734 https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1 https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1 https://www.debian.org/security/2018/dsa-4306 https://www.debian.org/security/2018/dsa-4307 https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html https://access.redhat.com/errata/RHSA-2018:3041 https://access.redhat.com/security/cve/cve-2018-1060 https://usn.ubuntu.com/3817-1/ https://usn.ubuntu.com/3817-2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/ https://nvd.nist.gov/vuln/detail/CVE-2018-1060 https://www.oracle.com/security-alerts/public-vuln-to-advisory-mapping.html https://www.oracle.com/security-alerts/cpujan2020.html

CWE

CWE-20

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Canonical Ltd., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Fedora Project, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Red Hat Inc., Python Software Foundation, Oracle Corp.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "14.04 LTS (Ubuntu), 16.04 LTS (Ubuntu), 9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), 28 (Fedora), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 29 (Fedora), 12.04 ESM (Ubuntu), Server 7.0 (Red Hat Enterprise Linux), Desktop 7.0 (Red Hat Enterprise Linux), Workstation 7.0 (Red Hat Enterprise Linux), 3.3 (Ansible Tower), 30 (Fedora), 8 (Debian GNU/Linux), \u0434\u043e 2.7.15 (Python), \u043e\u0442 3.0 \u0434\u043e 3.4.9 (Python), \u043e\u0442 3.5.0 \u0434\u043e 3.5.5 (Python), \u043e\u0442 3.6.0 \u0434\u043e 3.6.4 (Python), \u043e\u0442 3.6.5 \u0434\u043e 3.7.0 (Python), 8.8.6 (Sun ZFS Storage Appliance Kit)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Astra Linux:\nhttps://wiki.astralinux.ru/pages/viewpage.action?pageId=44892734\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u0442\u043e\u0432 Python Software Foundation: \nhttps://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1\nhttps://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://www.debian.org/security/2018/dsa-4306\nhttps://www.debian.org/security/2018/dsa-4307\nhttps://lists.debian.org/debian-lts-announce/2018/09/msg00031.html\nhttps://lists.debian.org/debian-lts-announce/2018/09/msg00030.html\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/errata/RHSA-2018:3041\nhttps://access.redhat.com/security/cve/cve-2018-1060\n\n\u0414\u043b\u044f Ubuntu:\nhttps://usn.ubuntu.com/3817-1/\nhttps://usn.ubuntu.com/3817-2/\n\n\u0414\u043b\u044f Fedora:\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u0442\u043e\u0432 \u041eracle Corp.:\nhttps://www.oracle.com/security-alerts/cpujan2020.html",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "19.07.2018",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "03.02.2020",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "25.11.2019",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-04237",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2018-1060",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Ubuntu, Debian GNU/Linux, Fedora, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Red Hat Enterprise Linux, Ansible Tower, Python, Sun ZFS Storage Appliance Kit",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Canonical Ltd. Ubuntu 14.04 LTS , Canonical Ltd. Ubuntu 16.04 LTS , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , Canonical Ltd. Ubuntu 18.04 LTS , Fedora Project Fedora 28 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Fedora Project Fedora 29 , Canonical Ltd. Ubuntu 12.04 ESM , Red Hat Inc. Red Hat Enterprise Linux Server 7.0 , Red Hat Inc. Red Hat Enterprise Linux Desktop 7.0 , Red Hat Inc. Red Hat Enterprise Linux Workstation 7.0 , Fedora Project Fedora 30 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0435\u0442\u043e\u0434\u0430 pop3lib apop() \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0430\u0442\u043e\u0440\u0430 \u044f\u0437\u044b\u043a\u0430 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f Python, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0435\u0442\u043e\u0434\u0430 pop3lib apop() \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0430\u0442\u043e\u0440\u0430 \u044f\u0437\u044b\u043a\u0430 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f Python \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0438\u0437-\u0437\u0430 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.cvedetails.com/cve/CVE-2018-1060/?q=CVE-2018-1060\nhttps://wiki.astralinux.ru/pages/viewpage.action?pageId=44892734\nhttps://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1\nhttps://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1\nhttps://www.debian.org/security/2018/dsa-4306\nhttps://www.debian.org/security/2018/dsa-4307\nhttps://lists.debian.org/debian-lts-announce/2018/09/msg00031.html\nhttps://lists.debian.org/debian-lts-announce/2018/09/msg00030.html\nhttps://access.redhat.com/errata/RHSA-2018:3041\nhttps://access.redhat.com/security/cve/cve-2018-1060\nhttps://usn.ubuntu.com/3817-1/\nhttps://usn.ubuntu.com/3817-2/\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1060\nhttps://www.oracle.com/security-alerts/public-vuln-to-advisory-mapping.html\nhttps://www.oracle.com/security-alerts/cpujan2020.html",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}

GHSA-7HP6-577H-HCGR

Vulnerability from github – Published: 2022-05-13 01:28 – Updated: 2022-05-13 01:28

Details

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.

Severity ?

7.5 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-1060"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-06-18T14:29:00Z",
    "severity": "HIGH"
  },
  "details": "python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib\u0027s apop() method. An attacker could use this flaw to cause denial of service.",
  "id": "GHSA-7hp6-577h-hcgr",
  "modified": "2022-05-13T01:28:55Z",
  "published": "2022-05-13T01:28:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1060"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2018/dsa-4307"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2018/dsa-4306"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3817-2"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3817-1"
    },
    {
      "type": "WEB",
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03951en_us"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html"
    },
    {
      "type": "WEB",
      "url": "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1"
    },
    {
      "type": "WEB",
      "url": "https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1060"
    },
    {
      "type": "WEB",
      "url": "https://bugs.python.org/issue32981"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:3725"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:1260"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:3505"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:3041"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHBA-2019:0327"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1042001"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CERTFR-2022-AVI-267

Vulnerability from certfr_avis - Published: 2022-03-23 - Updated: 2022-03-23

De multiples vulnérabilités ont été découvertes dans Juniper Networks Junos Space. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Juniper Networks	Junos Space	Juniper Networks Junos Space versions antérieures à 21.1R1

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA11176 du 22 mars 2022

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Juniper Networks Junos Space versions ant\u00e9rieures \u00e0 21.1R1",
      "product": {
        "name": "Junos Space",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-13078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13078"
    },
    {
      "name": "CVE-2017-13077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13077"
    },
    {
      "name": "CVE-2017-13080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13080"
    },
    {
      "name": "CVE-2017-13082",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13082"
    },
    {
      "name": "CVE-2017-13088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13088"
    },
    {
      "name": "CVE-2017-13086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13086"
    },
    {
      "name": "CVE-2017-13087",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13087"
    },
    {
      "name": "CVE-2017-5715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5715"
    },
    {
      "name": "CVE-2018-3639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3639"
    },
    {
      "name": "CVE-2007-1351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1351"
    },
    {
      "name": "CVE-2007-1352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1352"
    },
    {
      "name": "CVE-2007-6284",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6284"
    },
    {
      "name": "CVE-2008-2935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2935"
    },
    {
      "name": "CVE-2008-3281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3281"
    },
    {
      "name": "CVE-2008-3529",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3529"
    },
    {
      "name": "CVE-2008-4226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4226"
    },
    {
      "name": "CVE-2008-4225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4225"
    },
    {
      "name": "CVE-2009-2414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2414"
    },
    {
      "name": "CVE-2009-2416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2416"
    },
    {
      "name": "CVE-2008-5161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5161"
    },
    {
      "name": "CVE-2010-4008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4008"
    },
    {
      "name": "CVE-2011-0411",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0411"
    },
    {
      "name": "CVE-2011-1720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1720"
    },
    {
      "name": "CVE-2011-0216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0216"
    },
    {
      "name": "CVE-2011-2834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2834"
    },
    {
      "name": "CVE-2011-2895",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2895"
    },
    {
      "name": "CVE-2011-3905",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3905"
    },
    {
      "name": "CVE-2011-3919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3919"
    },
    {
      "name": "CVE-2012-0841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0841"
    },
    {
      "name": "CVE-2011-1944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1944"
    },
    {
      "name": "CVE-2012-2807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2807"
    },
    {
      "name": "CVE-2012-2870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2870"
    },
    {
      "name": "CVE-2012-5134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5134"
    },
    {
      "name": "CVE-2011-3102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3102"
    },
    {
      "name": "CVE-2013-2877",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2877"
    },
    {
      "name": "CVE-2013-0338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0338"
    },
    {
      "name": "CVE-2012-6139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6139"
    },
    {
      "name": "CVE-2013-2566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2566"
    },
    {
      "name": "CVE-2013-6462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6462"
    },
    {
      "name": "CVE-2014-0211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0211"
    },
    {
      "name": "CVE-2014-3660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3660"
    },
    {
      "name": "CVE-2015-1803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1803"
    },
    {
      "name": "CVE-2015-1804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1804"
    },
    {
      "name": "CVE-2015-1802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1802"
    },
    {
      "name": "CVE-2015-2716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2716"
    },
    {
      "name": "CVE-2015-5352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5352"
    },
    {
      "name": "CVE-2015-2808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2808"
    },
    {
      "name": "CVE-2014-8991",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8991"
    },
    {
      "name": "CVE-2014-7185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-7185"
    },
    {
      "name": "CVE-2014-9365",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9365"
    },
    {
      "name": "CVE-2015-6838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6838"
    },
    {
      "name": "CVE-2015-6837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6837"
    },
    {
      "name": "CVE-2015-7995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7995"
    },
    {
      "name": "CVE-2015-8035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8035"
    },
    {
      "name": "CVE-2015-7499",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7499"
    },
    {
      "name": "CVE-2015-8242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8242"
    },
    {
      "name": "CVE-2015-7500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7500"
    },
    {
      "name": "CVE-2016-1762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1762"
    },
    {
      "name": "CVE-2015-5312",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5312"
    },
    {
      "name": "CVE-2016-1839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1839"
    },
    {
      "name": "CVE-2016-1833",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1833"
    },
    {
      "name": "CVE-2016-1837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1837"
    },
    {
      "name": "CVE-2016-1834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1834"
    },
    {
      "name": "CVE-2016-1840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1840"
    },
    {
      "name": "CVE-2016-1836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1836"
    },
    {
      "name": "CVE-2016-1838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1838"
    },
    {
      "name": "CVE-2016-1684",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1684"
    },
    {
      "name": "CVE-2016-1683",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1683"
    },
    {
      "name": "CVE-2016-4448",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4448"
    },
    {
      "name": "CVE-2016-4447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4447"
    },
    {
      "name": "CVE-2016-4449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4449"
    },
    {
      "name": "CVE-2016-5131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5131"
    },
    {
      "name": "CVE-2015-0975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0975"
    },
    {
      "name": "CVE-2016-4658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4658"
    },
    {
      "name": "CVE-2016-2183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2183"
    },
    {
      "name": "CVE-2016-3627",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3627"
    },
    {
      "name": "CVE-2016-3115",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3115"
    },
    {
      "name": "CVE-2016-5636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5636"
    },
    {
      "name": "CVE-2017-7375",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7375"
    },
    {
      "name": "CVE-2017-7376",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7376"
    },
    {
      "name": "CVE-2017-7773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7773"
    },
    {
      "name": "CVE-2017-7772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7772"
    },
    {
      "name": "CVE-2017-7778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7778"
    },
    {
      "name": "CVE-2017-7771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7771"
    },
    {
      "name": "CVE-2017-7774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7774"
    },
    {
      "name": "CVE-2017-7776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7776"
    },
    {
      "name": "CVE-2017-7777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7777"
    },
    {
      "name": "CVE-2017-7775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7775"
    },
    {
      "name": "CVE-2017-6463",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6463"
    },
    {
      "name": "CVE-2017-6462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6462"
    },
    {
      "name": "CVE-2017-6464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6464"
    },
    {
      "name": "CVE-2017-14492",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14492"
    },
    {
      "name": "CVE-2017-14496",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14496"
    },
    {
      "name": "CVE-2017-14491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14491"
    },
    {
      "name": "CVE-2017-14493",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14493"
    },
    {
      "name": "CVE-2017-14494",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14494"
    },
    {
      "name": "CVE-2017-14495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14495"
    },
    {
      "name": "CVE-2017-5130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5130"
    },
    {
      "name": "CVE-2017-3736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3736"
    },
    {
      "name": "CVE-2017-3735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3735"
    },
    {
      "name": "CVE-2017-15412",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-15412"
    },
    {
      "name": "CVE-2017-3738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3738"
    },
    {
      "name": "CVE-2017-3737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3737"
    },
    {
      "name": "CVE-2017-17807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17807"
    },
    {
      "name": "CVE-2018-0739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0739"
    },
    {
      "name": "CVE-2017-16931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-16931"
    },
    {
      "name": "CVE-2018-11214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11214"
    },
    {
      "name": "CVE-2015-9019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-9019"
    },
    {
      "name": "CVE-2017-18258",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-18258"
    },
    {
      "name": "CVE-2017-16932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-16932"
    },
    {
      "name": "CVE-2016-9318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9318"
    },
    {
      "name": "CVE-2018-1000120",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000120"
    },
    {
      "name": "CVE-2018-1000007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000007"
    },
    {
      "name": "CVE-2018-1000121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000121"
    },
    {
      "name": "CVE-2018-1000122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000122"
    },
    {
      "name": "CVE-2018-0732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0732"
    },
    {
      "name": "CVE-2018-6914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-6914"
    },
    {
      "name": "CVE-2017-0898",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0898"
    },
    {
      "name": "CVE-2018-8778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8778"
    },
    {
      "name": "CVE-2017-14033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14033"
    },
    {
      "name": "CVE-2018-8780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8780"
    },
    {
      "name": "CVE-2017-17742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17742"
    },
    {
      "name": "CVE-2017-10784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10784"
    },
    {
      "name": "CVE-2017-17405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17405"
    },
    {
      "name": "CVE-2018-8779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8779"
    },
    {
      "name": "CVE-2017-14064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14064"
    },
    {
      "name": "CVE-2018-8777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8777"
    },
    {
      "name": "CVE-2018-16395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16395"
    },
    {
      "name": "CVE-2018-0737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0737"
    },
    {
      "name": "CVE-2018-16396",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16396"
    },
    {
      "name": "CVE-2018-0495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0495"
    },
    {
      "name": "CVE-2018-0734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0734"
    },
    {
      "name": "CVE-2018-5407",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5407"
    },
    {
      "name": "CVE-2018-1126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1126"
    },
    {
      "name": "CVE-2018-7858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7858"
    },
    {
      "name": "CVE-2018-1124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1124"
    },
    {
      "name": "CVE-2018-10897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10897"
    },
    {
      "name": "CVE-2018-1064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1064"
    },
    {
      "name": "CVE-2018-5683",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5683"
    },
    {
      "name": "CVE-2017-13672",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13672"
    },
    {
      "name": "CVE-2018-11212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11212"
    },
    {
      "name": "CVE-2017-18267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-18267"
    },
    {
      "name": "CVE-2018-13988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-13988"
    },
    {
      "name": "CVE-2018-20169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20169"
    },
    {
      "name": "CVE-2018-19985",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-19985"
    },
    {
      "name": "CVE-2019-1559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
    },
    {
      "name": "CVE-2019-6133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6133"
    },
    {
      "name": "CVE-2018-18311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18311"
    },
    {
      "name": "CVE-2018-12127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12127"
    },
    {
      "name": "CVE-2018-12130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12130"
    },
    {
      "name": "CVE-2019-11091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11091"
    },
    {
      "name": "CVE-2018-12126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12126"
    },
    {
      "name": "CVE-2019-9503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9503"
    },
    {
      "name": "CVE-2019-10132",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10132"
    },
    {
      "name": "CVE-2019-11190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11190"
    },
    {
      "name": "CVE-2019-11884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11884"
    },
    {
      "name": "CVE-2019-11487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11487"
    },
    {
      "name": "CVE-2019-12382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12382"
    },
    {
      "name": "CVE-2018-7191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7191"
    },
    {
      "name": "CVE-2019-5953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5953"
    },
    {
      "name": "CVE-2019-12614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12614"
    },
    {
      "name": "CVE-2019-11729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11729"
    },
    {
      "name": "CVE-2019-11727",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11727"
    },
    {
      "name": "CVE-2019-11719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11719"
    },
    {
      "name": "CVE-2018-1060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1060"
    },
    {
      "name": "CVE-2018-12327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12327"
    },
    {
      "name": "CVE-2018-1061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1061"
    },
    {
      "name": "CVE-2019-10639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10639"
    },
    {
      "name": "CVE-2019-10638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10638"
    },
    {
      "name": "CVE-2018-20836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20836"
    },
    {
      "name": "CVE-2019-13233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13233"
    },
    {
      "name": "CVE-2019-14283",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14283"
    },
    {
      "name": "CVE-2019-13648",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13648"
    },
    {
      "name": "CVE-2019-10207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10207"
    },
    {
      "name": "CVE-2015-9289",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-9289"
    },
    {
      "name": "CVE-2019-14816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14816"
    },
    {
      "name": "CVE-2019-15239",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-15239"
    },
    {
      "name": "CVE-2019-15917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-15917"
    },
    {
      "name": "CVE-2017-18551",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-18551"
    },
    {
      "name": "CVE-2019-15217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-15217"
    },
    {
      "name": "CVE-2019-14821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14821"
    },
    {
      "name": "CVE-2019-11068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11068"
    },
    {
      "name": "CVE-2018-18066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18066"
    },
    {
      "name": "CVE-2019-15903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-15903"
    },
    {
      "name": "CVE-2019-17666",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17666"
    },
    {
      "name": "CVE-2019-17133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17133"
    },
    {
      "name": "CVE-2018-12207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12207"
    },
    {
      "name": "CVE-2019-11135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11135"
    },
    {
      "name": "CVE-2019-0154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0154"
    },
    {
      "name": "CVE-2019-17055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17055"
    },
    {
      "name": "CVE-2019-17053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17053"
    },
    {
      "name": "CVE-2019-16746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16746"
    },
    {
      "name": "CVE-2019-0155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0155"
    },
    {
      "name": "CVE-2019-16233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16233"
    },
    {
      "name": "CVE-2019-15807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-15807"
    },
    {
      "name": "CVE-2019-16231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16231"
    },
    {
      "name": "CVE-2019-11756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11756"
    },
    {
      "name": "CVE-2019-11745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11745"
    },
    {
      "name": "CVE-2019-19058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19058"
    },
    {
      "name": "CVE-2019-14895",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14895"
    },
    {
      "name": "CVE-2019-19046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19046"
    },
    {
      "name": "CVE-2019-15916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-15916"
    },
    {
      "name": "CVE-2019-18660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-18660"
    },
    {
      "name": "CVE-2019-19063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19063"
    },
    {
      "name": "CVE-2019-19062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19062"
    },
    {
      "name": "CVE-2018-14526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14526"
    },
    {
      "name": "CVE-2019-13734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13734"
    },
    {
      "name": "CVE-2019-19530",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19530"
    },
    {
      "name": "CVE-2019-19534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19534"
    },
    {
      "name": "CVE-2019-19524",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19524"
    },
    {
      "name": "CVE-2019-14901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14901"
    },
    {
      "name": "CVE-2019-19537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19537"
    },
    {
      "name": "CVE-2019-19523",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19523"
    },
    {
      "name": "CVE-2019-19338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19338"
    },
    {
      "name": "CVE-2019-19332",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19332"
    },
    {
      "name": "CVE-2019-19527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19527"
    },
    {
      "name": "CVE-2019-18808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-18808"
    },
    {
      "name": "CVE-2019-19767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19767"
    },
    {
      "name": "CVE-2019-19807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19807"
    },
    {
      "name": "CVE-2019-19055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19055"
    },
    {
      "name": "CVE-2019-17023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17023"
    },
    {
      "name": "CVE-2019-9824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9824"
    },
    {
      "name": "CVE-2019-9636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9636"
    },
    {
      "name": "CVE-2019-12749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12749"
    },
    {
      "name": "CVE-2019-19447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19447"
    },
    {
      "name": "CVE-2019-20095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20095"
    },
    {
      "name": "CVE-2019-20054",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20054"
    },
    {
      "name": "CVE-2019-18634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-18634"
    },
    {
      "name": "CVE-2019-14898",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14898"
    },
    {
      "name": "CVE-2019-16994",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16994"
    },
    {
      "name": "CVE-2019-18282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-18282"
    },
    {
      "name": "CVE-2020-2732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2732"
    },
    {
      "name": "CVE-2019-19059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19059"
    },
    {
      "name": "CVE-2019-3901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3901"
    },
    {
      "name": "CVE-2020-9383",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9383"
    },
    {
      "name": "CVE-2020-8647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8647"
    },
    {
      "name": "CVE-2020-8649",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8649"
    },
    {
      "name": "CVE-2020-1749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1749"
    },
    {
      "name": "CVE-2019-9458",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9458"
    },
    {
      "name": "CVE-2020-10942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10942"
    },
    {
      "name": "CVE-2019-9454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9454"
    },
    {
      "name": "CVE-2020-11565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11565"
    },
    {
      "name": "CVE-2020-10690",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10690"
    },
    {
      "name": "CVE-2020-10751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10751"
    },
    {
      "name": "CVE-2020-12826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12826"
    },
    {
      "name": "CVE-2020-12654",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12654"
    },
    {
      "name": "CVE-2020-10732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10732"
    },
    {
      "name": "CVE-2019-20636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20636"
    },
    {
      "name": "CVE-2019-20811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20811"
    },
    {
      "name": "CVE-2020-12653",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12653"
    },
    {
      "name": "CVE-2020-10757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10757"
    },
    {
      "name": "CVE-2020-12770",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12770"
    },
    {
      "name": "CVE-2020-12888",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12888"
    },
    {
      "name": "CVE-2020-12402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12402"
    },
    {
      "name": "CVE-2018-16881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16881"
    },
    {
      "name": "CVE-2018-19519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-19519"
    },
    {
      "name": "CVE-2020-10713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10713"
    },
    {
      "name": "CVE-2020-14311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14311"
    },
    {
      "name": "CVE-2020-14309",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14309"
    },
    {
      "name": "CVE-2020-15706",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15706"
    },
    {
      "name": "CVE-2020-14308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14308"
    },
    {
      "name": "CVE-2020-14310",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14310"
    },
    {
      "name": "CVE-2020-15705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15705"
    },
    {
      "name": "CVE-2020-15707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15707"
    },
    {
      "name": "CVE-2020-14331",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14331"
    },
    {
      "name": "CVE-2020-10769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10769"
    },
    {
      "name": "CVE-2020-14364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14364"
    },
    {
      "name": "CVE-2020-12400",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12400"
    },
    {
      "name": "CVE-2020-12401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12401"
    },
    {
      "name": "CVE-2020-6829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6829"
    },
    {
      "name": "CVE-2020-14314",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14314"
    },
    {
      "name": "CVE-2020-24394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24394"
    },
    {
      "name": "CVE-2020-25212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25212"
    },
    {
      "name": "CVE-2020-14305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14305"
    },
    {
      "name": "CVE-2020-10742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10742"
    },
    {
      "name": "CVE-2020-14385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14385"
    },
    {
      "name": "CVE-2020-25643",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25643"
    },
    {
      "name": "CVE-2020-15999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15999"
    },
    {
      "name": "CVE-2018-20843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20843"
    },
    {
      "name": "CVE-2018-5729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5729"
    },
    {
      "name": "CVE-2018-5730",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5730"
    },
    {
      "name": "CVE-2020-13817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13817"
    },
    {
      "name": "CVE-2020-11868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11868"
    },
    {
      "name": "CVE-2021-3156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3156"
    },
    {
      "name": "CVE-2019-17006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17006"
    },
    {
      "name": "CVE-2019-13232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13232"
    },
    {
      "name": "CVE-2020-10531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10531"
    },
    {
      "name": "CVE-2019-8696",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8696"
    },
    {
      "name": "CVE-2019-20907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20907"
    },
    {
      "name": "CVE-2019-8675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8675"
    },
    {
      "name": "CVE-2017-12652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12652"
    },
    {
      "name": "CVE-2019-12450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12450"
    },
    {
      "name": "CVE-2020-12825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12825"
    },
    {
      "name": "CVE-2020-12243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12243"
    },
    {
      "name": "CVE-2019-14866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14866"
    },
    {
      "name": "CVE-2020-1983",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1983"
    },
    {
      "name": "CVE-2019-5188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5188"
    },
    {
      "name": "CVE-2019-5094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5094"
    },
    {
      "name": "CVE-2020-10754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10754"
    },
    {
      "name": "CVE-2020-12049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12049"
    },
    {
      "name": "CVE-2019-14822",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14822"
    },
    {
      "name": "CVE-2020-14363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14363"
    },
    {
      "name": "CVE-2019-9924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9924"
    },
    {
      "name": "CVE-2018-18751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18751"
    },
    {
      "name": "CVE-2019-9948",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9948"
    },
    {
      "name": "CVE-2019-20386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20386"
    },
    {
      "name": "CVE-2017-13722",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13722"
    },
    {
      "name": "CVE-2014-0210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0210"
    },
    {
      "name": "CVE-2018-16403",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16403"
    },
    {
      "name": "CVE-2018-15746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15746"
    },
    {
      "name": "CVE-2014-6272",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6272"
    },
    {
      "name": "CVE-2019-7638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7638"
    },
    {
      "name": "CVE-2015-8241",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8241"
    },
    {
      "name": "CVE-2019-10155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10155"
    },
    {
      "name": "CVE-2018-11813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11813"
    },
    {
      "name": "CVE-2018-18310",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18310"
    },
    {
      "name": "CVE-2018-1084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1084"
    },
    {
      "name": "CVE-2020-12662",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12662"
    },
    {
      "name": "CVE-2012-4423",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-4423"
    },
    {
      "name": "CVE-2017-0902",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0902"
    },
    {
      "name": "CVE-2018-8945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8945"
    },
    {
      "name": "CVE-2017-0899",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0899"
    },
    {
      "name": "CVE-2010-2239",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2239"
    },
    {
      "name": "CVE-2010-2242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2242"
    },
    {
      "name": "CVE-2017-14167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14167"
    },
    {
      "name": "CVE-2015-0225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0225"
    },
    {
      "name": "CVE-2019-11324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11324"
    },
    {
      "name": "CVE-2013-6458",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6458"
    },
    {
      "name": "CVE-2018-1000075",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000075"
    },
    {
      "name": "CVE-2018-15857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15857"
    },
    {
      "name": "CVE-2018-16062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16062"
    },
    {
      "name": "CVE-2018-10534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10534"
    },
    {
      "name": "CVE-2014-0179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0179"
    },
    {
      "name": "CVE-2018-18384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18384"
    },
    {
      "name": "CVE-2013-1766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1766"
    },
    {
      "name": "CVE-2016-6580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6580"
    },
    {
      "name": "CVE-2018-12697",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12697"
    },
    {
      "name": "CVE-2018-1000301",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000301"
    },
    {
      "name": "CVE-2019-11236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11236"
    },
    {
      "name": "CVE-2019-12155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12155"
    },
    {
      "name": "CVE-2017-0900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0900"
    },
    {
      "name": "CVE-2014-3598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3598"
    },
    {
      "name": "CVE-2017-1000050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000050"
    },
    {
      "name": "CVE-2018-10535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10535"
    },
    {
      "name": "CVE-2019-3820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3820"
    },
    {
      "name": "CVE-2018-16402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16402"
    },
    {
      "name": "CVE-2018-1116",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1116"
    },
    {
      "name": "CVE-2018-15853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15853"
    },
    {
      "name": "CVE-2019-14378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14378"
    },
    {
      "name": "CVE-2016-1494",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1494"
    },
    {
      "name": "CVE-2019-12312",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12312"
    },
    {
      "name": "CVE-2013-0339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0339"
    },
    {
      "name": "CVE-2019-16935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16935"
    },
    {
      "name": "CVE-2015-6525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6525"
    },
    {
      "name": "CVE-2016-6581",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6581"
    },
    {
      "name": "CVE-2013-4520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4520"
    },
    {
      "name": "CVE-2014-3633",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3633"
    },
    {
      "name": "CVE-2014-3004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3004"
    },
    {
      "name": "CVE-2015-9381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-9381"
    },
    {
      "name": "CVE-2016-5361",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5361"
    },
    {
      "name": "CVE-2018-14598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14598"
    },
    {
      "name": "CVE-2014-1447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1447"
    },
    {
      "name": "CVE-2018-20852",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20852"
    },
    {
      "name": "CVE-2012-2693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2693"
    },
    {
      "name": "CVE-2018-7208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7208"
    },
    {
      "name": "CVE-2018-12910",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12910"
    },
    {
      "name": "CVE-2019-8325",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8325"
    },
    {
      "name": "CVE-2015-7497",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7497"
    },
    {
      "name": "CVE-2019-7665",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7665"
    },
    {
      "name": "CVE-2018-15854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15854"
    },
    {
      "name": "CVE-2019-13404",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13404"
    },
    {
      "name": "CVE-2015-5160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5160"
    },
    {
      "name": "CVE-2018-10767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10767"
    },
    {
      "name": "CVE-2018-7550",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7550"
    },
    {
      "name": "CVE-2016-3076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3076"
    },
    {
      "name": "CVE-2018-14404",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14404"
    },
    {
      "name": "CVE-2018-18521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18521"
    },
    {
      "name": "CVE-2018-19788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-19788"
    },
    {
      "name": "CVE-2019-8322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8322"
    },
    {
      "name": "CVE-2019-3840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3840"
    },
    {
      "name": "CVE-2016-9189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9189"
    },
    {
      "name": "CVE-2015-9262",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-9262"
    },
    {
      "name": "CVE-2018-14647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14647"
    },
    {
      "name": "CVE-2019-17041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17041"
    },
    {
      "name": "CVE-2019-14906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14906"
    },
    {
      "name": "CVE-2018-1000073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000073"
    },
    {
      "name": "CVE-2019-9947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9947"
    },
    {
      "name": "CVE-2017-1000158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000158"
    },
    {
      "name": "CVE-2019-7635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7635"
    },
    {
      "name": "CVE-2019-7576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7576"
    },
    {
      "name": "CVE-2019-14834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14834"
    },
    {
      "name": "CVE-2018-15855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15855"
    },
    {
      "name": "CVE-2019-7149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7149"
    },
    {
      "name": "CVE-2018-7642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7642"
    },
    {
      "name": "CVE-2019-5010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5010"
    },
    {
      "name": "CVE-2018-12641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12641"
    },
    {
      "name": "CVE-2021-3396",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3396"
    },
    {
      "name": "CVE-2020-12403",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12403"
    },
    {
      "name": "CVE-2017-15268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-15268"
    },
    {
      "name": "CVE-2018-15587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15587"
    },
    {
      "name": "CVE-2016-10746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10746"
    },
    {
      "name": "CVE-2017-13711",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13711"
    },
    {
      "name": "CVE-2014-8131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8131"
    },
    {
      "name": "CVE-2014-9601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9601"
    },
    {
      "name": "CVE-2014-3657",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3657"
    },
    {
      "name": "CVE-2018-10373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10373"
    },
    {
      "name": "CVE-2017-17790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17790"
    },
    {
      "name": "CVE-2011-2511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2511"
    },
    {
      "name": "CVE-2018-1000802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000802"
    },
    {
      "name": "CVE-2017-7555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7555"
    },
    {
      "name": "CVE-2016-9015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9015"
    },
    {
      "name": "CVE-2017-13720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13720"
    },
    {
      "name": "CVE-2018-11782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11782"
    },
    {
      "name": "CVE-2017-11671",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11671"
    },
    {
      "name": "CVE-2017-10664",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10664"
    },
    {
      "name": "CVE-2018-11213",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11213"
    },
    {
      "name": "CVE-2013-6457",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6457"
    },
    {
      "name": "CVE-2019-10138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10138"
    },
    {
      "name": "CVE-2019-7578",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7578"
    },
    {
      "name": "CVE-2020-7039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7039"
    },
    {
      "name": "CVE-2017-11368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11368"
    },
    {
      "name": "CVE-2018-0494",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0494"
    },
    {
      "name": "CVE-2019-20485",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20485"
    },
    {
      "name": "CVE-2003-1418",
      "url": "https://www.cve.org/CVERecord?id=CVE-2003-1418"
    },
    {
      "name": "CVE-2017-15289",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-15289"
    },
    {
      "name": "CVE-2016-5391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5391"
    },
    {
      "name": "CVE-2017-2810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2810"
    },
    {
      "name": "CVE-2018-15864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15864"
    },
    {
      "name": "CVE-2017-18207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-18207"
    },
    {
      "name": "CVE-2019-12761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12761"
    },
    {
      "name": "CVE-2013-5651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5651"
    },
    {
      "name": "CVE-2017-17522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17522"
    },
    {
      "name": "CVE-2019-20382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20382"
    },
    {
      "name": "CVE-2016-2533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2533"
    },
    {
      "name": "CVE-2019-14287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14287"
    },
    {
      "name": "CVE-2018-18520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18520"
    },
    {
      "name": "CVE-2019-9740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9740"
    },
    {
      "name": "CVE-2019-7575",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7575"
    },
    {
      "name": "CVE-2015-5652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5652"
    },
    {
      "name": "CVE-2019-7572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7572"
    },
    {
      "name": "CVE-2017-6519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6519"
    },
    {
      "name": "CVE-2018-10906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10906"
    },
    {
      "name": "CVE-2018-15863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15863"
    },
    {
      "name": "CVE-2018-15862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15862"
    },
    {
      "name": "CVE-2018-1000079",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000079"
    },
    {
      "name": "CVE-2019-7664",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7664"
    },
    {
      "name": "CVE-2017-5992",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5992"
    },
    {
      "name": "CVE-2019-16865",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16865"
    },
    {
      "name": "CVE-2019-8324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8324"
    },
    {
      "name": "CVE-2018-1000076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000076"
    },
    {
      "name": "CVE-2018-1000030",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000030"
    },
    {
      "name": "CVE-2018-1000074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000074"
    },
    {
      "name": "CVE-2017-0901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0901"
    },
    {
      "name": "CVE-2018-7568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7568"
    },
    {
      "name": "CVE-2016-0775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0775"
    },
    {
      "name": "CVE-2018-15688",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15688"
    },
    {
      "name": "CVE-2018-14599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14599"
    },
    {
      "name": "CVE-2018-10733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10733"
    },
    {
      "name": "CVE-2016-9396",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9396"
    },
    {
      "name": "CVE-2019-10160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10160"
    },
    {
      "name": "CVE-2017-7562",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7562"
    },
    {
      "name": "CVE-2016-1000032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1000032"
    },
    {
      "name": "CVE-2017-15124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-15124"
    },
    {
      "name": "CVE-2018-1113",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1113"
    },
    {
      "name": "CVE-2013-4399",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4399"
    },
    {
      "name": "CVE-2019-7636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7636"
    },
    {
      "name": "CVE-2014-3672",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3672"
    },
    {
      "name": "CVE-2018-4700",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4700"
    },
    {
      "name": "CVE-2017-0903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0903"
    },
    {
      "name": "CVE-2018-15856",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15856"
    },
    {
      "name": "CVE-2018-1000078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000078"
    },
    {
      "name": "CVE-2019-7573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7573"
    },
    {
      "name": "CVE-2018-1000077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000077"
    },
    {
      "name": "CVE-2010-2237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2237"
    },
    {
      "name": "CVE-2018-1000876",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000876"
    },
    {
      "name": "CVE-2018-14348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14348"
    },
    {
      "name": "CVE-2019-3890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3890"
    },
    {
      "name": "CVE-2015-7498",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7498"
    },
    {
      "name": "CVE-2019-7577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7577"
    },
    {
      "name": "CVE-2016-0740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0740"
    },
    {
      "name": "CVE-2018-4180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4180"
    },
    {
      "name": "CVE-2013-4297",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4297"
    },
    {
      "name": "CVE-2010-2238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2238"
    },
    {
      "name": "CVE-2018-14600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14600"
    },
    {
      "name": "CVE-2017-13090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13090"
    },
    {
      "name": "CVE-2013-7336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-7336"
    },
    {
      "name": "CVE-2018-10372",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10372"
    },
    {
      "name": "CVE-2019-7637",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7637"
    },
    {
      "name": "CVE-2018-11806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11806"
    },
    {
      "name": "CVE-2018-7643",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7643"
    },
    {
      "name": "CVE-2015-0236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0236"
    },
    {
      "name": "CVE-2018-1000117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000117"
    },
    {
      "name": "CVE-2014-0209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0209"
    },
    {
      "name": "CVE-2013-2230",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2230"
    },
    {
      "name": "CVE-2018-1122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1122"
    },
    {
      "name": "CVE-2014-3960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3960"
    },
    {
      "name": "CVE-2019-16056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16056"
    },
    {
      "name": "CVE-2020-12663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12663"
    },
    {
      "name": "CVE-2018-10768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10768"
    },
    {
      "name": "CVE-2017-16611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-16611"
    },
    {
      "name": "CVE-2014-7823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-7823"
    },
    {
      "name": "CVE-2020-10703",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10703"
    },
    {
      "name": "CVE-2018-7569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7569"
    },
    {
      "name": "CVE-2013-4154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4154"
    },
    {
      "name": "CVE-2018-20060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20060"
    },
    {
      "name": "CVE-2015-9382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-9382"
    },
    {
      "name": "CVE-2017-18190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-18190"
    },
    {
      "name": "CVE-2016-4009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4009"
    },
    {
      "name": "CVE-2018-13033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-13033"
    },
    {
      "name": "CVE-2016-9190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9190"
    },
    {
      "name": "CVE-2019-7574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7574"
    },
    {
      "name": "CVE-2016-0772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0772"
    },
    {
      "name": "CVE-2016-5699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5699"
    },
    {
      "name": "CVE-2011-1486",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1486"
    },
    {
      "name": "CVE-2020-5208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-5208"
    },
    {
      "name": "CVE-2019-6778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6778"
    },
    {
      "name": "CVE-2020-10772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10772"
    },
    {
      "name": "CVE-2020-25637",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25637"
    },
    {
      "name": "CVE-2018-10360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10360"
    },
    {
      "name": "CVE-2018-15859",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15859"
    },
    {
      "name": "CVE-2017-13089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13089"
    },
    {
      "name": "CVE-2019-12779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12779"
    },
    {
      "name": "CVE-2019-1010238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1010238"
    },
    {
      "name": "CVE-2019-6690",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6690"
    },
    {
      "name": "CVE-2015-8317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8317"
    },
    {
      "name": "CVE-2018-4181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4181"
    },
    {
      "name": "CVE-2019-8323",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8323"
    },
    {
      "name": "CVE-2016-3616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3616"
    },
    {
      "name": "CVE-2018-14498",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14498"
    },
    {
      "name": "CVE-2018-15861",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15861"
    },
    {
      "name": "CVE-2019-7150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7150"
    },
    {
      "name": "CVE-2019-17042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17042"
    },
    {
      "name": "CVE-2016-5008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5008"
    },
    {
      "name": "CVE-2014-4616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4616"
    }
  ],
  "initial_release_date": "2022-03-23T00:00:00",
  "last_revision_date": "2022-03-23T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-267",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-03-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Juniper Networks\nJunos Space. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Juniper Networks Junos Space",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11176 du 22 mars 2022",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11176\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

CERTFR-2019-AVI-325

Vulnerability from certfr_avis - Published: 2019-07-11 - Updated: 2019-07-11

De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Juniper Networks	Junos Space	Junos Space versions antérieures à 19.2R1
Juniper Networks	Secure Analytics	Juniper Secure Analytics (JSA) versions antérieures à 7.3.2 Patch 1
Juniper Networks	Junos OS	Junos OS versions antérieures à 12.3R12-S13, 12.3X48-D80, 12.3X48-D85, 12.3X48-D90, 14.1X53-D130, 14.1X53-D49, 14.1X53-D51, 15.1F6-S12, 15.1F6-S13, 15.1R7-S4, 15.1X49-D170, 15.1X49-D171, 15.1X49-D180, 15.1X49-D181, 15.1X49-D190, 15.1X53-D237, 15.1X53-D238, 15.1X53-D496, 15.1X53-D591, 15.1X53-D69, 16.1R3-S11, 16.1R7-S3, 16.1R7-S4, 16.1R7-S5, 16.2R2-S9, 17.1R3, 17.2R1-S8, 17.2R2-S7, 17.2R3, 17.2R3-S1, 17.2X75-D105, 17.3R3-S2, 17.3R3-S4, 17.4R1-S6, 17.4R1-S7, 17.4R1-S8, 17.4R2-S2, 17.4R2-S3, 17.4R2-S4, 17.4R2-S5, 17.4R3, 18.1R2-S4, 18.1R3-S2, 18.1R3-S3, 18.1R3-S5, 18.1R3-S6, 18.2R1-S5, 18.2R2, 18.2R2-S1, 18.2R2-S2, 18.2R2-S3, 18.2R3, 18.2X75-D12, 18.2X75-D30, 18.2X75-D40, 18.2X75-D50, 18.3R1-S2, 18.3R1-S3, 18.3R1-S4, 18.3R2, 18.4R1, 18.4R1-S1, 18.4R1-S2, 18.4R2, 19.1R1, 19.1R1-S1, 19.1R2 et 19.2R1
Juniper Networks	Junos OS	Junos OS versions antérieures à 14.1X53-D115, 14.1X53-D51, 16.1R7-S5, 17.1R3, 17.2R3, 17.2R3-S2, 17.3R3-S2, 17.3R3-S3, 17.4R2, 17.4R2-S5, 17.4R3, 18.1R3, 18.1R3-S1, 18.2R2, 18.3R1, 18.3R2 et 18.4R1 sur séries EX4300
Juniper Networks	N/A	Junos OS avec J-Web activé versions antérieures à 12.3R12-S14, 12.3X48-D80, 15.1F6-S13, 15.1R7-S4, 15.1X49-D170, 15.1X53-D497, 16.1R4-S13, 16.1R7-S5, 16.2R2-S10, 17.1R3, 17.2R2-S7, 17.2R3-S1, 17.3R3-S5, 17.4R1-S7, 17.4R2-S4, 17.4R3, 18.1R3-S5 et 18.2R1

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA10938 du 10 juillet 2019	None	vendor-advisory
Bulletin de sécurité Juniper JSA10946 du 10 juillet 2019	None	vendor-advisory
Bulletin de sécurité Juniper JSA10942 du 10 juillet 2019	None	vendor-advisory
Bulletin de sécurité Juniper JSA10949 du 10 juillet 2019	None	vendor-advisory
Bulletin de sécurité Juniper JSA10943 du 10 juillet 2019	None	vendor-advisory
Bulletin de sécurité Juniper JSA10951 du 10 juillet 2019	None	vendor-advisory
Bulletin de sécurité Juniper JSA10950 du 10 juillet 2019	None	vendor-advisory
Bulletin de sécurité Juniper JSA10948 du 10 juillet 2019	None	vendor-advisory
Bulletin de sécurité Juniper JSA10947 du 10 juillet 2019	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Junos Space versions ant\u00e9rieures \u00e0 19.2R1",
      "product": {
        "name": "Junos Space",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Secure Analytics (JSA) versions ant\u00e9rieures \u00e0 7.3.2 Patch 1",
      "product": {
        "name": "Secure Analytics",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 12.3R12-S13, 12.3X48-D80, 12.3X48-D85, 12.3X48-D90, 14.1X53-D130, 14.1X53-D49, 14.1X53-D51, 15.1F6-S12, 15.1F6-S13, 15.1R7-S4, 15.1X49-D170, 15.1X49-D171, 15.1X49-D180, 15.1X49-D181, 15.1X49-D190, 15.1X53-D237, 15.1X53-D238, 15.1X53-D496, 15.1X53-D591, 15.1X53-D69, 16.1R3-S11, 16.1R7-S3, 16.1R7-S4, 16.1R7-S5, 16.2R2-S9, 17.1R3, 17.2R1-S8, 17.2R2-S7, 17.2R3, 17.2R3-S1, 17.2X75-D105, 17.3R3-S2, 17.3R3-S4, 17.4R1-S6, 17.4R1-S7, 17.4R1-S8, 17.4R2-S2, 17.4R2-S3, 17.4R2-S4, 17.4R2-S5, 17.4R3, 18.1R2-S4, 18.1R3-S2, 18.1R3-S3, 18.1R3-S5, 18.1R3-S6, 18.2R1-S5, 18.2R2, 18.2R2-S1, 18.2R2-S2, 18.2R2-S3, 18.2R3, 18.2X75-D12, 18.2X75-D30, 18.2X75-D40, 18.2X75-D50, 18.3R1-S2, 18.3R1-S3, 18.3R1-S4, 18.3R2, 18.4R1, 18.4R1-S1, 18.4R1-S2, 18.4R2, 19.1R1, 19.1R1-S1, 19.1R2 et 19.2R1",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 14.1X53-D115, 14.1X53-D51, 16.1R7-S5, 17.1R3, 17.2R3, 17.2R3-S2, 17.3R3-S2, 17.3R3-S3, 17.4R2, 17.4R2-S5, 17.4R3, 18.1R3, 18.1R3-S1, 18.2R2, 18.3R1, 18.3R2 et 18.4R1 sur s\u00e9ries EX4300",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS avec J-Web activ\u00e9 versions ant\u00e9rieures \u00e0 12.3R12-S14, 12.3X48-D80, 15.1F6-S13, 15.1R7-S4, 15.1X49-D170, 15.1X53-D497, 16.1R4-S13, 16.1R7-S5, 16.2R2-S10, 17.1R3, 17.2R2-S7, 17.2R3-S1, 17.3R3-S5, 17.4R1-S7, 17.4R2-S4, 17.4R3, 18.1R3-S5 et 18.2R1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-8615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8615"
    },
    {
      "name": "CVE-2019-0049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0049"
    },
    {
      "name": "CVE-2018-1060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1060"
    },
    {
      "name": "CVE-2016-8619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8619"
    },
    {
      "name": "CVE-2018-15505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15505"
    },
    {
      "name": "CVE-2018-0739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0739"
    },
    {
      "name": "CVE-2018-10902",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10902"
    },
    {
      "name": "CVE-2019-0048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0048"
    },
    {
      "name": "CVE-2016-8624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8624"
    },
    {
      "name": "CVE-2016-8616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8616"
    },
    {
      "name": "CVE-2016-8620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8620"
    },
    {
      "name": "CVE-2016-8617",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8617"
    },
    {
      "name": "CVE-2019-0053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0053"
    },
    {
      "name": "CVE-2016-8618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8618"
    },
    {
      "name": "CVE-2019-5739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5739"
    },
    {
      "name": "CVE-2019-0052",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0052"
    },
    {
      "name": "CVE-2016-8623",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8623"
    },
    {
      "name": "CVE-2019-0046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0046"
    },
    {
      "name": "CVE-2018-12327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12327"
    },
    {
      "name": "CVE-2018-11237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11237"
    },
    {
      "name": "CVE-2016-8621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8621"
    },
    {
      "name": "CVE-2018-1061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1061"
    },
    {
      "name": "CVE-2018-0732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0732"
    },
    {
      "name": "CVE-2019-1559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
    },
    {
      "name": "CVE-2018-15504",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15504"
    },
    {
      "name": "CVE-2016-8622",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8622"
    },
    {
      "name": "CVE-2019-6133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6133"
    },
    {
      "name": "CVE-2016-8625",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8625"
    },
    {
      "name": "CVE-2018-1729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1729"
    }
  ],
  "initial_release_date": "2019-07-11T00:00:00",
  "last_revision_date": "2019-07-11T00:00:00",
  "links": [],
  "reference": "CERTFR-2019-AVI-325",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-07-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10938 du 10 juillet 2019",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10938\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10946 du 10 juillet 2019",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10946\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10942 du 10 juillet 2019",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10942\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10949 du 10 juillet 2019",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10949\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10943 du 10 juillet 2019",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10943\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10951 du 10 juillet 2019",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10951\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10950 du 10 juillet 2019",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10950\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10948 du 10 juillet 2019",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10948\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10947 du 10 juillet 2019",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10947\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

FKIE_CVE-2018-1060

Vulnerability from fkie_nvd - Published: 2018-06-18 14:29 - Updated: 2024-11-21 03:59

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.

References

URL	Tags
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html	Mailing List, Third Party Advisory
secalert@redhat.com	http://www.securitytracker.com/id/1042001	Third Party Advisory, VDB Entry
secalert@redhat.com	https://access.redhat.com/errata/RHBA-2019:0327	Third Party Advisory
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2018:3041	Third Party Advisory
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2018:3505	Third Party Advisory
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2019:1260	Third Party Advisory
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2019:3725	Third Party Advisory
secalert@redhat.com	https://bugs.python.org/issue32981	Exploit, Issue Tracking, Vendor Advisory
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1060	Issue Tracking, Third Party Advisory
secalert@redhat.com	https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1	Product, Vendor Advisory
secalert@redhat.com	https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1	Product, Vendor Advisory
secalert@redhat.com	https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html	Mailing List, Third Party Advisory
secalert@redhat.com	https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html	Mailing List, Third Party Advisory
secalert@redhat.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/
secalert@redhat.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/
secalert@redhat.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/
secalert@redhat.com	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03951en_us	Third Party Advisory
secalert@redhat.com	https://usn.ubuntu.com/3817-1/	Third Party Advisory
secalert@redhat.com	https://usn.ubuntu.com/3817-2/	Third Party Advisory
secalert@redhat.com	https://www.debian.org/security/2018/dsa-4306	Third Party Advisory
secalert@redhat.com	https://www.debian.org/security/2018/dsa-4307	Third Party Advisory
secalert@redhat.com	https://www.oracle.com/security-alerts/cpujan2020.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1042001	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHBA-2019:0327	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2018:3041	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2018:3505	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2019:1260	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2019:3725	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugs.python.org/issue32981	Exploit, Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1060	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1	Product, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1	Product, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/
af854a3a-2127-422b-91ae-364da2661108	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03951en_us	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/3817-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/3817-2/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2018/dsa-4306	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2018/dsa-4307	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2020.html	Third Party Advisory

Impacted products

Vendor	Product	Version
python	python	*
python	python	*
python	python	*
python	python	*
fedoraproject	fedora	28
fedoraproject	fedora	29
fedoraproject	fedora	30
canonical	ubuntu_linux	12.04
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
redhat	ansible_tower	3.3
redhat	enterprise_linux_desktop	7.0
redhat	enterprise_linux_server	7.0
redhat	enterprise_linux_workstation	7.0
debian	debian_linux	8.0
debian	debian_linux	9.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF6ABED2-9492-42E0-80A7-AB77C2900E9A",
              "versionEndExcluding": "2.7.15",
              "versionStartIncluding": "2.7.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B200545-58B6-436A-B88D-E05D0192AA35",
              "versionEndExcluding": "3.4.9",
              "versionStartIncluding": "3.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1AAA7FB-F42F-480D-9549-EF8543876AFA",
              "versionEndExcluding": "3.5.6",
              "versionStartIncluding": "3.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B62C9538-B369-4D74-9383-D9EE87E1D46F",
              "versionEndExcluding": "3.6.5",
              "versionStartExcluding": "3.6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC1BD7B7-6D88-42B8-878E-F1318CA5FCAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
              "matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
              "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:ansible_tower:3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5319543-0143-4E2E-AA77-B7F116C1336C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib\u0027s apop() method. An attacker could use this flaw to cause denial of service."
    },
    {
      "lang": "es",
      "value": "Python antes de las versiones 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 y 3.7.0 es vulnerable a un retroceso catastr\u00f3fico en el m\u00e9todo apop () de pop3lib. Un atacante podr\u00eda usar este fallo para causar la denegaci\u00f3n de servicio."
    }
  ],
  "id": "CVE-2018-1060",
  "lastModified": "2024-11-21T03:59:05.553",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-06-18T14:29:00.213",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1042001"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHBA-2019:0327"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3041"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3505"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:1260"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:3725"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugs.python.org/issue32981"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1060"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Product",
        "Vendor Advisory"
      ],
      "url": "https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Product",
        "Vendor Advisory"
      ],
      "url": "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03951en_us"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3817-1/"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3817-2/"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4306"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4307"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1042001"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHBA-2019:0327"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3041"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3505"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:1260"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:3725"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugs.python.org/issue32981"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1060"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Product",
        "Vendor Advisory"
      ],
      "url": "https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Product",
        "Vendor Advisory"
      ],
      "url": "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03951en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3817-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3817-2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4306"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4307"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2018-1060

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.

Aliases

CVE-2018-1060

Aliases

CVE-2018-1060

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-1060",
    "description": "python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib\u0027s apop() method. An attacker could use this flaw to cause denial of service.",
    "id": "GSD-2018-1060",
    "references": [
      "https://www.suse.com/security/cve/CVE-2018-1060.html",
      "https://www.debian.org/security/2018/dsa-4307",
      "https://www.debian.org/security/2018/dsa-4306",
      "https://access.redhat.com/errata/RHSA-2020:1346",
      "https://access.redhat.com/errata/RHSA-2020:1268",
      "https://access.redhat.com/errata/RHSA-2019:3725",
      "https://access.redhat.com/errata/RHSA-2019:1260",
      "https://access.redhat.com/errata/RHSA-2018:3041",
      "https://ubuntu.com/security/CVE-2018-1060",
      "https://advisories.mageia.org/CVE-2018-1060.html",
      "https://alas.aws.amazon.com/cve/html/CVE-2018-1060.html",
      "https://linux.oracle.com/cve/CVE-2018-1060.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-1060"
      ],
      "details": "python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib\u0027s apop() method. An attacker could use this flaw to cause denial of service.",
      "id": "GSD-2018-1060",
      "modified": "2023-12-13T01:22:37.680114Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2018-1060",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "python",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "python 2.7.15"
                        },
                        {
                          "version_value": "python 3.4.9"
                        },
                        {
                          "version_value": "python 3.5.6"
                        },
                        {
                          "version_value": "python 3.7.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "[UNKNOWN]"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib\u0027s apop() method. An attacker could use this flaw to cause denial of service."
          }
        ]
      },
      "impact": {
        "cvss": [
          [
            {
              "vectorString": "4.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
              "version": "3.0"
            }
          ]
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-20"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "DSA-4306",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2018/dsa-4306"
          },
          {
            "name": "1042001",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1042001"
          },
          {
            "name": "[debian-lts-announce] 20180926 [SECURITY] [DLA 1520-1] python3.4 security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html"
          },
          {
            "name": "https://bugs.python.org/issue32981",
            "refsource": "CONFIRM",
            "url": "https://bugs.python.org/issue32981"
          },
          {
            "name": "USN-3817-2",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/3817-2/"
          },
          {
            "name": "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1",
            "refsource": "CONFIRM",
            "url": "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1"
          },
          {
            "name": "https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1",
            "refsource": "CONFIRM",
            "url": "https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1"
          },
          {
            "name": "RHSA-2018:3505",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2018:3505"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1060",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1060"
          },
          {
            "name": "RHSA-2018:3041",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2018:3041"
          },
          {
            "name": "DSA-4307",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2018/dsa-4307"
          },
          {
            "name": "USN-3817-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/3817-1/"
          },
          {
            "name": "[debian-lts-announce] 20180925 [SECURITY] [DLA 1519-1] python2.7 security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html"
          },
          {
            "name": "FEDORA-2019-6e1938a3c5",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/"
          },
          {
            "name": "FEDORA-2019-cf725dd20b",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/"
          },
          {
            "name": "FEDORA-2019-51f1e08207",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/"
          },
          {
            "name": "RHBA-2019:0327",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHBA-2019:0327"
          },
          {
            "name": "RHSA-2019:1260",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2019:1260"
          },
          {
            "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03951en_us",
            "refsource": "CONFIRM",
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03951en_us"
          },
          {
            "name": "RHSA-2019:3725",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2019:3725"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "name": "openSUSE-SU-2020:0086",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.7.15",
                "versionStartIncluding": "2.7.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.5.6",
                "versionStartIncluding": "3.5.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.4.9",
                "versionStartIncluding": "3.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.6.5",
                "versionStartExcluding": "3.6.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:ansible_tower:3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2018-1060"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib\u0027s apop() method. An attacker could use this flaw to cause denial of service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1060",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Third Party Advisory"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1060"
            },
            {
              "name": "https://bugs.python.org/issue32981",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Issue Tracking",
                "Vendor Advisory"
              ],
              "url": "https://bugs.python.org/issue32981"
            },
            {
              "name": "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1",
              "refsource": "CONFIRM",
              "tags": [
                "Product",
                "Vendor Advisory"
              ],
              "url": "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1"
            },
            {
              "name": "https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1",
              "refsource": "CONFIRM",
              "tags": [
                "Product",
                "Vendor Advisory"
              ],
              "url": "https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1"
            },
            {
              "name": "[debian-lts-announce] 20180926 [SECURITY] [DLA 1520-1] python3.4 security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html"
            },
            {
              "name": "[debian-lts-announce] 20180925 [SECURITY] [DLA 1519-1] python2.7 security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html"
            },
            {
              "name": "DSA-4306",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4306"
            },
            {
              "name": "DSA-4307",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4307"
            },
            {
              "name": "RHSA-2018:3041",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3041"
            },
            {
              "name": "RHSA-2018:3505",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3505"
            },
            {
              "name": "USN-3817-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://usn.ubuntu.com/3817-1/"
            },
            {
              "name": "1042001",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1042001"
            },
            {
              "name": "USN-3817-2",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://usn.ubuntu.com/3817-2/"
            },
            {
              "name": "FEDORA-2019-6e1938a3c5",
              "refsource": "FEDORA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/"
            },
            {
              "name": "FEDORA-2019-cf725dd20b",
              "refsource": "FEDORA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/"
            },
            {
              "name": "FEDORA-2019-51f1e08207",
              "refsource": "FEDORA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/"
            },
            {
              "name": "RHBA-2019:0327",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHBA-2019:0327"
            },
            {
              "name": "RHSA-2019:1260",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:1260"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03951en_us",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03951en_us"
            },
            {
              "name": "RHSA-2019:3725",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3725"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "openSUSE-SU-2020:0086",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-07-28T11:31Z",
      "publishedDate": "2018-06-18T14:29Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-1060 (GCVE-0-2018-1060)

CVE-2018-1060

GHSA-7HP6-577H-HCGR

CERTFR-2022-AVI-267

Solution

CERTFR-2019-AVI-325

Solution

FKIE_CVE-2018-1060

GSD-2018-1060

Tags

Sightings

Nomenclature