Vulnerability-Lookup

CVE-2018-16395 (GCVE-0-2018-16395)

Vulnerability from cvelistv5 – Published: 2018-11-16 18:00 – Updated: 2024-08-05 10:24

Summary

An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://www.ruby-lang.org/en/news/2018/10/17/open…	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2018:3738	vendor-advisoryx_refsource_REDHAT
	https://www.ruby-lang.org/en/news/2018/11/06/ruby…	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2018:3729	vendor-advisoryx_refsource_REDHAT
	https://hackerone.com/reports/387250	x_refsource_MISC
	https://access.redhat.com/errata/RHSA-2018:3730	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:3731	vendor-advisoryx_refsource_REDHAT
	https://www.ruby-lang.org/en/news/2018/10/17/ruby…	x_refsource_CONFIRM
	https://www.debian.org/security/2018/dsa-4332	vendor-advisoryx_refsource_DEBIAN
	https://usn.ubuntu.com/3808-1/	vendor-advisoryx_refsource_UBUNTU
	https://www.ruby-lang.org/en/news/2018/10/17/ruby…	x_refsource_CONFIRM
	https://security.netapp.com/advisory/ntap-2019022…	x_refsource_CONFIRM
	https://www.ruby-lang.org/en/news/2018/10/17/ruby…	x_refsource_CONFIRM
	https://lists.debian.org/debian-lts-announce/2018…	mailing-listx_refsource_MLIST
	http://www.securitytracker.com/id/1042105	vdb-entryx_refsource_SECTRACK
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://access.redhat.com/errata/RHSA-2019:1948	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:2565	vendor-advisoryx_refsource_REDHAT
	https://www.oracle.com/security-alerts/cpujan2020.html	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T10:24:32.106Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/"
          },
          {
            "name": "RHSA-2018:3738",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3738"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/"
          },
          {
            "name": "RHSA-2018:3729",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3729"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://hackerone.com/reports/387250"
          },
          {
            "name": "RHSA-2018:3730",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3730"
          },
          {
            "name": "RHSA-2018:3731",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3731"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/"
          },
          {
            "name": "DSA-4332",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4332"
          },
          {
            "name": "USN-3808-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3808-1/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190221-0002/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/"
          },
          {
            "name": "[debian-lts-announce] 20181028 [SECURITY] [DLA 1558-1] ruby2.1 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00020.html"
          },
          {
            "name": "1042105",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1042105"
          },
          {
            "name": "openSUSE-SU-2019:1771",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html"
          },
          {
            "name": "RHSA-2019:1948",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1948"
          },
          {
            "name": "RHSA-2019:2565",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2565"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-10-17T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-15T19:15:22.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/"
        },
        {
          "name": "RHSA-2018:3738",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3738"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/"
        },
        {
          "name": "RHSA-2018:3729",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3729"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://hackerone.com/reports/387250"
        },
        {
          "name": "RHSA-2018:3730",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3730"
        },
        {
          "name": "RHSA-2018:3731",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3731"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/"
        },
        {
          "name": "DSA-4332",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4332"
        },
        {
          "name": "USN-3808-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3808-1/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190221-0002/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/"
        },
        {
          "name": "[debian-lts-announce] 20181028 [SECURITY] [DLA 1558-1] ruby2.1 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00020.html"
        },
        {
          "name": "1042105",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1042105"
        },
        {
          "name": "openSUSE-SU-2019:1771",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html"
        },
        {
          "name": "RHSA-2019:1948",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1948"
        },
        {
          "name": "RHSA-2019:2565",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2565"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-16395",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/",
              "refsource": "CONFIRM",
              "url": "https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/"
            },
            {
              "name": "RHSA-2018:3738",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3738"
            },
            {
              "name": "https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/",
              "refsource": "CONFIRM",
              "url": "https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/"
            },
            {
              "name": "RHSA-2018:3729",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3729"
            },
            {
              "name": "https://hackerone.com/reports/387250",
              "refsource": "MISC",
              "url": "https://hackerone.com/reports/387250"
            },
            {
              "name": "RHSA-2018:3730",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3730"
            },
            {
              "name": "RHSA-2018:3731",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3731"
            },
            {
              "name": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/",
              "refsource": "CONFIRM",
              "url": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/"
            },
            {
              "name": "DSA-4332",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4332"
            },
            {
              "name": "USN-3808-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3808-1/"
            },
            {
              "name": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/",
              "refsource": "CONFIRM",
              "url": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190221-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190221-0002/"
            },
            {
              "name": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/",
              "refsource": "CONFIRM",
              "url": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/"
            },
            {
              "name": "[debian-lts-announce] 20181028 [SECURITY] [DLA 1558-1] ruby2.1 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00020.html"
            },
            {
              "name": "1042105",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1042105"
            },
            {
              "name": "openSUSE-SU-2019:1771",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html"
            },
            {
              "name": "RHSA-2019:1948",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1948"
            },
            {
              "name": "RHSA-2019:2565",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2565"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-16395",
    "datePublished": "2018-11-16T18:00:00.000Z",
    "dateReserved": "2018-09-03T00:00:00.000Z",
    "dateUpdated": "2024-08-05T10:24:32.106Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

FKIE_CVE-2018-16395

Vulnerability from fkie_nvd - Published: 2018-11-16 18:29 - Updated: 2024-11-21 03:52

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html	Mailing List, Third Party Advisory
cve@mitre.org	http://www.securitytracker.com/id/1042105	Third Party Advisory, VDB Entry
cve@mitre.org	https://access.redhat.com/errata/RHSA-2018:3729	Third Party Advisory
cve@mitre.org	https://access.redhat.com/errata/RHSA-2018:3730	Third Party Advisory
cve@mitre.org	https://access.redhat.com/errata/RHSA-2018:3731	Third Party Advisory
cve@mitre.org	https://access.redhat.com/errata/RHSA-2018:3738	Third Party Advisory
cve@mitre.org	https://access.redhat.com/errata/RHSA-2019:1948	Third Party Advisory
cve@mitre.org	https://access.redhat.com/errata/RHSA-2019:2565
cve@mitre.org	https://hackerone.com/reports/387250	Patch, Third Party Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2018/10/msg00020.html	Third Party Advisory
cve@mitre.org	https://security.netapp.com/advisory/ntap-20190221-0002/	Third Party Advisory
cve@mitre.org	https://usn.ubuntu.com/3808-1/	Third Party Advisory
cve@mitre.org	https://www.debian.org/security/2018/dsa-4332	Third Party Advisory
cve@mitre.org	https://www.oracle.com/security-alerts/cpujan2020.html
cve@mitre.org	https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/	Mitigation, Vendor Advisory
cve@mitre.org	https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/	Release Notes, Vendor Advisory
cve@mitre.org	https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/	Release Notes, Vendor Advisory
cve@mitre.org	https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/	Release Notes, Vendor Advisory
cve@mitre.org	https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1042105	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2018:3729	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2018:3730	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2018:3731	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2018:3738	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2019:1948	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2019:2565
af854a3a-2127-422b-91ae-364da2661108	https://hackerone.com/reports/387250	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2018/10/msg00020.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20190221-0002/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/3808-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2018/dsa-4332	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2020.html
af854a3a-2127-422b-91ae-364da2661108	https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/	Mitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/	Release Notes, Vendor Advisory

Impacted products

Vendor	Product	Version
ruby-lang	openssl	*
ruby-lang	ruby	*
ruby-lang	ruby	*
ruby-lang	ruby	*
ruby-lang	ruby	2.6.0
ruby-lang	ruby	2.6.0
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
canonical	ubuntu_linux	18.10
debian	debian_linux	8.0
debian	debian_linux	9.0
redhat	enterprise_linux	7.4

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ruby-lang:openssl:*:*:*:*:*:ruby:*:*",
              "matchCriteriaId": "DDD3EC39-B375-4B68-963F-08418673D321",
              "versionEndExcluding": "2.1.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F4CB899-0054-44BB-A3BD-FB225CC663DB",
              "versionEndIncluding": "2.3.7",
              "versionStartIncluding": "2.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A07531E-A788-41ED-8C5D-AAB2F532EA7A",
              "versionEndIncluding": "2.4.4",
              "versionStartIncluding": "2.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "70C32AF6-57D9-4F85-857B-4EFC425D9145",
              "versionEndIncluding": "2.5.1",
              "versionStartIncluding": "2.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:2.6.0:preview1:*:*:*:*:*:*",
              "matchCriteriaId": "787FDFC6-E780-4F95-9E46-C5CF77E7EBC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:2.6.0:preview2:*:*:*:*:*:*",
              "matchCriteriaId": "49B6EEAA-B52E-42B9-A6C2-D65D7C81A0EC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "041F9200-4C01-4187-AE34-240E8277B54D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto un problema en la biblioteca OpenSSL en Ruby, en versiones anteriores a la 2.3.8, versiones 2.4.x anteriores a la 2.4.5, versiones 2.5.x anteriores a la 2.5.2 y versiones 2.6.x anteriores a la 2.6.0-preview3. Cuando dos objetos OpenSSL::X509::Name se comparan mediante ==, dependiendo del orden, los objetos que no son iguales podr\u00edan devolver \"true\". Cuando el primer argumento tiene un car\u00e1cter m\u00e1s que el segundo, o el segundo argumento contiene un car\u00e1cter que tiene uno menos que el car\u00e1cter en la misma posici\u00f3n que el primer argumento, el resultado de == ser\u00e1 \"true\". Esto podr\u00eda aprovecharse para crear un certificado ileg\u00edtimo que podr\u00eda ser aceptado como leg\u00edtimo y despu\u00e9s emplearse en operaciones de firma o cifrado."
    }
  ],
  "id": "CVE-2018-16395",
  "lastModified": "2024-11-21T03:52:40.143",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-11-16T18:29:00.943",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1042105"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3729"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3730"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3731"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3738"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:1948"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://access.redhat.com/errata/RHSA-2019:2565"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://hackerone.com/reports/387250"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190221-0002/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3808-1/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4332"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1042105"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3729"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3730"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3731"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3738"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:1948"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2019:2565"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://hackerone.com/reports/387250"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190221-0002/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3808-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4332"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2018-16395

Vulnerability from fstec - Published: 17.10.2018

Title

Уязвимость компонента OpenSSL::X509::Name библиотеки OpenSSL интерпретатора языка программирования Ruby, позволяющая нарушителю осуществить подделку сертификата X509

Description

Уязвимость компонента OpenSSL::X509::Name библиотеки OpenSSL интерпретатора языка программирования Ruby связана с ошибками обработки данных. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, осуществить подделку сертификата X509

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vendor

Canonical Ltd., Red Hat Inc., Сообщество свободного программного обеспечения, Novell Inc., Ruby Team, Oracle Corp., АО «НТЦ ИТ РОСА»

Software Name

Ubuntu, Red Hat Enterprise Linux, Debian GNU/Linux, SUSE Linux Enterprise Module for Open Buildservice Development Tools, SUSE Linux Enterprise Module for Basesystem, OpenSUSE Leap, Ruby, Oracle Communications Interactive Session Recorder, ROSA Virtualization (запись в едином реестре российских программ №5091), ROSA Virtualization 3.0 (запись в едином реестре российских программ №21308)

Software Version

14.04 LTS (Ubuntu), 6 (Red Hat Enterprise Linux), 7 (Red Hat Enterprise Linux), 16.04 LTS (Ubuntu), 9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), 18.10 (Ubuntu), 15 (SUSE Linux Enterprise Module for Open Buildservice Development Tools), 15 (SUSE Linux Enterprise Module for Basesystem), 15 SP1 (SUSE Linux Enterprise Module for Basesystem), 15.0 (OpenSUSE Leap), 15 SP1 (SUSE Linux Enterprise Module for Open Buildservice Development Tools), 15.1 (OpenSUSE Leap), 7.4 EUS (Red Hat Enterprise Linux), 7.5 EUS (Red Hat Enterprise Linux), 7.6 EUS (Red Hat Enterprise Linux), 8 (Debian GNU/Linux), от 2.3.0 до 2.3.7 включительно (Ruby), от 2.4.0 до 2.4.4 включительно (Ruby), от 2.5.0 до 2.5.1 включительно (Ruby), от 2.6.0 до 2.6.0-preview2 включительно (Ruby), 6.0 (Oracle Communications Interactive Session Recorder), 6.1 (Oracle Communications Interactive Session Recorder), 6.2 (Oracle Communications Interactive Session Recorder), 6.3 (Oracle Communications Interactive Session Recorder), 2.1 (ROSA Virtualization), 3.0 (ROSA Virtualization 3.0)

Possible Mitigations

Использование рекомендаций: Для Ruby: https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/ https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/ https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/ https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/ Для Debian GNU/Linux: https://lists.debian.org/debian-lts-announce/2018/10/msg00020.html Для Ubuntu: https://usn.ubuntu.com/3808-1/ Для программных продуктов Novell Inc.: https://www.suse.com/security/cve/CVE-2018-16395/ Для программных продуктов Oracle Corp.: https://www.oracle.com/security-alerts/cpujan2020.html Для программной системы управления средой виртуализации с подсистемой безагентного резервного копирования виртуальных машин «ROSA Virtualization 3.0»: https://abf.rosa.ru/advisories/ROSA-SA-2025-2904 Для системы управления средой виртуализации «ROSA Virtualization»: https://abf.rosa.ru/advisories/ROSA-SA-2025-2903

Reference

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html https://access.redhat.com/errata/RHSA-2018:3729 https://access.redhat.com/errata/RHSA-2018:3730 https://access.redhat.com/errata/RHSA-2018:3731 https://access.redhat.com/errata/RHSA-2018:3738 https://access.redhat.com/errata/RHSA-2019:1948 https://access.redhat.com/errata/RHSA-2019:2565 https://hackerone.com/reports/387250 https://lists.debian.org/debian-lts-announce/2018/10/msg00020.html https://security.netapp.com/advisory/ntap-20190221-0002/ https://usn.ubuntu.com/3808-1/ https://www.debian.org/security/2018/dsa-4332 https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/ https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/ https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/ https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/ https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/ https://www.suse.com/security/cve/CVE-2018-16395/ https://www.oracle.com/security-alerts/cpujan2020.html https://abf.rosa.ru/advisories/ROSA-SA-2025-2904 https://abf.rosa.ru/advisories/ROSA-SA-2025-2903

CWE

CWE-19

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Canonical Ltd., Red Hat Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Novell Inc., Ruby Team, Oracle Corp., \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "14.04 LTS (Ubuntu), 6 (Red Hat Enterprise Linux), 7 (Red Hat Enterprise Linux), 16.04 LTS (Ubuntu), 9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), 18.10 (Ubuntu), 15 (SUSE Linux Enterprise Module for Open Buildservice Development Tools), 15 (SUSE Linux Enterprise Module for Basesystem), 15 SP1 (SUSE Linux Enterprise Module for Basesystem), 15.0 (OpenSUSE Leap), 15 SP1 (SUSE Linux Enterprise Module for Open Buildservice Development Tools), 15.1 (OpenSUSE Leap), 7.4 EUS (Red Hat Enterprise Linux), 7.5 EUS (Red Hat Enterprise Linux), 7.6 EUS (Red Hat Enterprise Linux), 8 (Debian GNU/Linux), \u043e\u0442 2.3.0 \u0434\u043e 2.3.7 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Ruby), \u043e\u0442 2.4.0 \u0434\u043e 2.4.4 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Ruby), \u043e\u0442 2.5.0 \u0434\u043e 2.5.1 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Ruby), \u043e\u0442 2.6.0 \u0434\u043e 2.6.0-preview2 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Ruby), 6.0 (Oracle Communications Interactive Session Recorder), 6.1 (Oracle Communications Interactive Session Recorder), 6.2 (Oracle Communications Interactive Session Recorder), 6.3 (Oracle Communications Interactive Session Recorder), 2.1 (ROSA Virtualization), 3.0 (ROSA Virtualization 3.0)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\n\u0414\u043b\u044f Ruby:\n\nhttps://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/ \n\nhttps://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/ \n\nhttps://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/ \n\nhttps://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/\n\n\n\n\u0414\u043b\u044f Debian\u00a0GNU/Linux:\n\nhttps://lists.debian.org/debian-lts-announce/2018/10/msg00020.html\n\n\n\n\u0414\u043b\u044f Ubuntu:\n\nhttps://usn.ubuntu.com/3808-1/\n\n\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\n\nhttps://www.suse.com/security/cve/CVE-2018-16395/\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Oracle Corp.:\nhttps://www.oracle.com/security-alerts/cpujan2020.html\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0440\u0435\u0434\u043e\u0439 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441 \u043f\u043e\u0434\u0441\u0438\u0441\u0442\u0435\u043c\u043e\u0439 \u0431\u0435\u0437\u0430\u0433\u0435\u043d\u0442\u043d\u043e\u0433\u043e \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u043e\u0433\u043e \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u043c\u0430\u0448\u0438\u043d \u00abROSA Virtualization 3.0\u00bb: https://abf.rosa.ru/advisories/ROSA-SA-2025-2904\n\n\u0414\u043b\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0440\u0435\u0434\u043e\u0439 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u00abROSA Virtualization\u00bb: https://abf.rosa.ru/advisories/ROSA-SA-2025-2903",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "17.10.2018",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "19.08.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "19.09.2019",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-03218",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2018-16395",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Ubuntu, Red Hat Enterprise Linux, Debian GNU/Linux, SUSE Linux Enterprise Module for Open Buildservice Development Tools, SUSE Linux Enterprise Module for Basesystem, OpenSUSE Leap, Ruby, Oracle Communications Interactive Session Recorder, ROSA Virtualization (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165091), ROSA Virtualization 3.0 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211621308)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Canonical Ltd. Ubuntu 14.04 LTS , Red Hat Inc. Red Hat Enterprise Linux 6 , Red Hat Inc. Red Hat Enterprise Linux 7 , Canonical Ltd. Ubuntu 16.04 LTS , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , Canonical Ltd. Ubuntu 18.04 LTS , Canonical Ltd. Ubuntu 18.10 , Novell Inc. OpenSUSE Leap 15.0 , Novell Inc. OpenSUSE Leap 15.1 , Red Hat Inc. Red Hat Enterprise Linux 7.4 EUS , Red Hat Inc. Red Hat Enterprise Linux 7.5 EUS , Red Hat Inc. Red Hat Enterprise Linux 7.6 EUS , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb ROSA Virtualization 2.1  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165091), \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb ROSA Virtualization 3.0 3.0  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211621308)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 OpenSSL::X509::Name \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 OpenSSL\u00a0\u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0430\u0442\u043e\u0440\u0430 \u044f\u0437\u044b\u043a\u0430 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f Ruby, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0438\u0442\u044c \u043f\u043e\u0434\u0434\u0435\u043b\u043a\u0443 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u0430 X509",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0430 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-19)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 OpenSSL::X509::Name \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 OpenSSL\u00a0\u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0430\u0442\u043e\u0440\u0430 \u044f\u0437\u044b\u043a\u0430 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f Ruby \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0438\u0442\u044c \u043f\u043e\u0434\u0434\u0435\u043b\u043a\u0443 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u0430 X509",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html\n\nhttps://access.redhat.com/errata/RHSA-2018:3729 \n\nhttps://access.redhat.com/errata/RHSA-2018:3730 \n\nhttps://access.redhat.com/errata/RHSA-2018:3731 \n\nhttps://access.redhat.com/errata/RHSA-2018:3738 \n\nhttps://access.redhat.com/errata/RHSA-2019:1948 \n\nhttps://access.redhat.com/errata/RHSA-2019:2565 \n\nhttps://hackerone.com/reports/387250 \n\nhttps://lists.debian.org/debian-lts-announce/2018/10/msg00020.html \n\nhttps://security.netapp.com/advisory/ntap-20190221-0002/ \n\nhttps://usn.ubuntu.com/3808-1/ \n\nhttps://www.debian.org/security/2018/dsa-4332 \n\nhttps://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/ \n\nhttps://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/\n\nhttps://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/ \n\nhttps://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/ \n\nhttps://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/\n\nhttps://www.suse.com/security/cve/CVE-2018-16395/\nhttps://www.oracle.com/security-alerts/cpujan2020.html\nhttps://abf.rosa.ru/advisories/ROSA-SA-2025-2904\nhttps://abf.rosa.ru/advisories/ROSA-SA-2025-2903",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-19",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,8)"
}

CERTFR-2022-AVI-267

Vulnerability from certfr_avis - Published: 2022-03-23 - Updated: 2022-03-23

De multiples vulnérabilités ont été découvertes dans Juniper Networks Junos Space. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Juniper Networks	Junos Space	Juniper Networks Junos Space versions antérieures à 21.1R1

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA11176 du 22 mars 2022

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Juniper Networks Junos Space versions ant\u00e9rieures \u00e0 21.1R1",
      "product": {
        "name": "Junos Space",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-13078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13078"
    },
    {
      "name": "CVE-2017-13077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13077"
    },
    {
      "name": "CVE-2017-13080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13080"
    },
    {
      "name": "CVE-2017-13082",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13082"
    },
    {
      "name": "CVE-2017-13088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13088"
    },
    {
      "name": "CVE-2017-13086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13086"
    },
    {
      "name": "CVE-2017-13087",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13087"
    },
    {
      "name": "CVE-2017-5715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5715"
    },
    {
      "name": "CVE-2018-3639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3639"
    },
    {
      "name": "CVE-2007-1351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1351"
    },
    {
      "name": "CVE-2007-1352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1352"
    },
    {
      "name": "CVE-2007-6284",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6284"
    },
    {
      "name": "CVE-2008-2935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2935"
    },
    {
      "name": "CVE-2008-3281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3281"
    },
    {
      "name": "CVE-2008-3529",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3529"
    },
    {
      "name": "CVE-2008-4226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4226"
    },
    {
      "name": "CVE-2008-4225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4225"
    },
    {
      "name": "CVE-2009-2414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2414"
    },
    {
      "name": "CVE-2009-2416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2416"
    },
    {
      "name": "CVE-2008-5161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5161"
    },
    {
      "name": "CVE-2010-4008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4008"
    },
    {
      "name": "CVE-2011-0411",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0411"
    },
    {
      "name": "CVE-2011-1720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1720"
    },
    {
      "name": "CVE-2011-0216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0216"
    },
    {
      "name": "CVE-2011-2834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2834"
    },
    {
      "name": "CVE-2011-2895",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2895"
    },
    {
      "name": "CVE-2011-3905",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3905"
    },
    {
      "name": "CVE-2011-3919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3919"
    },
    {
      "name": "CVE-2012-0841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0841"
    },
    {
      "name": "CVE-2011-1944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1944"
    },
    {
      "name": "CVE-2012-2807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2807"
    },
    {
      "name": "CVE-2012-2870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2870"
    },
    {
      "name": "CVE-2012-5134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5134"
    },
    {
      "name": "CVE-2011-3102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3102"
    },
    {
      "name": "CVE-2013-2877",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2877"
    },
    {
      "name": "CVE-2013-0338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0338"
    },
    {
      "name": "CVE-2012-6139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6139"
    },
    {
      "name": "CVE-2013-2566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2566"
    },
    {
      "name": "CVE-2013-6462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6462"
    },
    {
      "name": "CVE-2014-0211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0211"
    },
    {
      "name": "CVE-2014-3660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3660"
    },
    {
      "name": "CVE-2015-1803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1803"
    },
    {
      "name": "CVE-2015-1804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1804"
    },
    {
      "name": "CVE-2015-1802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1802"
    },
    {
      "name": "CVE-2015-2716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2716"
    },
    {
      "name": "CVE-2015-5352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5352"
    },
    {
      "name": "CVE-2015-2808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2808"
    },
    {
      "name": "CVE-2014-8991",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8991"
    },
    {
      "name": "CVE-2014-7185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-7185"
    },
    {
      "name": "CVE-2014-9365",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9365"
    },
    {
      "name": "CVE-2015-6838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6838"
    },
    {
      "name": "CVE-2015-6837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6837"
    },
    {
      "name": "CVE-2015-7995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7995"
    },
    {
      "name": "CVE-2015-8035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8035"
    },
    {
      "name": "CVE-2015-7499",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7499"
    },
    {
      "name": "CVE-2015-8242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8242"
    },
    {
      "name": "CVE-2015-7500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7500"
    },
    {
      "name": "CVE-2016-1762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1762"
    },
    {
      "name": "CVE-2015-5312",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5312"
    },
    {
      "name": "CVE-2016-1839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1839"
    },
    {
      "name": "CVE-2016-1833",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1833"
    },
    {
      "name": "CVE-2016-1837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1837"
    },
    {
      "name": "CVE-2016-1834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1834"
    },
    {
      "name": "CVE-2016-1840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1840"
    },
    {
      "name": "CVE-2016-1836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1836"
    },
    {
      "name": "CVE-2016-1838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1838"
    },
    {
      "name": "CVE-2016-1684",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1684"
    },
    {
      "name": "CVE-2016-1683",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1683"
    },
    {
      "name": "CVE-2016-4448",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4448"
    },
    {
      "name": "CVE-2016-4447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4447"
    },
    {
      "name": "CVE-2016-4449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4449"
    },
    {
      "name": "CVE-2016-5131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5131"
    },
    {
      "name": "CVE-2015-0975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0975"
    },
    {
      "name": "CVE-2016-4658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4658"
    },
    {
      "name": "CVE-2016-2183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2183"
    },
    {
      "name": "CVE-2016-3627",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3627"
    },
    {
      "name": "CVE-2016-3115",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3115"
    },
    {
      "name": "CVE-2016-5636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5636"
    },
    {
      "name": "CVE-2017-7375",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7375"
    },
    {
      "name": "CVE-2017-7376",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7376"
    },
    {
      "name": "CVE-2017-7773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7773"
    },
    {
      "name": "CVE-2017-7772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7772"
    },
    {
      "name": "CVE-2017-7778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7778"
    },
    {
      "name": "CVE-2017-7771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7771"
    },
    {
      "name": "CVE-2017-7774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7774"
    },
    {
      "name": "CVE-2017-7776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7776"
    },
    {
      "name": "CVE-2017-7777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7777"
    },
    {
      "name": "CVE-2017-7775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7775"
    },
    {
      "name": "CVE-2017-6463",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6463"
    },
    {
      "name": "CVE-2017-6462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6462"
    },
    {
      "name": "CVE-2017-6464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6464"
    },
    {
      "name": "CVE-2017-14492",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14492"
    },
    {
      "name": "CVE-2017-14496",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14496"
    },
    {
      "name": "CVE-2017-14491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14491"
    },
    {
      "name": "CVE-2017-14493",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14493"
    },
    {
      "name": "CVE-2017-14494",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14494"
    },
    {
      "name": "CVE-2017-14495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14495"
    },
    {
      "name": "CVE-2017-5130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5130"
    },
    {
      "name": "CVE-2017-3736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3736"
    },
    {
      "name": "CVE-2017-3735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3735"
    },
    {
      "name": "CVE-2017-15412",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-15412"
    },
    {
      "name": "CVE-2017-3738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3738"
    },
    {
      "name": "CVE-2017-3737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3737"
    },
    {
      "name": "CVE-2017-17807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17807"
    },
    {
      "name": "CVE-2018-0739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0739"
    },
    {
      "name": "CVE-2017-16931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-16931"
    },
    {
      "name": "CVE-2018-11214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11214"
    },
    {
      "name": "CVE-2015-9019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-9019"
    },
    {
      "name": "CVE-2017-18258",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-18258"
    },
    {
      "name": "CVE-2017-16932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-16932"
    },
    {
      "name": "CVE-2016-9318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9318"
    },
    {
      "name": "CVE-2018-1000120",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000120"
    },
    {
      "name": "CVE-2018-1000007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000007"
    },
    {
      "name": "CVE-2018-1000121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000121"
    },
    {
      "name": "CVE-2018-1000122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000122"
    },
    {
      "name": "CVE-2018-0732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0732"
    },
    {
      "name": "CVE-2018-6914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-6914"
    },
    {
      "name": "CVE-2017-0898",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0898"
    },
    {
      "name": "CVE-2018-8778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8778"
    },
    {
      "name": "CVE-2017-14033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14033"
    },
    {
      "name": "CVE-2018-8780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8780"
    },
    {
      "name": "CVE-2017-17742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17742"
    },
    {
      "name": "CVE-2017-10784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10784"
    },
    {
      "name": "CVE-2017-17405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17405"
    },
    {
      "name": "CVE-2018-8779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8779"
    },
    {
      "name": "CVE-2017-14064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14064"
    },
    {
      "name": "CVE-2018-8777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8777"
    },
    {
      "name": "CVE-2018-16395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16395"
    },
    {
      "name": "CVE-2018-0737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0737"
    },
    {
      "name": "CVE-2018-16396",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16396"
    },
    {
      "name": "CVE-2018-0495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0495"
    },
    {
      "name": "CVE-2018-0734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0734"
    },
    {
      "name": "CVE-2018-5407",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5407"
    },
    {
      "name": "CVE-2018-1126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1126"
    },
    {
      "name": "CVE-2018-7858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7858"
    },
    {
      "name": "CVE-2018-1124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1124"
    },
    {
      "name": "CVE-2018-10897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10897"
    },
    {
      "name": "CVE-2018-1064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1064"
    },
    {
      "name": "CVE-2018-5683",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5683"
    },
    {
      "name": "CVE-2017-13672",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13672"
    },
    {
      "name": "CVE-2018-11212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11212"
    },
    {
      "name": "CVE-2017-18267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-18267"
    },
    {
      "name": "CVE-2018-13988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-13988"
    },
    {
      "name": "CVE-2018-20169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20169"
    },
    {
      "name": "CVE-2018-19985",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-19985"
    },
    {
      "name": "CVE-2019-1559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
    },
    {
      "name": "CVE-2019-6133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6133"
    },
    {
      "name": "CVE-2018-18311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18311"
    },
    {
      "name": "CVE-2018-12127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12127"
    },
    {
      "name": "CVE-2018-12130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12130"
    },
    {
      "name": "CVE-2019-11091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11091"
    },
    {
      "name": "CVE-2018-12126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12126"
    },
    {
      "name": "CVE-2019-9503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9503"
    },
    {
      "name": "CVE-2019-10132",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10132"
    },
    {
      "name": "CVE-2019-11190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11190"
    },
    {
      "name": "CVE-2019-11884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11884"
    },
    {
      "name": "CVE-2019-11487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11487"
    },
    {
      "name": "CVE-2019-12382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12382"
    },
    {
      "name": "CVE-2018-7191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7191"
    },
    {
      "name": "CVE-2019-5953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5953"
    },
    {
      "name": "CVE-2019-12614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12614"
    },
    {
      "name": "CVE-2019-11729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11729"
    },
    {
      "name": "CVE-2019-11727",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11727"
    },
    {
      "name": "CVE-2019-11719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11719"
    },
    {
      "name": "CVE-2018-1060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1060"
    },
    {
      "name": "CVE-2018-12327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12327"
    },
    {
      "name": "CVE-2018-1061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1061"
    },
    {
      "name": "CVE-2019-10639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10639"
    },
    {
      "name": "CVE-2019-10638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10638"
    },
    {
      "name": "CVE-2018-20836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20836"
    },
    {
      "name": "CVE-2019-13233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13233"
    },
    {
      "name": "CVE-2019-14283",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14283"
    },
    {
      "name": "CVE-2019-13648",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13648"
    },
    {
      "name": "CVE-2019-10207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10207"
    },
    {
      "name": "CVE-2015-9289",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-9289"
    },
    {
      "name": "CVE-2019-14816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14816"
    },
    {
      "name": "CVE-2019-15239",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-15239"
    },
    {
      "name": "CVE-2019-15917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-15917"
    },
    {
      "name": "CVE-2017-18551",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-18551"
    },
    {
      "name": "CVE-2019-15217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-15217"
    },
    {
      "name": "CVE-2019-14821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14821"
    },
    {
      "name": "CVE-2019-11068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11068"
    },
    {
      "name": "CVE-2018-18066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18066"
    },
    {
      "name": "CVE-2019-15903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-15903"
    },
    {
      "name": "CVE-2019-17666",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17666"
    },
    {
      "name": "CVE-2019-17133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17133"
    },
    {
      "name": "CVE-2018-12207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12207"
    },
    {
      "name": "CVE-2019-11135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11135"
    },
    {
      "name": "CVE-2019-0154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0154"
    },
    {
      "name": "CVE-2019-17055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17055"
    },
    {
      "name": "CVE-2019-17053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17053"
    },
    {
      "name": "CVE-2019-16746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16746"
    },
    {
      "name": "CVE-2019-0155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0155"
    },
    {
      "name": "CVE-2019-16233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16233"
    },
    {
      "name": "CVE-2019-15807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-15807"
    },
    {
      "name": "CVE-2019-16231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16231"
    },
    {
      "name": "CVE-2019-11756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11756"
    },
    {
      "name": "CVE-2019-11745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11745"
    },
    {
      "name": "CVE-2019-19058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19058"
    },
    {
      "name": "CVE-2019-14895",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14895"
    },
    {
      "name": "CVE-2019-19046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19046"
    },
    {
      "name": "CVE-2019-15916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-15916"
    },
    {
      "name": "CVE-2019-18660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-18660"
    },
    {
      "name": "CVE-2019-19063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19063"
    },
    {
      "name": "CVE-2019-19062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19062"
    },
    {
      "name": "CVE-2018-14526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14526"
    },
    {
      "name": "CVE-2019-13734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13734"
    },
    {
      "name": "CVE-2019-19530",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19530"
    },
    {
      "name": "CVE-2019-19534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19534"
    },
    {
      "name": "CVE-2019-19524",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19524"
    },
    {
      "name": "CVE-2019-14901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14901"
    },
    {
      "name": "CVE-2019-19537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19537"
    },
    {
      "name": "CVE-2019-19523",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19523"
    },
    {
      "name": "CVE-2019-19338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19338"
    },
    {
      "name": "CVE-2019-19332",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19332"
    },
    {
      "name": "CVE-2019-19527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19527"
    },
    {
      "name": "CVE-2019-18808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-18808"
    },
    {
      "name": "CVE-2019-19767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19767"
    },
    {
      "name": "CVE-2019-19807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19807"
    },
    {
      "name": "CVE-2019-19055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19055"
    },
    {
      "name": "CVE-2019-17023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17023"
    },
    {
      "name": "CVE-2019-9824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9824"
    },
    {
      "name": "CVE-2019-9636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9636"
    },
    {
      "name": "CVE-2019-12749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12749"
    },
    {
      "name": "CVE-2019-19447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19447"
    },
    {
      "name": "CVE-2019-20095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20095"
    },
    {
      "name": "CVE-2019-20054",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20054"
    },
    {
      "name": "CVE-2019-18634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-18634"
    },
    {
      "name": "CVE-2019-14898",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14898"
    },
    {
      "name": "CVE-2019-16994",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16994"
    },
    {
      "name": "CVE-2019-18282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-18282"
    },
    {
      "name": "CVE-2020-2732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2732"
    },
    {
      "name": "CVE-2019-19059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19059"
    },
    {
      "name": "CVE-2019-3901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3901"
    },
    {
      "name": "CVE-2020-9383",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9383"
    },
    {
      "name": "CVE-2020-8647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8647"
    },
    {
      "name": "CVE-2020-8649",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8649"
    },
    {
      "name": "CVE-2020-1749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1749"
    },
    {
      "name": "CVE-2019-9458",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9458"
    },
    {
      "name": "CVE-2020-10942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10942"
    },
    {
      "name": "CVE-2019-9454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9454"
    },
    {
      "name": "CVE-2020-11565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11565"
    },
    {
      "name": "CVE-2020-10690",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10690"
    },
    {
      "name": "CVE-2020-10751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10751"
    },
    {
      "name": "CVE-2020-12826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12826"
    },
    {
      "name": "CVE-2020-12654",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12654"
    },
    {
      "name": "CVE-2020-10732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10732"
    },
    {
      "name": "CVE-2019-20636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20636"
    },
    {
      "name": "CVE-2019-20811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20811"
    },
    {
      "name": "CVE-2020-12653",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12653"
    },
    {
      "name": "CVE-2020-10757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10757"
    },
    {
      "name": "CVE-2020-12770",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12770"
    },
    {
      "name": "CVE-2020-12888",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12888"
    },
    {
      "name": "CVE-2020-12402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12402"
    },
    {
      "name": "CVE-2018-16881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16881"
    },
    {
      "name": "CVE-2018-19519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-19519"
    },
    {
      "name": "CVE-2020-10713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10713"
    },
    {
      "name": "CVE-2020-14311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14311"
    },
    {
      "name": "CVE-2020-14309",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14309"
    },
    {
      "name": "CVE-2020-15706",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15706"
    },
    {
      "name": "CVE-2020-14308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14308"
    },
    {
      "name": "CVE-2020-14310",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14310"
    },
    {
      "name": "CVE-2020-15705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15705"
    },
    {
      "name": "CVE-2020-15707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15707"
    },
    {
      "name": "CVE-2020-14331",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14331"
    },
    {
      "name": "CVE-2020-10769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10769"
    },
    {
      "name": "CVE-2020-14364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14364"
    },
    {
      "name": "CVE-2020-12400",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12400"
    },
    {
      "name": "CVE-2020-12401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12401"
    },
    {
      "name": "CVE-2020-6829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6829"
    },
    {
      "name": "CVE-2020-14314",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14314"
    },
    {
      "name": "CVE-2020-24394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24394"
    },
    {
      "name": "CVE-2020-25212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25212"
    },
    {
      "name": "CVE-2020-14305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14305"
    },
    {
      "name": "CVE-2020-10742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10742"
    },
    {
      "name": "CVE-2020-14385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14385"
    },
    {
      "name": "CVE-2020-25643",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25643"
    },
    {
      "name": "CVE-2020-15999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15999"
    },
    {
      "name": "CVE-2018-20843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20843"
    },
    {
      "name": "CVE-2018-5729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5729"
    },
    {
      "name": "CVE-2018-5730",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5730"
    },
    {
      "name": "CVE-2020-13817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13817"
    },
    {
      "name": "CVE-2020-11868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11868"
    },
    {
      "name": "CVE-2021-3156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3156"
    },
    {
      "name": "CVE-2019-17006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17006"
    },
    {
      "name": "CVE-2019-13232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13232"
    },
    {
      "name": "CVE-2020-10531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10531"
    },
    {
      "name": "CVE-2019-8696",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8696"
    },
    {
      "name": "CVE-2019-20907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20907"
    },
    {
      "name": "CVE-2019-8675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8675"
    },
    {
      "name": "CVE-2017-12652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12652"
    },
    {
      "name": "CVE-2019-12450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12450"
    },
    {
      "name": "CVE-2020-12825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12825"
    },
    {
      "name": "CVE-2020-12243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12243"
    },
    {
      "name": "CVE-2019-14866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14866"
    },
    {
      "name": "CVE-2020-1983",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1983"
    },
    {
      "name": "CVE-2019-5188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5188"
    },
    {
      "name": "CVE-2019-5094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5094"
    },
    {
      "name": "CVE-2020-10754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10754"
    },
    {
      "name": "CVE-2020-12049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12049"
    },
    {
      "name": "CVE-2019-14822",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14822"
    },
    {
      "name": "CVE-2020-14363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14363"
    },
    {
      "name": "CVE-2019-9924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9924"
    },
    {
      "name": "CVE-2018-18751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18751"
    },
    {
      "name": "CVE-2019-9948",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9948"
    },
    {
      "name": "CVE-2019-20386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20386"
    },
    {
      "name": "CVE-2017-13722",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13722"
    },
    {
      "name": "CVE-2014-0210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0210"
    },
    {
      "name": "CVE-2018-16403",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16403"
    },
    {
      "name": "CVE-2018-15746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15746"
    },
    {
      "name": "CVE-2014-6272",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6272"
    },
    {
      "name": "CVE-2019-7638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7638"
    },
    {
      "name": "CVE-2015-8241",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8241"
    },
    {
      "name": "CVE-2019-10155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10155"
    },
    {
      "name": "CVE-2018-11813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11813"
    },
    {
      "name": "CVE-2018-18310",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18310"
    },
    {
      "name": "CVE-2018-1084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1084"
    },
    {
      "name": "CVE-2020-12662",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12662"
    },
    {
      "name": "CVE-2012-4423",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-4423"
    },
    {
      "name": "CVE-2017-0902",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0902"
    },
    {
      "name": "CVE-2018-8945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8945"
    },
    {
      "name": "CVE-2017-0899",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0899"
    },
    {
      "name": "CVE-2010-2239",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2239"
    },
    {
      "name": "CVE-2010-2242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2242"
    },
    {
      "name": "CVE-2017-14167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14167"
    },
    {
      "name": "CVE-2015-0225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0225"
    },
    {
      "name": "CVE-2019-11324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11324"
    },
    {
      "name": "CVE-2013-6458",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6458"
    },
    {
      "name": "CVE-2018-1000075",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000075"
    },
    {
      "name": "CVE-2018-15857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15857"
    },
    {
      "name": "CVE-2018-16062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16062"
    },
    {
      "name": "CVE-2018-10534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10534"
    },
    {
      "name": "CVE-2014-0179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0179"
    },
    {
      "name": "CVE-2018-18384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18384"
    },
    {
      "name": "CVE-2013-1766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1766"
    },
    {
      "name": "CVE-2016-6580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6580"
    },
    {
      "name": "CVE-2018-12697",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12697"
    },
    {
      "name": "CVE-2018-1000301",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000301"
    },
    {
      "name": "CVE-2019-11236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11236"
    },
    {
      "name": "CVE-2019-12155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12155"
    },
    {
      "name": "CVE-2017-0900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0900"
    },
    {
      "name": "CVE-2014-3598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3598"
    },
    {
      "name": "CVE-2017-1000050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000050"
    },
    {
      "name": "CVE-2018-10535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10535"
    },
    {
      "name": "CVE-2019-3820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3820"
    },
    {
      "name": "CVE-2018-16402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16402"
    },
    {
      "name": "CVE-2018-1116",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1116"
    },
    {
      "name": "CVE-2018-15853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15853"
    },
    {
      "name": "CVE-2019-14378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14378"
    },
    {
      "name": "CVE-2016-1494",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1494"
    },
    {
      "name": "CVE-2019-12312",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12312"
    },
    {
      "name": "CVE-2013-0339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0339"
    },
    {
      "name": "CVE-2019-16935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16935"
    },
    {
      "name": "CVE-2015-6525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6525"
    },
    {
      "name": "CVE-2016-6581",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6581"
    },
    {
      "name": "CVE-2013-4520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4520"
    },
    {
      "name": "CVE-2014-3633",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3633"
    },
    {
      "name": "CVE-2014-3004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3004"
    },
    {
      "name": "CVE-2015-9381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-9381"
    },
    {
      "name": "CVE-2016-5361",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5361"
    },
    {
      "name": "CVE-2018-14598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14598"
    },
    {
      "name": "CVE-2014-1447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1447"
    },
    {
      "name": "CVE-2018-20852",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20852"
    },
    {
      "name": "CVE-2012-2693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2693"
    },
    {
      "name": "CVE-2018-7208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7208"
    },
    {
      "name": "CVE-2018-12910",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12910"
    },
    {
      "name": "CVE-2019-8325",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8325"
    },
    {
      "name": "CVE-2015-7497",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7497"
    },
    {
      "name": "CVE-2019-7665",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7665"
    },
    {
      "name": "CVE-2018-15854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15854"
    },
    {
      "name": "CVE-2019-13404",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13404"
    },
    {
      "name": "CVE-2015-5160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5160"
    },
    {
      "name": "CVE-2018-10767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10767"
    },
    {
      "name": "CVE-2018-7550",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7550"
    },
    {
      "name": "CVE-2016-3076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3076"
    },
    {
      "name": "CVE-2018-14404",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14404"
    },
    {
      "name": "CVE-2018-18521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18521"
    },
    {
      "name": "CVE-2018-19788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-19788"
    },
    {
      "name": "CVE-2019-8322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8322"
    },
    {
      "name": "CVE-2019-3840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3840"
    },
    {
      "name": "CVE-2016-9189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9189"
    },
    {
      "name": "CVE-2015-9262",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-9262"
    },
    {
      "name": "CVE-2018-14647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14647"
    },
    {
      "name": "CVE-2019-17041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17041"
    },
    {
      "name": "CVE-2019-14906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14906"
    },
    {
      "name": "CVE-2018-1000073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000073"
    },
    {
      "name": "CVE-2019-9947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9947"
    },
    {
      "name": "CVE-2017-1000158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000158"
    },
    {
      "name": "CVE-2019-7635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7635"
    },
    {
      "name": "CVE-2019-7576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7576"
    },
    {
      "name": "CVE-2019-14834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14834"
    },
    {
      "name": "CVE-2018-15855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15855"
    },
    {
      "name": "CVE-2019-7149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7149"
    },
    {
      "name": "CVE-2018-7642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7642"
    },
    {
      "name": "CVE-2019-5010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5010"
    },
    {
      "name": "CVE-2018-12641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12641"
    },
    {
      "name": "CVE-2021-3396",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3396"
    },
    {
      "name": "CVE-2020-12403",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12403"
    },
    {
      "name": "CVE-2017-15268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-15268"
    },
    {
      "name": "CVE-2018-15587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15587"
    },
    {
      "name": "CVE-2016-10746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10746"
    },
    {
      "name": "CVE-2017-13711",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13711"
    },
    {
      "name": "CVE-2014-8131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8131"
    },
    {
      "name": "CVE-2014-9601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9601"
    },
    {
      "name": "CVE-2014-3657",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3657"
    },
    {
      "name": "CVE-2018-10373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10373"
    },
    {
      "name": "CVE-2017-17790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17790"
    },
    {
      "name": "CVE-2011-2511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2511"
    },
    {
      "name": "CVE-2018-1000802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000802"
    },
    {
      "name": "CVE-2017-7555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7555"
    },
    {
      "name": "CVE-2016-9015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9015"
    },
    {
      "name": "CVE-2017-13720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13720"
    },
    {
      "name": "CVE-2018-11782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11782"
    },
    {
      "name": "CVE-2017-11671",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11671"
    },
    {
      "name": "CVE-2017-10664",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10664"
    },
    {
      "name": "CVE-2018-11213",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11213"
    },
    {
      "name": "CVE-2013-6457",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6457"
    },
    {
      "name": "CVE-2019-10138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10138"
    },
    {
      "name": "CVE-2019-7578",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7578"
    },
    {
      "name": "CVE-2020-7039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7039"
    },
    {
      "name": "CVE-2017-11368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11368"
    },
    {
      "name": "CVE-2018-0494",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0494"
    },
    {
      "name": "CVE-2019-20485",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20485"
    },
    {
      "name": "CVE-2003-1418",
      "url": "https://www.cve.org/CVERecord?id=CVE-2003-1418"
    },
    {
      "name": "CVE-2017-15289",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-15289"
    },
    {
      "name": "CVE-2016-5391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5391"
    },
    {
      "name": "CVE-2017-2810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2810"
    },
    {
      "name": "CVE-2018-15864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15864"
    },
    {
      "name": "CVE-2017-18207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-18207"
    },
    {
      "name": "CVE-2019-12761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12761"
    },
    {
      "name": "CVE-2013-5651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5651"
    },
    {
      "name": "CVE-2017-17522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17522"
    },
    {
      "name": "CVE-2019-20382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20382"
    },
    {
      "name": "CVE-2016-2533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2533"
    },
    {
      "name": "CVE-2019-14287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14287"
    },
    {
      "name": "CVE-2018-18520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18520"
    },
    {
      "name": "CVE-2019-9740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9740"
    },
    {
      "name": "CVE-2019-7575",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7575"
    },
    {
      "name": "CVE-2015-5652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5652"
    },
    {
      "name": "CVE-2019-7572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7572"
    },
    {
      "name": "CVE-2017-6519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6519"
    },
    {
      "name": "CVE-2018-10906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10906"
    },
    {
      "name": "CVE-2018-15863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15863"
    },
    {
      "name": "CVE-2018-15862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15862"
    },
    {
      "name": "CVE-2018-1000079",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000079"
    },
    {
      "name": "CVE-2019-7664",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7664"
    },
    {
      "name": "CVE-2017-5992",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5992"
    },
    {
      "name": "CVE-2019-16865",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16865"
    },
    {
      "name": "CVE-2019-8324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8324"
    },
    {
      "name": "CVE-2018-1000076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000076"
    },
    {
      "name": "CVE-2018-1000030",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000030"
    },
    {
      "name": "CVE-2018-1000074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000074"
    },
    {
      "name": "CVE-2017-0901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0901"
    },
    {
      "name": "CVE-2018-7568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7568"
    },
    {
      "name": "CVE-2016-0775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0775"
    },
    {
      "name": "CVE-2018-15688",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15688"
    },
    {
      "name": "CVE-2018-14599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14599"
    },
    {
      "name": "CVE-2018-10733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10733"
    },
    {
      "name": "CVE-2016-9396",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9396"
    },
    {
      "name": "CVE-2019-10160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10160"
    },
    {
      "name": "CVE-2017-7562",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7562"
    },
    {
      "name": "CVE-2016-1000032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1000032"
    },
    {
      "name": "CVE-2017-15124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-15124"
    },
    {
      "name": "CVE-2018-1113",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1113"
    },
    {
      "name": "CVE-2013-4399",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4399"
    },
    {
      "name": "CVE-2019-7636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7636"
    },
    {
      "name": "CVE-2014-3672",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3672"
    },
    {
      "name": "CVE-2018-4700",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4700"
    },
    {
      "name": "CVE-2017-0903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0903"
    },
    {
      "name": "CVE-2018-15856",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15856"
    },
    {
      "name": "CVE-2018-1000078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000078"
    },
    {
      "name": "CVE-2019-7573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7573"
    },
    {
      "name": "CVE-2018-1000077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000077"
    },
    {
      "name": "CVE-2010-2237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2237"
    },
    {
      "name": "CVE-2018-1000876",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000876"
    },
    {
      "name": "CVE-2018-14348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14348"
    },
    {
      "name": "CVE-2019-3890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3890"
    },
    {
      "name": "CVE-2015-7498",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7498"
    },
    {
      "name": "CVE-2019-7577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7577"
    },
    {
      "name": "CVE-2016-0740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0740"
    },
    {
      "name": "CVE-2018-4180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4180"
    },
    {
      "name": "CVE-2013-4297",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4297"
    },
    {
      "name": "CVE-2010-2238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2238"
    },
    {
      "name": "CVE-2018-14600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14600"
    },
    {
      "name": "CVE-2017-13090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13090"
    },
    {
      "name": "CVE-2013-7336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-7336"
    },
    {
      "name": "CVE-2018-10372",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10372"
    },
    {
      "name": "CVE-2019-7637",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7637"
    },
    {
      "name": "CVE-2018-11806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11806"
    },
    {
      "name": "CVE-2018-7643",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7643"
    },
    {
      "name": "CVE-2015-0236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0236"
    },
    {
      "name": "CVE-2018-1000117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000117"
    },
    {
      "name": "CVE-2014-0209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0209"
    },
    {
      "name": "CVE-2013-2230",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2230"
    },
    {
      "name": "CVE-2018-1122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1122"
    },
    {
      "name": "CVE-2014-3960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3960"
    },
    {
      "name": "CVE-2019-16056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16056"
    },
    {
      "name": "CVE-2020-12663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12663"
    },
    {
      "name": "CVE-2018-10768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10768"
    },
    {
      "name": "CVE-2017-16611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-16611"
    },
    {
      "name": "CVE-2014-7823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-7823"
    },
    {
      "name": "CVE-2020-10703",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10703"
    },
    {
      "name": "CVE-2018-7569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7569"
    },
    {
      "name": "CVE-2013-4154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4154"
    },
    {
      "name": "CVE-2018-20060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20060"
    },
    {
      "name": "CVE-2015-9382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-9382"
    },
    {
      "name": "CVE-2017-18190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-18190"
    },
    {
      "name": "CVE-2016-4009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4009"
    },
    {
      "name": "CVE-2018-13033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-13033"
    },
    {
      "name": "CVE-2016-9190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9190"
    },
    {
      "name": "CVE-2019-7574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7574"
    },
    {
      "name": "CVE-2016-0772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0772"
    },
    {
      "name": "CVE-2016-5699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5699"
    },
    {
      "name": "CVE-2011-1486",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1486"
    },
    {
      "name": "CVE-2020-5208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-5208"
    },
    {
      "name": "CVE-2019-6778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6778"
    },
    {
      "name": "CVE-2020-10772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10772"
    },
    {
      "name": "CVE-2020-25637",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25637"
    },
    {
      "name": "CVE-2018-10360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10360"
    },
    {
      "name": "CVE-2018-15859",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15859"
    },
    {
      "name": "CVE-2017-13089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13089"
    },
    {
      "name": "CVE-2019-12779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12779"
    },
    {
      "name": "CVE-2019-1010238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1010238"
    },
    {
      "name": "CVE-2019-6690",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6690"
    },
    {
      "name": "CVE-2015-8317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8317"
    },
    {
      "name": "CVE-2018-4181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4181"
    },
    {
      "name": "CVE-2019-8323",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8323"
    },
    {
      "name": "CVE-2016-3616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3616"
    },
    {
      "name": "CVE-2018-14498",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14498"
    },
    {
      "name": "CVE-2018-15861",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15861"
    },
    {
      "name": "CVE-2019-7150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7150"
    },
    {
      "name": "CVE-2019-17042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17042"
    },
    {
      "name": "CVE-2016-5008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5008"
    },
    {
      "name": "CVE-2014-4616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4616"
    }
  ],
  "initial_release_date": "2022-03-23T00:00:00",
  "last_revision_date": "2022-03-23T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-267",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-03-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Juniper Networks\nJunos Space. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Juniper Networks Junos Space",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11176 du 22 mars 2022",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11176\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

CERTFR-2018-AVI-589

Vulnerability from certfr_avis - Published: 2018-12-10 - Updated: 2018-12-11

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	N/A	IBM Cúram Social Program Management (SPM) versions 6.1.x antérieures à 6.1.1.6 iFix2
IBM	N/A	IBM Security SiteProtector System versions 3.0.0.x antérieures à 3.0.0.20
IBM	N/A	IBM Cúram Social Program Management (SPM) versions 7.x antérieures à 7.0.4.0 iFix1
IBM	N/A	VRA - Vyatta 5600
IBM	WebSphere	IBM Java SDK dans IBM WebSphere Application Server versions 1.0.0.0 à 1.0.0.7 et 2.2.0.0 à 2.2.6.0
IBM	N/A	IBM Cúram Social Program Management (SPM) versions 6.2.x antérieures à 6.2.0.6 iFix2
IBM	QRadar	IBM QRadar Network Security versions 5.5.x antérieures à 5.5.0.1
IBM	N/A	IBM DataPower Gateway versions 7.6.x antérieures à 7.6.0.3
IBM	N/A	IBM Social Program Management Design System versions antérieures à 1.4.0
IBM	N/A	IBM Cúram Social Program Management (SPM) versions 6.0.5.x antérieures à 6.0.5.10 iFix4
IBM	N/A	IBM DataPower Gateway versions 7.1.x antérieures à 7.1.0.20
IBM	N/A	IBM DataPower Gateway versions 7.5.2.x antérieures à 7.2.10
IBM	N/A	IBM Cúram Social Program Management (SPM) versions 7.0.x antérieures à 7.0.1.3
IBM	N/A	IBM Lotus Protector for Mail Security version 2.8.1.0
IBM	N/A	IBM DataPower Gateway versions 7.2.x antérieures à 7.2.0.17
IBM	QRadar	IBM QRadar Network Security versions 5.4.x antérieures à 5.4.0.6
IBM	N/A	IBM DataPower Gateway versions 7.5.1.x antérieures à 7.1.10
IBM	N/A	IBM Security SiteProtector System versions 3.1.1.x antérieures à 3.1.1.17
IBM	N/A	IBM DataPower Gateway versions 7.5.0.x antérieures à 7.5.0.11
IBM	WebSphere	WebSphere Application Server versions antérieures à 9.0.0.10
IBM	N/A	IBM Voice Gateway versions antérieures à 1.0.0.7a
IBM	N/A	IBM Lotus Protector for Mail Security version 2.8.3.0

References

Title

Publication Time

Tags

Bulletin de sécurité IBM ibm10732880 du 07 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10739019 du 05 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10744291 du 05 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10744157 du 07 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10739035 du 06 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10744557 du 07 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10739985 du 06 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10740799 du 06 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10743847 du 06 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10736137 du 06 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10742369 du 06 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10739027 du 06 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10744247 du 06 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10744553 du 06 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10740789 du 07 décembre 2018	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM C\u00faram Social Program Management (SPM) versions 6.1.x ant\u00e9rieures \u00e0 6.1.1.6 iFix2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Security SiteProtector System versions 3.0.0.x ant\u00e9rieures \u00e0 3.0.0.20",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM C\u00faram Social Program Management (SPM) versions 7.x ant\u00e9rieures \u00e0 7.0.4.0 iFix1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "VRA - Vyatta 5600",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Java SDK dans IBM WebSphere Application Server versions 1.0.0.0 \u00e0 1.0.0.7 et 2.2.0.0 \u00e0 2.2.6.0",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM C\u00faram Social Program Management (SPM) versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.6 iFix2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM QRadar Network Security versions 5.5.x ant\u00e9rieures \u00e0 5.5.0.1",
      "product": {
        "name": "QRadar",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM DataPower Gateway versions 7.6.x ant\u00e9rieures \u00e0 7.6.0.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Social Program Management Design System versions ant\u00e9rieures \u00e0 1.4.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM C\u00faram Social Program Management (SPM) versions 6.0.5.x ant\u00e9rieures \u00e0 6.0.5.10 iFix4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM DataPower Gateway versions 7.1.x ant\u00e9rieures \u00e0 7.1.0.20",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM DataPower Gateway versions 7.5.2.x ant\u00e9rieures \u00e0 7.2.10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM C\u00faram Social Program Management (SPM) versions 7.0.x ant\u00e9rieures \u00e0 7.0.1.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Lotus Protector for Mail Security version 2.8.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM DataPower Gateway versions 7.2.x ant\u00e9rieures \u00e0 7.2.0.17",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM QRadar Network Security versions 5.4.x ant\u00e9rieures \u00e0 5.4.0.6",
      "product": {
        "name": "QRadar",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM DataPower Gateway versions 7.5.1.x ant\u00e9rieures \u00e0 7.1.10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Security SiteProtector System versions 3.1.1.x ant\u00e9rieures \u00e0 3.1.1.17",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM DataPower Gateway versions 7.5.0.x ant\u00e9rieures \u00e0 7.5.0.11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere Application Server versions ant\u00e9rieures \u00e0 9.0.0.10",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Voice Gateway versions ant\u00e9rieures \u00e0 1.0.0.7a",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Lotus Protector for Mail Security version 2.8.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-16058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16058"
    },
    {
      "name": "CVE-2018-10873",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10873"
    },
    {
      "name": "CVE-2018-3721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3721"
    },
    {
      "name": "CVE-2018-16396",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16396"
    },
    {
      "name": "CVE-2018-0737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0737"
    },
    {
      "name": "CVE-2018-10933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10933"
    },
    {
      "name": "CVE-2018-16658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16658"
    },
    {
      "name": "CVE-2018-0739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0739"
    },
    {
      "name": "CVE-2018-10902",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10902"
    },
    {
      "name": "CVE-2018-15594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15594"
    },
    {
      "name": "CVE-2018-16151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16151"
    },
    {
      "name": "CVE-2018-8039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8039"
    },
    {
      "name": "CVE-2018-1656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1656"
    },
    {
      "name": "CVE-2018-1671",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1671"
    },
    {
      "name": "CVE-2018-2973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-2973"
    },
    {
      "name": "CVE-2018-6554",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-6554"
    },
    {
      "name": "CVE-2018-1652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1652"
    },
    {
      "name": "CVE-2018-16842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16842"
    },
    {
      "name": "CVE-2018-17182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-17182"
    },
    {
      "name": "CVE-2018-2964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-2964"
    },
    {
      "name": "CVE-2018-3139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3139"
    },
    {
      "name": "CVE-2018-15572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15572"
    },
    {
      "name": "CVE-2018-14609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14609"
    },
    {
      "name": "CVE-2018-3620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3620"
    },
    {
      "name": "CVE-2018-14618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14618"
    },
    {
      "name": "CVE-2018-16395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16395"
    },
    {
      "name": "CVE-2017-3732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3732"
    },
    {
      "name": "CVE-2017-3736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3736"
    },
    {
      "name": "CVE-2018-16056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16056"
    },
    {
      "name": "CVE-2018-3180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3180"
    },
    {
      "name": "CVE-2018-1900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1900"
    },
    {
      "name": "CVE-2018-14617",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14617"
    },
    {
      "name": "CVE-2017-3735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3735"
    },
    {
      "name": "CVE-2018-16839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16839"
    },
    {
      "name": "CVE-2018-14633",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14633"
    },
    {
      "name": "CVE-2018-14678",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14678"
    },
    {
      "name": "CVE-2018-13099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-13099"
    },
    {
      "name": "CVE-2018-0732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0732"
    },
    {
      "name": "CVE-2018-9516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-9516"
    },
    {
      "name": "CVE-2018-9363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-9363"
    },
    {
      "name": "CVE-2018-16152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16152"
    },
    {
      "name": "CVE-2018-10938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10938"
    },
    {
      "name": "CVE-2018-14734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14734"
    },
    {
      "name": "CVE-2016-0705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0705"
    },
    {
      "name": "CVE-2018-1957",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1957"
    },
    {
      "name": "CVE-2018-1654",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1654"
    },
    {
      "name": "CVE-2018-0495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0495"
    },
    {
      "name": "CVE-2018-18065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18065"
    },
    {
      "name": "CVE-2018-8013",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8013"
    },
    {
      "name": "CVE-2018-12539",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12539"
    },
    {
      "name": "CVE-2018-16276",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16276"
    }
  ],
  "initial_release_date": "2018-12-10T00:00:00",
  "last_revision_date": "2018-12-11T00:00:00",
  "links": [],
  "reference": "CERTFR-2018-AVI-589",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-12-10T00:00:00.000000"
    },
    {
      "description": "Ajout de deux bulletins de s\u00e9curit\u00e9 IBM Lotus Protector",
      "revision_date": "2018-12-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un d\u00e9ni de service \u00e0 distance et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10732880 du 07 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10732880"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10739019 du 05 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10739019"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10744291 du 05 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10744291"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10744157 du 07 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10744157"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10739035 du 06 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10739035"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10744557 du 07 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10744557"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10739985 du 06 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10739985"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10740799 du 06 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10740799"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10743847 du 06 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10743847"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10736137 du 06 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10736137"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10742369 du 06 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10742369"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10739027 du 06 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10739027"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10744247 du 06 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10744247"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10744553 du 06 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10744553"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10740789 du 07 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10740789"
    }
  ]
}

GHSA-MMRQ-6999-72V8

Vulnerability from github – Published: 2022-05-13 01:50 – Updated: 2023-07-24 20:06

Summary

Ruby Openssl Allows Incorrect Value Comparison

Details

An issue was discovered in the OpenSSL library in Ruby when two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.

Severity ?

9.8 (Critical)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "openssl"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.0.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "openssl"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.1.0"
            },
            {
              "fixed": "2.1.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2018-16395"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": true,
    "github_reviewed_at": "2023-06-09T22:57:50Z",
    "nvd_published_at": "2018-11-16T18:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "An issue was discovered in the OpenSSL library in Ruby when two `OpenSSL::X509::Name` objects are compared using `==`, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of `==` will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.",
  "id": "GHSA-mmrq-6999-72v8",
  "modified": "2023-07-24T20:06:51Z",
  "published": "2022-05-13T01:50:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16395"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ruby/openssl/commit/f653cfa43f0f20e8c440122ea982382b6228e7f5"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/387250"
    },
    {
      "type": "WEB",
      "url": "https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released"
    },
    {
      "type": "WEB",
      "url": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released"
    },
    {
      "type": "WEB",
      "url": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released"
    },
    {
      "type": "WEB",
      "url": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released"
    },
    {
      "type": "WEB",
      "url": "https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2018/dsa-4332"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20211206015239/https://securitytracker.com/id/1042105"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3808-1"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20190221-0002"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00020.html"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/openssl/CVE-2018-16395.yml"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:2565"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:1948"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:3738"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:3731"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:3730"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:3729"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Ruby Openssl Allows Incorrect Value Comparison"
}

GSD-2018-16395

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-16395

Aliases

CVE-2018-16395

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-16395",
    "description": "An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.",
    "id": "GSD-2018-16395",
    "references": [
      "https://www.suse.com/security/cve/CVE-2018-16395.html",
      "https://www.debian.org/security/2018/dsa-4332",
      "https://access.redhat.com/errata/RHSA-2019:2565",
      "https://access.redhat.com/errata/RHSA-2019:1948",
      "https://access.redhat.com/errata/RHSA-2018:3738",
      "https://access.redhat.com/errata/RHSA-2018:3731",
      "https://access.redhat.com/errata/RHSA-2018:3730",
      "https://access.redhat.com/errata/RHSA-2018:3729",
      "https://ubuntu.com/security/CVE-2018-16395",
      "https://advisories.mageia.org/CVE-2018-16395.html",
      "https://alas.aws.amazon.com/cve/html/CVE-2018-16395.html",
      "https://linux.oracle.com/cve/CVE-2018-16395.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-16395"
      ],
      "details": "An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.",
      "id": "GSD-2018-16395",
      "modified": "2023-12-13T01:22:25.972742Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2018-16395",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/",
            "refsource": "CONFIRM",
            "url": "https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/"
          },
          {
            "name": "RHSA-2018:3738",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2018:3738"
          },
          {
            "name": "https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/",
            "refsource": "CONFIRM",
            "url": "https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/"
          },
          {
            "name": "RHSA-2018:3729",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2018:3729"
          },
          {
            "name": "https://hackerone.com/reports/387250",
            "refsource": "MISC",
            "url": "https://hackerone.com/reports/387250"
          },
          {
            "name": "RHSA-2018:3730",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2018:3730"
          },
          {
            "name": "RHSA-2018:3731",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2018:3731"
          },
          {
            "name": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/",
            "refsource": "CONFIRM",
            "url": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/"
          },
          {
            "name": "DSA-4332",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2018/dsa-4332"
          },
          {
            "name": "USN-3808-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/3808-1/"
          },
          {
            "name": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/",
            "refsource": "CONFIRM",
            "url": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20190221-0002/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20190221-0002/"
          },
          {
            "name": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/",
            "refsource": "CONFIRM",
            "url": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/"
          },
          {
            "name": "[debian-lts-announce] 20181028 [SECURITY] [DLA 1558-1] ruby2.1 security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00020.html"
          },
          {
            "name": "1042105",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1042105"
          },
          {
            "name": "openSUSE-SU-2019:1771",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html"
          },
          {
            "name": "RHSA-2019:1948",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2019:1948"
          },
          {
            "name": "RHSA-2019:2565",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2019:2565"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003c2.1.2",
          "affected_versions": "All versions before 2.1.2",
          "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-937"
          ],
          "date": "2019-10-03",
          "description": "When two `OpenSSL::X509::Name` objects are compared using `==`, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of `==` will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.",
          "fixed_versions": [
            "2.1.2"
          ],
          "identifier": "CVE-2018-16395",
          "identifiers": [
            "CVE-2018-16395"
          ],
          "not_impacted": "All versions starting from 2.1.2",
          "package_slug": "gem/openssl",
          "pubdate": "2018-11-16",
          "solution": "Upgrade to version 2.1.2 or above.",
          "title": "Improper Certificate Validation",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2018-16395",
            "http://www.securitytracker.com/id/1042105",
            "https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/",
            "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/",
            "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/",
            "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/",
            "https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/"
          ],
          "uuid": "6324326c-f460-4083-814a-01a9644bef53"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.3.7",
                "versionStartIncluding": "2.3.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.4.4",
                "versionStartIncluding": "2.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.5.1",
                "versionStartIncluding": "2.5.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:2.6.0:preview1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:2.6.0:preview2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:openssl:*:*:*:*:*:ruby:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.1.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-16395"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/",
              "refsource": "CONFIRM",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/"
            },
            {
              "name": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/",
              "refsource": "CONFIRM",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/"
            },
            {
              "name": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/",
              "refsource": "CONFIRM",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/"
            },
            {
              "name": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/",
              "refsource": "CONFIRM",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/"
            },
            {
              "name": "https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/",
              "refsource": "CONFIRM",
              "tags": [
                "Mitigation",
                "Vendor Advisory"
              ],
              "url": "https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/"
            },
            {
              "name": "[debian-lts-announce] 20181028 [SECURITY] [DLA 1558-1] ruby2.1 security update",
              "refsource": "MLIST",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00020.html"
            },
            {
              "name": "https://hackerone.com/reports/387250",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://hackerone.com/reports/387250"
            },
            {
              "name": "DSA-4332",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4332"
            },
            {
              "name": "USN-3808-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://usn.ubuntu.com/3808-1/"
            },
            {
              "name": "1042105",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1042105"
            },
            {
              "name": "RHSA-2018:3738",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3738"
            },
            {
              "name": "RHSA-2018:3731",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3731"
            },
            {
              "name": "RHSA-2018:3730",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3730"
            },
            {
              "name": "RHSA-2018:3729",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3729"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190221-0002/",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20190221-0002/"
            },
            {
              "name": "openSUSE-SU-2019:1771",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html"
            },
            {
              "name": "RHSA-2019:1948",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:1948"
            },
            {
              "name": "RHSA-2019:2565",
              "refsource": "REDHAT",
              "tags": [],
              "url": "https://access.redhat.com/errata/RHSA-2019:2565"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "tags": [],
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-10-03T00:03Z",
      "publishedDate": "2018-11-16T18:29Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-16395 (GCVE-0-2018-16395)

FKIE_CVE-2018-16395

CVE-2018-16395

CERTFR-2022-AVI-267

Solution

CERTFR-2018-AVI-589

Solution

GHSA-MMRQ-6999-72V8

GSD-2018-16395

Tags

Sightings

Nomenclature