Vulnerability-Lookup

CVE-2018-10498 (GCVE-0-2018-10498)

Vulnerability from cvelistv5 – Published: 2018-09-24 23:00 – Updated: 2024-08-05 07:39

Summary

This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Samsung Email Fixed in version 5.0.02.16. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of file:/// URIs. The issue lies in the lack of proper validation of user-supplied data, which can allow for reading arbitrary files. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges. Was ZDI-CAN-5329.

Severity ?

No CVSS data available.

CWE

CWE-37 - Path Traversal: '/absolute/pathname/here'

Assigner

zdi

References

URL

Tags

https://zerodayinitiative.com/advisories/ZDI-18-557

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Samsung	Samsung Email	Affected: Fixed in version 5.0.02.16

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:39:07.683Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://zerodayinitiative.com/advisories/ZDI-18-557"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Samsung Email",
          "vendor": "Samsung",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in version 5.0.02.16"
            }
          ]
        }
      ],
      "datePublic": "2018-06-07T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Samsung Email Fixed in version 5.0.02.16. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of file:/// URIs. The issue lies in the lack of proper validation of user-supplied data, which can allow for reading arbitrary files. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges. Was ZDI-CAN-5329."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-37",
              "description": "CWE-37-Path Traversal: \u0027/absolute/pathname/here\u0027",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-09-24T22:57:01.000Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://zerodayinitiative.com/advisories/ZDI-18-557"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "zdi-disclosures@trendmicro.com",
          "ID": "CVE-2018-10498",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Samsung Email",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Fixed in version 5.0.02.16"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Samsung"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Samsung Email Fixed in version 5.0.02.16. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of file:/// URIs. The issue lies in the lack of proper validation of user-supplied data, which can allow for reading arbitrary files. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges. Was ZDI-CAN-5329."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-37-Path Traversal: \u0027/absolute/pathname/here\u0027"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://zerodayinitiative.com/advisories/ZDI-18-557",
              "refsource": "MISC",
              "url": "https://zerodayinitiative.com/advisories/ZDI-18-557"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2018-10498",
    "datePublished": "2018-09-24T23:00:00.000Z",
    "dateReserved": "2018-04-27T00:00:00.000Z",
    "dateUpdated": "2024-08-05T07:39:07.683Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

FKIE_CVE-2018-10498

Vulnerability from fkie_nvd - Published: 2018-09-24 23:29 - Updated: 2024-11-21 03:41

Severity ?

5.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

References

	URL	Tags
	zdi-disclosures@trendmicro.com	https://zerodayinitiative.com/advisories/ZDI-18-557	Third Party Advisory, VDB Entry
	af854a3a-2127-422b-91ae-364da2661108	https://zerodayinitiative.com/advisories/ZDI-18-557	Third Party Advisory, VDB Entry

Impacted products

	Vendor	Product	Version
	samsung	samsung_email	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:samsung:samsung_email:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "09AADD23-8A93-4993-BB2B-E9FEBA620B3E",
              "versionEndExcluding": "5.0.02.16",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Samsung Email Fixed in version 5.0.02.16. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of file:/// URIs. The issue lies in the lack of proper validation of user-supplied data, which can allow for reading arbitrary files. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges. Was ZDI-CAN-5329."
    },
    {
      "lang": "es",
      "value": "Esta vulnerabilidad permite que los atacantes locales divulguen informaci\u00f3n sensible en instalaciones vulnerables de Samsung Email, solucionado en la versi\u00f3n 5.0.02.16. En primer lugar, un atacante debe obtener la capacidad de ejecutar c\u00f3digo de bajos privilegios en el sistema objetivo para explotar esta vulnerabilidad. Este error en concreto existe en el manejo de URI file:///. El problema deriva de la falta de validaci\u00f3n correcta de datos proporcionados por el usuario, lo que puede permitir la lectura de archivos arbitrarios. Un atacante podr\u00eda aprovecharse de esta vulnerabilidad y otras para escalar privilegios. Anteriormente era ZDI-CAN-5329."
    }
  ],
  "id": "CVE-2018-10498",
  "lastModified": "2024-11-21T03:41:26.550",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-09-24T23:29:00.570",
  "references": [
    {
      "source": "zdi-disclosures@trendmicro.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://zerodayinitiative.com/advisories/ZDI-18-557"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://zerodayinitiative.com/advisories/ZDI-18-557"
    }
  ],
  "sourceIdentifier": "zdi-disclosures@trendmicro.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-37"
        }
      ],
      "source": "zdi-disclosures@trendmicro.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2018-17428

Vulnerability from cnvd - Published: 2018-09-03

Title

Samsung Email信息泄露漏洞

Description

Samsung Email是韩国三星（Samsung）公司的一款用于收发和管理电子邮件的应用程序。 Samsung Email中file:/// URIs的处理存在信息泄露漏洞，该漏洞源于程序为未能正确的验证用户提交的数据。本地攻击者可通过获取低权限代码的执行权限利用该漏洞读取任意文件。

Severity

中

Patch Name

Samsung Email信息泄露漏洞的补丁

Patch Description

Samsung Email是韩国三星（Samsung）公司的一款用于收发和管理电子邮件的应用程序。 Samsung Email中file:/// URIs的处理存在信息泄露漏洞，该漏洞源于程序未能正确的验证用户提交的数据。本地攻击者可通过获取低权限代码的执行权限利用该漏洞读取任意文件。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.samsung.com/

Reference

https://www.zerodayinitiative.com/advisories/ZDI-18-557/

Impacted products

Name
Samsung Email

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-10498"
    }
  },
  "description": "Samsung Email\u662f\u97e9\u56fd\u4e09\u661f\uff08Samsung\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u7528\u4e8e\u6536\u53d1\u548c\u7ba1\u7406\u7535\u5b50\u90ae\u4ef6\u7684\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\nSamsung Email\u4e2dfile:/// URIs\u7684\u5904\u7406\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u4e3a\u672a\u80fd\u6b63\u786e\u7684\u9a8c\u8bc1\u7528\u6237\u63d0\u4ea4\u7684\u6570\u636e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u83b7\u53d6\u4f4e\u6743\u9650\u4ee3\u7801\u7684\u6267\u884c\u6743\u9650\u5229\u7528\u8be5\u6f0f\u6d1e\u8bfb\u53d6\u4efb\u610f\u6587\u4ef6\u3002",
  "discovererName": "Tencent Keen Security Lab",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.samsung.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-17428",
  "openTime": "2018-09-03",
  "patchDescription": "Samsung Email\u662f\u97e9\u56fd\u4e09\u661f\uff08Samsung\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u7528\u4e8e\u6536\u53d1\u548c\u7ba1\u7406\u7535\u5b50\u90ae\u4ef6\u7684\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\nSamsung Email\u4e2dfile:/// URIs\u7684\u5904\u7406\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u7684\u9a8c\u8bc1\u7528\u6237\u63d0\u4ea4\u7684\u6570\u636e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u83b7\u53d6\u4f4e\u6743\u9650\u4ee3\u7801\u7684\u6267\u884c\u6743\u9650\u5229\u7528\u8be5\u6f0f\u6d1e\u8bfb\u53d6\u4efb\u610f\u6587\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Samsung Email\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Samsung Email"
  },
  "referenceLink": "https://www.zerodayinitiative.com/advisories/ZDI-18-557/",
  "serverity": "\u4e2d",
  "submitTime": "2018-08-31",
  "title": "Samsung Email\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

GHSA-7XHX-MX9V-4RPC

Vulnerability from github – Published: 2022-05-13 01:35 – Updated: 2022-05-13 01:35

Details

Severity ?

5.5 (Medium)


                  
                    CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-10498"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-09-24T23:29:00Z",
    "severity": "MODERATE"
  },
  "details": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Samsung Email Fixed in version 5.0.02.16. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of file:/// URIs. The issue lies in the lack of proper validation of user-supplied data, which can allow for reading arbitrary files. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges. Was ZDI-CAN-5329.",
  "id": "GHSA-7xhx-mx9v-4rpc",
  "modified": "2022-05-13T01:35:02Z",
  "published": "2022-05-13T01:35:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10498"
    },
    {
      "type": "WEB",
      "url": "https://zerodayinitiative.com/advisories/ZDI-18-557"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2018-10498

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-10498

Aliases

CVE-2018-10498

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-10498",
    "description": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Samsung Email Fixed in version 5.0.02.16. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of file:/// URIs. The issue lies in the lack of proper validation of user-supplied data, which can allow for reading arbitrary files. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges. Was ZDI-CAN-5329.",
    "id": "GSD-2018-10498"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-10498"
      ],
      "details": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Samsung Email Fixed in version 5.0.02.16. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of file:/// URIs. The issue lies in the lack of proper validation of user-supplied data, which can allow for reading arbitrary files. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges. Was ZDI-CAN-5329.",
      "id": "GSD-2018-10498",
      "modified": "2023-12-13T01:22:41.106282Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "zdi-disclosures@trendmicro.com",
        "ID": "CVE-2018-10498",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Samsung Email",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Fixed in version 5.0.02.16"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Samsung"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Samsung Email Fixed in version 5.0.02.16. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of file:/// URIs. The issue lies in the lack of proper validation of user-supplied data, which can allow for reading arbitrary files. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges. Was ZDI-CAN-5329."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-37-Path Traversal: \u0027/absolute/pathname/here\u0027"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://zerodayinitiative.com/advisories/ZDI-18-557",
            "refsource": "MISC",
            "url": "https://zerodayinitiative.com/advisories/ZDI-18-557"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:samsung:samsung_email:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.0.02.16",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "zdi-disclosures@trendmicro.com",
          "ID": "CVE-2018-10498"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Samsung Email Fixed in version 5.0.02.16. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of file:/// URIs. The issue lies in the lack of proper validation of user-supplied data, which can allow for reading arbitrary files. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges. Was ZDI-CAN-5329."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://zerodayinitiative.com/advisories/ZDI-18-557",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://zerodayinitiative.com/advisories/ZDI-18-557"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2019-10-09T23:32Z",
      "publishedDate": "2018-09-24T23:29Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-10498 (GCVE-0-2018-10498)

FKIE_CVE-2018-10498

CNVD-2018-17428

GHSA-7XHX-MX9V-4RPC

GSD-2018-10498

Tags

Sightings

Nomenclature