Search criteria ⓘ Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.

Full-Text Search

Vendor

Product

Assigner

Sources

Sort by

Order

Apply ordering (override relevance)

10 vulnerabilities found for hdx by polycom

VAR-201501-0737

Vulnerability from variot - Updated: 2026-03-09 21:40

Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST.". This vulnerability has been assigned CVE-2015-0235, and is referred to in the media by the name "GHOST". eglibc The package contains a classic buffer overflow vulnerability.Denial of service (DoS) May be in a state. GNU glibc is prone to a heap-based buffer-overflow vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts may crash the application, denying service to legitimate users. CVE-ID CVE-2015-7023 : Marvin Scholz; Xiaofeng Zheng and Jinjin Liang of Tsinghua University, Jian Jiang of University of California, Berkeley, Haixin Duan of Tsinghua University and International Computer Science Institute, Shuo Chen of Microsoft Research Redmond, Tao Wan of Huawei Canada, Nicholas Weaver of International Computer Science Institute and University of California, Berkeley, coordinated via CERT/CC

configd Available for: OS X El Capitan 10.11 Impact: A malicious application may be able to elevate privileges Description: A heap based buffer overflow issue existed in the DNS client library. A malicious application with the ability to spoof responses from the local configd service may have been able to cause arbitrary code execution in DNS clients. CVE-ID CVE-2015-6994 : Mark Mentovai of Google Inc. A developer-signed app could bypass restrictions on use of restricted entitlements and elevate privileges. These issues were addressed by using patches affecting OS X from upstream. This was addressed by disabling synthetic clicks for keychain access windows. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2015-09-30-3 OS X El Capitan 10.11

OS X El Capitan 10.11 is now available and addresses the following:

Address Book Available for: Mac OS X v10.6.8 and later Impact: A local attacker may be able to inject arbitrary code to processes loading the Address Book framework Description: An issue existed in Address Book framework's handling of an environment variable. This issue was addressed through improved environment variable handling. CVE-ID CVE-2015-5897 : Dan Bastone of Gotham Digital Science

AirScan Available for: Mac OS X v10.6.8 and later Impact: An attacker with a privileged network position may be able to extract payload from eSCL packets sent over a secure connection Description: An issue existed in the processing of eSCL packets. This issue was addressed through improved validation checks. CVE-ID CVE-2015-5853 : an anonymous researcher

apache_mod_php Available for: Mac OS X v10.6.8 and later Impact: Multiple vulnerabilities in PHP Description: Multiple vulnerabilities existed in PHP versions prior to 5.5.27, including one which may have led to remote code execution. This issue was addressed by updating PHP to version 5.5.27. CVE-ID CVE-2014-9425 CVE-2014-9427 CVE-2014-9652 CVE-2014-9705 CVE-2014-9709 CVE-2015-0231 CVE-2015-0232 CVE-2015-0235 CVE-2015-0273 CVE-2015-1351 CVE-2015-1352 CVE-2015-2301 CVE-2015-2305 CVE-2015-2331 CVE-2015-2348 CVE-2015-2783 CVE-2015-2787 CVE-2015-3329 CVE-2015-3330

Apple Online Store Kit Available for: Mac OS X v10.6.8 and later Impact: A malicious application may gain access to a user's keychain items Description: An issue existed in validation of access control lists for iCloud keychain items. This issue was addressed through improved access control list checks. CVE-ID CVE-2015-5836 : XiaoFeng Wang of Indiana University, Luyi Xing of Indiana University, Tongxin Li of Peking University, Tongxin Li of Peking University, Xiaolong Bai of Tsinghua University

AppleEvents Available for: Mac OS X v10.6.8 and later Impact: A user connected through screen sharing can send Apple Events to a local user's session Description: An issue existed with Apple Event filtering that allowed some users to send events to other users. This was addressed by improved Apple Event handling. CVE-ID CVE-2015-5849 : Jack Lawrence (@_jackhl)

Audio Available for: Mac OS X v10.6.8 and later Impact: Playing a malicious audio file may lead to an unexpected application termination Description: A memory corruption issue existed in the handling of audio files. This issue issue was addressed through improved memory handling. CVE-ID CVE-2015-5862 : YoungJin Yoon of Information Security Lab. (Adv.: Prof. Taekyoung Kwon), Yonsei University, Seoul, Korea

bash Available for: Mac OS X v10.6.8 and later Impact: Multiple vulnerabilities in bash Description: Multiple vulnerabilities existed in bash versions prior to 3.2 patch level 57. These issues were addressed by updating bash version 3.2 to patch level 57. CVE-ID CVE-2014-6277 CVE-2014-7186 CVE-2014-7187

Certificate Trust Policy Available for: Mac OS X v10.6.8 and later Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at https://support.apple.com/en- us/HT202858.

CFNetwork Cookies Available for: Mac OS X v10.6.8 and later Impact: An attacker in a privileged network position can track a user's activity Description: A cross-domain cookie issue existed in the handling of top level domains. The issue was address through improved restrictions of cookie creation. CVE-ID CVE-2015-5885 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua University

CFNetwork FTPProtocol Available for: Mac OS X v10.6.8 and later Impact: Malicious FTP servers may be able to cause the client to perform reconnaissance on other hosts Description: An issue existed in the handling of FTP packets when using the PASV command. This issue was resolved through improved validation. CVE-ID CVE-2015-5912 : Amit Klein

CFNetwork HTTPProtocol Available for: Mac OS X v10.6.8 and later Impact: A maliciously crafted URL may be able to bypass HSTS and leak sensitive data Description: A URL parsing vulnerability existed in HSTS handling. This issue was addressed through improved URL parsing. CVE-ID CVE-2015-5858 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua University

CFNetwork HTTPProtocol Available for: Mac OS X v10.6.8 and later Impact: A malicious website may be able to track users in Safari private browsing mode Description: An issue existed in the handling of HSTS state in Safari private browsing mode. This issue was addressed through improved state handling. CVE-ID CVE-2015-5860 : Sam Greenhalgh of RadicalResearch Ltd

CFNetwork Proxies Available for: Mac OS X v10.6.8 and later Impact: Connecting to a malicious web proxy may set malicious cookies for a website Description: An issue existed in the handling of proxy connect responses. This issue was addressed by removing the set-cookie header while parsing the connect response. CVE-ID CVE-2015-5841 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua University

CFNetwork SSL Available for: Mac OS X v10.6.8 and later Impact: An attacker with a privileged network position may intercept SSL/TLS connections Description: A certificate validation issue existed in NSURL when a certificate changed. This issue was addressed through improved certificate validation. CVE-ID CVE-2015-5824 : Timothy J. Wood of The Omni Group

CFNetwork SSL Available for: Mac OS X v10.6.8 and later Impact: An attacker may be able to decrypt data protected by SSL Description: There are known attacks on the confidentiality of RC4. An attacker could force the use of RC4, even if the server preferred better ciphers, by blocking TLS 1.0 and higher connections until CFNetwork tried SSL 3.0, which only allows RC4. This issue was addressed by removing the fallback to SSL 3.0.

CoreCrypto Available for: Mac OS X v10.6.8 and later Impact: An attacker may be able to determine a private key Description: By observing many signing or decryption attempts, an attacker may have been able to determine the RSA private key. This issue was addressed using improved encryption algorithms.

CoreText Available for: Mac OS X v10.6.8 and later Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-5874 : John Villamil (@day6reak), Yahoo Pentest Team

Dev Tools Available for: Mac OS X v10.6.8 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in dyld. This was addressed through improved memory handling. CVE-ID CVE-2015-5876 : beist of grayhash

Dev Tools Available for: Mac OS X v10.6.8 and later Impact: An application may be able to bypass code signing Description: An issue existed with validation of the code signature of executables. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-5839 : @PanguTeam

Disk Images Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in DiskImages. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5847 : Filippo Bigarella, Luca Todesco

dyld Available for: Mac OS X v10.6.8 and later Impact: An application may be able to bypass code signing Description: An issue existed with validation of the code signature of executables. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-5839 : TaiG Jailbreak Team

EFI Available for: Mac OS X v10.6.8 and later Impact: A malicious application can prevent some systems from booting Description: An issue existed with the addresses covered by the protected range register. This issue was fixed by changing the protected range. CVE-ID CVE-2015-5900 : Xeno Kovah & Corey Kallenberg from LegbaCore

EFI Available for: Mac OS X v10.6.8 and later Impact: A malicious Apple Ethernet Thunderbolt adapter may be able to affect firmware flashing Description: Apple Ethernet Thunderbolt adapters could modify the host firmware if connected during an EFI update. This issue was addressed by not loading option ROMs during updates. CVE-ID CVE-2015-5914 : Trammell Hudson of Two Sigma Investments and snare

Finder Available for: Mac OS X v10.6.8 and later Impact: The "Secure Empty Trash" feature may not securely delete files placed in the Trash Description: An issue existed in guaranteeing secure deletion of Trash files on some systems, such as those with flash storage. This issue was addressed by removing the "Secure Empty Trash" option. CVE-ID CVE-2015-5901 : Apple

Game Center Available for: Mac OS X v10.6.8 and later Impact: A malicious Game Center application may be able to access a player's email address Description: An issue existed in Game Center in the handling of a player's email. This issue was addressed through improved access restrictions. CVE-ID CVE-2015-5855 : Nasser Alnasser

Heimdal Available for: Mac OS X v10.6.8 and later Impact: An attacker may be able to replay Kerberos credentials to the SMB server Description: An authentication issue existed in Kerberos credentials. This issue was addressed through additional validation of credentials using a list of recently seen credentials. CVE-ID CVE-2015-5913 : Tarun Chopra of Microsoft Corporation, U.S. and Yu Fan of Microsoft Corporation, China

ICU Available for: Mac OS X v10.6.8 and later Impact: Multiple vulnerabilities in ICU Description: Multiple vulnerabilities existed in ICU versions prior to 53.1.0. These issues were addressed by updating ICU to version 55.1. CVE-ID CVE-2014-8146 CVE-2014-8147 CVE-2015-5922

Install Framework Legacy Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to gain root privileges Description: A restriction issue existed in the Install private framework containing a privileged executable. This issue was addressed by removing the executable. CVE-ID CVE-2015-5888 : Apple

Intel Graphics Driver Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to execute arbitrary code with system privileges Description: Multiple memory corruption issues existed in the Intel Graphics Driver. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5830 : Yuki MIZUNO (@mzyy94) CVE-2015-5877 : Camillus Gerard Cai

IOAudioFamily Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to determine kernel memory layout Description: An issue existed in IOAudioFamily that led to the disclosure of kernel memory content. This issue was addressed by permuting kernel pointers. CVE-ID CVE-2015-5864 : Luca Todesco

IOGraphics Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues existed in the kernel. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5871 : Ilja van Sprundel of IOActive CVE-2015-5872 : Ilja van Sprundel of IOActive CVE-2015-5873 : Ilja van Sprundel of IOActive CVE-2015-5890 : Ilja van Sprundel of IOActive

IOGraphics Available for: Mac OS X v10.6.8 and later Impact: A malicious application may be able to determine kernel memory layout Description: An issue existed in IOGraphics which could have led to the disclosure of kernel memory layout. This issue was addressed through improved memory management. CVE-ID CVE-2015-5865 : Luca Todesco

IOHIDFamily Available for: Mac OS X v10.6.8 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple memory corruption issues existed in IOHIDFamily. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5866 : Apple CVE-2015-5867 : moony li of Trend Micro

IOStorageFamily Available for: Mac OS X v10.6.8 and later Impact: A local attacker may be able to read kernel memory Description: A memory initialization issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5863 : Ilja van Sprundel of IOActive

Kernel Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues existed in the Kernel. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5868 : Cererdlong of Alibaba Mobile Security Team CVE-2015-5896 : Maxime Villard of m00nbsd CVE-2015-5903 : CESG

Kernel Available for: Mac OS X v10.6.8 and later Impact: A local process can modify other processes without entitlement checks Description: An issue existed where root processes using the processor_set_tasks API were allowed to retrieve the task ports of other processes. This issue was addressed through additional entitlement checks. CVE-ID CVE-2015-5882 : Pedro Vilaca, working from original research by Ming-chieh Pan and Sung-ting Tsai; Jonathan Levin

Kernel Available for: Mac OS X v10.6.8 and later Impact: A local attacker may control the value of stack cookies Description: Multiple weaknesses existed in the generation of user space stack cookies. These issues were addressed through improved generation of stack cookies. CVE-ID CVE-2013-3951 : Stefan Esser

Kernel Available for: Mac OS X v10.6.8 and later Impact: An attacker may be able to launch denial of service attacks on targeted TCP connections without knowing the correct sequence number Description: An issue existed in xnu's validation of TCP packet headers. This issue was addressed through improved TCP packet header validation. CVE-ID CVE-2015-5879 : Jonathan Looney

Kernel Available for: Mac OS X v10.6.8 and later Impact: An attacker in a local LAN segment may disable IPv6 routing Description: An insufficient validation issue existed in the handling of IPv6 router advertisements that allowed an attacker to set the hop limit to an arbitrary value. This issue was addressed by enforcing a minimum hop limit. CVE-ID CVE-2015-5869 : Dennis Spindel Ljungmark

Kernel Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to determine kernel memory layout Description: An issue existed that led to the disclosure of kernel memory layout. This was addressed through improved initialization of kernel memory structures. CVE-ID CVE-2015-5842 : beist of grayhash

Kernel Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to determine kernel memory layout Description: An issue existed in debugging interfaces that led to the disclosure of memory content. This issue was addressed by sanitizing output from debugging interfaces. CVE-ID CVE-2015-5870 : Apple

Kernel Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to cause a system denial of service Description: A state management issue existed in debugging functionality. This issue was addressed through improved validation. CVE-ID CVE-2015-5902 : Sergi Alvarez (pancake) of NowSecure Research Team

libc Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2014-8611 : Adrian Chadd and Alfred Perlstein of Norse Corporation

libpthread Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5899 : Lufeng Li of Qihoo 360 Vulcan Team

libxpc Available for: Mac OS X v10.6.8 and later Impact: Many SSH connections could cause a denial of service Description: launchd had no limit on the number of processes that could be started by a network connection. This issue was addressed by limiting the number of SSH processes to 40. CVE-ID CVE-2015-5881 : Apple

Login Window Available for: Mac OS X v10.6.8 and later Impact: The screen lock may not engage after the specified time period Description: An issue existed with captured display locking. The issue was addressed through improved lock handling. CVE-ID CVE-2015-5833 : Carlos Moreira, Rainer Dorau of rainer dorau informationsdesign, Chris Nehren, Kai Takac, Hans Douma, Toni Vaahtera, and an anonymous researcher

lukemftpd Available for: Mac OS X v10.6.8 and later Impact: A remote attacker may be able to deny service to the FTP server Description: A glob-processing issue existed in tnftpd. This issue was addressed through improved glob validation. CVE-ID CVE-2015-5917 : Maksymilian Arciemowicz of cxsecurity.com

Mail Available for: Mac OS X v10.6.8 and later Impact: Printing an email may leak sensitive user information Description: An issue existed in Mail which bypassed user preferences when printing an email. This issue was addressed through improved user preference enforcement. CVE-ID CVE-2015-5881 : Owen DeLong of Akamai Technologies, Noritaka Kamiya, Dennis Klein from Eschenburg, Germany, Jeff Hammett of Systim Technology Partners

Mail Available for: Mac OS X v10.6.8 and later Impact: An attacker in a privileged network position may be able to intercept attachments of S/MIME-encrypted e-mail sent via Mail Drop Description: An issue existed in handling encryption parameters for large email attachments sent via Mail Drop. The issue is addressed by no longer offering Mail Drop when sending an encrypted e-mail. CVE-ID CVE-2015-5884 : John McCombs of Integrated Mapping Ltd

Multipeer Connectivity Available for: Mac OS X v10.6.8 and later Impact: A local attacker may be able to observe unprotected multipeer data Description: An issue existed in convenience initializer handling in which encryption could be actively downgraded to a non-encrypted session. This issue was addressed by changing the convenience initializer to require encryption. CVE-ID CVE-2015-5851 : Alban Diquet (@nabla_c0d3) of Data Theorem

NetworkExtension Available for: Mac OS X v10.6.8 and later Impact: A malicious application may be able to determine kernel memory layout Description: An uninitialized memory issue in the kernel led to the disclosure of kernel memory content. This issue was addressed through improved memory initialization. CVE-ID CVE-2015-5831 : Maxime Villard of m00nbsd

Notes Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to leak sensitive user information Description: An issue existed in parsing links in the Notes application. This issue was addressed through improved input validation. CVE-ID CVE-2015-5878 : Craig Young of Tripwire VERT, an anonymous researcher

Notes Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to leak sensitive user information Description: A cross-site scripting issue existed in parsing text by the Notes application. This issue was addressed through improved input validation. CVE-ID CVE-2015-5875 : xisigr of Tencent's Xuanwu LAB (www.tencent.com)

OpenSSH Available for: Mac OS X v10.6.8 and later Impact: Multiple vulnerabilities in OpenSSH Description: Multiple vulnerabilities existed in OpenSSH versions prior to 6.9. These issues were addressed by updating OpenSSH to version 6.9. CVE-ID CVE-2014-2532

OpenSSL Available for: Mac OS X v10.6.8 and later Impact: Multiple vulnerabilities in OpenSSL Description: Multiple vulnerabilities existed in OpenSSL versions prior to 0.9.8zg. These were addressed by updating OpenSSL to version 0.9.8zg. CVE-ID CVE-2015-0286 CVE-2015-0287

procmail Available for: Mac OS X v10.6.8 and later Impact: Multiple vulnerabilities in procmail Description: Multiple vulnerabilities existed in procmail versions prior to 3.22. These issues were addressed by removing procmail. CVE-ID CVE-2014-3618

remote_cmds Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to execute arbitrary code with root privileges Description: An issue existed in the usage of environment variables by the rsh binary. This issue was addressed by dropping setuid privileges from the rsh binary. CVE-ID CVE-2015-5889 : Philip Pettersson

removefile Available for: Mac OS X v10.6.8 and later Impact: Processing malicious data may lead to unexpected application termination Description: An overflow fault existed in the checkint division routines. This issue was addressed with improved division routines. CVE-ID CVE-2015-5840 : an anonymous researcher

Ruby Available for: Mac OS X v10.6.8 and later Impact: Multiple vulnerabilities in Ruby Description: Multiple vulnerabilities existed in Ruby versions prior to 2.0.0p645. These were addressed by updating Ruby to version 2.0.0p645. CVE-ID CVE-2014-8080 CVE-2014-8090 CVE-2015-1855

Security Available for: Mac OS X v10.6.8 and later Impact: The lock state of the keychain may be incorrectly displayed to the user Description: A state management issue existed in the way keychain lock status was tracked. This issue was addressed through improved state management. CVE-ID CVE-2015-5915 : Peter Walz of University of Minnesota, David Ephron, Eric E. Lawrence, Apple

Security Available for: Mac OS X v10.6.8 and later Impact: A trust evaluation configured to require revocation checking may succeed even if revocation checking fails Description: The kSecRevocationRequirePositiveResponse flag was specified but not implemented. This issue was addressed by implementing the flag. CVE-ID CVE-2015-5894 : Hannes Oud of kWallet GmbH

Security Available for: Mac OS X v10.6.8 and later Impact: A remote server may prompt for a certificate before identifying itself Description: Secure Transport accepted the CertificateRequest message before the ServerKeyExchange message. This issue was addressed by requiring the ServerKeyExchange first. CVE-ID CVE-2015-5887 : Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Alfredo Pironti, and Jean Karim Zinzindohoue of INRIA Paris-Rocquencourt, and Cedric Fournet and Markulf Kohlweiss of Microsoft Research, Pierre-Yves Strub of IMDEA Software Institute

SMB Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5891 : Ilja van Sprundel of IOActive

SMB Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to determine kernel memory layout Description: An issue existed in SMBClient that led to the disclosure of kernel memory content. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-5893 : Ilja van Sprundel of IOActive

SQLite Available for: Mac OS X v10.6.8 and later Impact: Multiple vulnerabilities in SQLite v3.8.5 Description: Multiple vulnerabilities existed in SQLite v3.8.5. These issues were addressed by updating SQLite to version 3.8.10.2. CVE-ID CVE-2015-3414 CVE-2015-3415 CVE-2015-3416

Telephony Available for: Mac OS X v10.6.8 and later Impact: A local attacker can place phone calls without the user's knowledge when using Continuity Description: An issue existed in the authorization checks for placing phone calls. This issue was addressed through improved authorization checks. CVE-ID CVE-2015-3785 : Dan Bastone of Gotham Digital Science

Terminal Available for: Mac OS X v10.6.8 and later Impact: Maliciously crafted text could mislead the user in Terminal Description: Terminal did not handle bidirectional override characters in the same way when displaying text and when selecting text. This issue was addressed by suppressing bidirectional override characters in Terminal. CVE-ID CVE-2015-5883 : an anonymous researcher

tidy Available for: Mac OS X v10.6.8 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in tidy. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5522 : Fernando Munoz of NULLGroup.com CVE-2015-5523 : Fernando Munoz of NULLGroup.com

Time Machine Available for: Mac OS X v10.6.8 and later Impact: A local attacker may gain access to keychain items Description: An issue existed in backups by the Time Machine framework. This issue was addressed through improved coverage of Time Machine backups. CVE-ID CVE-2015-5854 : Jonas Magazinius of Assured AB

Note: OS X El Capitan 10.11 includes the security content of Safari 9: https://support.apple.com/kb/HT205265.

OS X El Capitan 10.11 may be obtained from the Mac App Store: http://www.apple.com/support/downloads/

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJWDB2wAAoJEBcWfLTuOo7t0sYP/2L3JOGPkHH8XUh2YHpu5qaw S5F2v+SRpWleKQBVsGZ7oA8PV0rBTzEkzt8K1tNxYmxEqL9f/TpRiGoforn89thO /hOtmVOfUcBjPZ4XKwMVzycfSMC9o6LxWTLEKDVylE+F+5jkXafOC9QaqD11dxX6 QhENkpS1BwrKhyaSVxEcgBQtZM9aTsVdZ78rTCb9XTn6gDnvs8NfIQquFOnaQT54 YJ36e5UcUsnyBIol+yGDbC3ZEhzSVIGE5/8/NFlFfRXLgnJArxD8lqz8WdfU9fop hpT/dDqqAdYbRcW1ihcG1haiNHgP9yQCY5jRNfttb+Tc/kIi/QmPkEO0QS8Ygt/O c3sUbNulr1LCinymFVwx16CM1DplGS/GmBL18BAEBnL6yi9tEhYDynZWLSEa37VR 8q802rXRSF10Wct9/kEeR4HgY/1k0KK/4Uddm3c0YyOU21ya7NAhoHGwmDa9g11r N1TniOK8tPiCGjRNOJwuF6DKxD9L3Fv44bVlxAarGUGYkICqzaNS+bgKI1aQNahT fJ91x5uKD4+L9v9c5slkoDIvWqIhO9oyuxgnmC5GstkwFplFXSOklLkTktjLGNn1 nJq8cPnZ/3E1RXTEwVhGljYw5pdZHNx98XmLomGrPqVlZfjGURK+5AXdf2pOlt2e g6jld/w5tPuCFhGucE7Z =XciV -----END PGP SIGNATURE----- . Independently operating for three generations, WAGO is the global leader of spring pressure electrical interconnect and automation solutions. For more than 60 years, WAGO has developed and produced innovative products for packaging, transportation, process, industrial and building automation markets amongst others. Aside from its innovations in spring pressure connection technology, WAGO has introduced numerous innovations that have revolutionized industry. Furthermore, hardcoded password hashes and credentials were also found by doing an automated scan with IoT Inspector. The validity of the password hashes and the embedded keys were also verified by emulating the device. The outdated version was found by IoT Inspector. The outdated version was found by IoT Inspector.

3) Hardcoded Credentials (CVE-2019-12550) The device contains hardcoded users and passwords which can be used to login via SSH and Telnet.

4) Embedded Private Keys (CVE-2019-12549) The device contains hardcoded private keys for the SSH daemon. The fingerprint of the SSH host key from the corresponding SSH daemon matches to the embedded private key. A file with the name "\ectest\n\e]55;test.txt\a" was created to trigger the vulnerability.

3) Hardcoded Credentials (CVE-2019-12550) The following credentials were found in the 'passwd' file of the firmware: root No password is set for the account [EMPTY PASSWORD] admin

By using these credentials, it's possible to connect via Telnet and SSH on the emulated device. Example for Telnet:

[root@localhost ~]# telnet 192.168.0.133 Trying 192.168.0.133... Connected to 192.168.0.133. Escape character is '^]'.

L2SWITCH login: root Password: ~ #

Example for SSH:

[root@localhost ~]# ssh 192.168.0.133 root@192.168.0.133's password: ~ #

4) Embedded Private Keys (CVE-2019-12549) The following host key fingerprint is shown by accessing the SSH daemon on the emulated device:

[root@localhost ~]# ssh 192.168.0.133 The authenticity of host '192.168.0.133 (192.168.0.133)' can't be established. RSA key fingerprint is SHA256:X5Vr0/x0/j62N/aqZmHz96ojwl8x/I8mfzuT8o6uZso. RSA key fingerprint is MD5:2e:65:85:fc:45:04:bd:68:30:74:51:45:7d:2f:95:e2.

This matches the embedded private key (which has been removed from this advisory): SSH Fingerprint: 2e:65:85:fc:45:04:bd:68:30:74:51:45:7d:2f:95:e2

Vulnerable / tested versions:

According to the vendor, the following versions are affected: * 852-303: <v1.2.2.S0 * 852-1305: <v1.1.6.S0 * 852-1505: <v1.1.5.S0

Vendor contact timeline:

2019-03-12: Contacting VDE CERT through info@cert.vde.com, received confirmation 2019-03-26: Asking for a status update, VDE CERT is still waiting for details 2019-03-28: VDE CERT requests information from WAGO again 2019-04-09: Asking for a status update 2019-04-11: VDE CERT: patched firmware release planned for end of May, requested postponement of advisory release 2019-04-16: VDE CERT: update regarding affected firmware versions 2019-04-24: Confirming advisory release for beginning of June 2019-05-20: Asking for a status update 2019-05-22: VDE CERT: no news from WAGO yet, 5th June release date 2019-05-29: Asking for a status update 2019-05-29: VDE CERT: detailed answer from WAGO, patches will be published on 7th June, SEC Consult proposes new advisory release date for 12th June 2019-06-07: VDE CERT provides security advisory information from WAGO; WAGO releases security patches 2019-06-12: Coordinated release of security advisory

Solution:

The vendor provides patches to their customers at their download page. The following versions fix the issues: * 852-303: v1.2.2.S0 * 852-1305: v1.1.6.S0 * 852-1505: v1.1.5.S0

According to the vendor, busybox and glibc have been updated and the embedded private keys are being newly generated upon first boot and after a factory reset. The root login via Telnet and SSH has been disabled and the admin account is documented and can be changed by the customer.

Workaround:

Restrict network access to the device & SSH server. Weber / @2019

. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04602055

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04602055 Version: 1

HPSBHF03289 rev.1- HP ThinClient PCs running ThinPro Linux, Remote Code Execution, Denial of Service, Disclosure of information

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2015-03-20 Last Updated: 2015-03-20

Potential Security Impact: Remote code execution, denial of service, disclosure of information

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP ThinPro Linux This is the glibc vulnerability known as "GHOST", which could be exploited remotely to allow execution of arbitrary code. This update also addresses other vulnerabilities in SSL that would remotely allow denial of service, disclosure of information and other vulnerabilities.

References:

CVE-2015-0235 (SSRT101953) CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

HP ThinPro Linux (x86) v5.1 HP ThinPro Linux (x86) v5.0 HP ThinPro Linux (x86) v4.4 HP ThinPro Linux (x86) v4.3 HP ThinPro Linux (x86) v4.2 HP ThinPro Linux (x86) v4.1 HP ThinPro Linux (ARM) v4.4 HP ThinPro Linux (ARM) v4.3 HP ThinPro Linux (ARM) v4.2 HP ThinPro Linux (ARM) v4.1

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-0204 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-0205 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-0206 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0235 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has released the following software updates to resolve the vulnerability for HP ThinPro Linux.

Softpaq: http://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe

Easy Update Via ThinPro / EasyUpdate (x86):

http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar

http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar

http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar

http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all- 4.4-x86.xar

http://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all- 5.0-5.1-x86.xar

http://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all- 5.0-5.1-x86.xar

Via ThinPro / EasyUpdate (ARM):

http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar

http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar

http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar

http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all- 4.4-armel.xar

Note: Known issue on security-sp-2.0-all-4.1-4.3-arm.xar: With the patch applied, VMware cannot connect if security level is set to "Refuse insecure connections". Updating VMware to the latest package on ftp.hp.com will solve the problem.

HISTORY Version:1 (rev.1) - 20 March 2015 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

The original glibc bug was reported by Peter Klotz.

CVE-2014-7817

Tim Waugh of Red Hat discovered that the WRDE_NOCMD option of the
wordexp function did not suppress command execution in all cases. 
This allows a context-dependent attacker to execute shell
commands.

CVE-2012-6656 CVE-2014-6040

The charset conversion code for certain IBM multi-byte code pages
could perform an out-of-bounds array access, causing the process
to crash.  In some scenarios, this allows a remote attacker to
cause a persistent denial of service.

For the upcoming stable distribution (jessie) and the unstable distribution (sid), the CVE-2015-0235 issue has been fixed in version 2.18-1 of the glibc package.

We recommend that you upgrade your eglibc packages.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235 https://rhn.redhat.com/errata/RHSA-2015-0092.html

Updated Packages:

Mandriva Business Server 1/X86_64: 678efef85b85206451ef8927bad808e0 mbs1/x86_64/glibc-2.14.1-12.11.mbs1.x86_64.rpm 46cd508f03e36c1e4f752c317852ec8e mbs1/x86_64/glibc-devel-2.14.1-12.11.mbs1.x86_64.rpm 069302c80e3b79504e2b0eaaa72c2745 mbs1/x86_64/glibc-doc-2.14.1-12.11.mbs1.noarch.rpm 3a841c0295823354655dd3e7734ada0b mbs1/x86_64/glibc-doc-pdf-2.14.1-12.11.mbs1.noarch.rpm 11a672a0b4bae77c7adfa803bea9871f mbs1/x86_64/glibc-i18ndata-2.14.1-12.11.mbs1.x86_64.rpm d3f113ccec4f18e4bb08c951625e51d7 mbs1/x86_64/glibc-profile-2.14.1-12.11.mbs1.x86_64.rpm f6d6aa5806dd747e66996ea8cc01c9b4 mbs1/x86_64/glibc-static-devel-2.14.1-12.11.mbs1.x86_64.rpm 98cc6eae0234eeed945712bbc8b2c0ea mbs1/x86_64/glibc-utils-2.14.1-12.11.mbs1.x86_64.rpm bf6f2fcc3dd21bd8380aac40e91bb802 mbs1/x86_64/nscd-2.14.1-12.11.mbs1.x86_64.rpm f597e4d6241c76701733d730e84f5714 mbs1/SRPMS/glibc-2.14.1-12.11.mbs1.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Critical: glibc security update Advisory ID: RHSA-2015:0092-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0092.html Issue date: 2015-01-27 CVE Names: CVE-2015-0235 =====================================================================

Summary:

Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7.

Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

Description:

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. (CVE-2015-0235)

Red Hat would like to thank Qualys for reporting this issue.

All glibc users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.

Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258

Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source: glibc-2.12-1.149.el6_6.5.src.rpm

i386: glibc-2.12-1.149.el6_6.5.i686.rpm glibc-common-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm glibc-devel-2.12-1.149.el6_6.5.i686.rpm glibc-headers-2.12-1.149.el6_6.5.i686.rpm glibc-utils-2.12-1.149.el6_6.5.i686.rpm nscd-2.12-1.149.el6_6.5.i686.rpm

x86_64: glibc-2.12-1.149.el6_6.5.i686.rpm glibc-2.12-1.149.el6_6.5.x86_64.rpm glibc-common-2.12-1.149.el6_6.5.x86_64.rpm glibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.5.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.x86_64.rpm glibc-devel-2.12-1.149.el6_6.5.i686.rpm glibc-devel-2.12-1.149.el6_6.5.x86_64.rpm glibc-headers-2.12-1.149.el6_6.5.x86_64.rpm glibc-utils-2.12-1.149.el6_6.5.x86_64.rpm nscd-2.12-1.149.el6_6.5.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386: glibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm glibc-static-2.12-1.149.el6_6.5.i686.rpm

x86_64: glibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.5.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.x86_64.rpm glibc-static-2.12-1.149.el6_6.5.i686.rpm glibc-static-2.12-1.149.el6_6.5.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source: glibc-2.12-1.149.el6_6.5.src.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Red Hat Enterprise Linux Server (v. 6):

Source: glibc-2.12-1.149.el6_6.5.src.rpm

ppc64: glibc-2.12-1.149.el6_6.5.ppc.rpm glibc-2.12-1.149.el6_6.5.ppc64.rpm glibc-common-2.12-1.149.el6_6.5.ppc64.rpm glibc-debuginfo-2.12-1.149.el6_6.5.ppc.rpm glibc-debuginfo-2.12-1.149.el6_6.5.ppc64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.ppc.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.ppc64.rpm glibc-devel-2.12-1.149.el6_6.5.ppc.rpm glibc-devel-2.12-1.149.el6_6.5.ppc64.rpm glibc-headers-2.12-1.149.el6_6.5.ppc64.rpm glibc-utils-2.12-1.149.el6_6.5.ppc64.rpm nscd-2.12-1.149.el6_6.5.ppc64.rpm

s390x: glibc-2.12-1.149.el6_6.5.s390.rpm glibc-2.12-1.149.el6_6.5.s390x.rpm glibc-common-2.12-1.149.el6_6.5.s390x.rpm glibc-debuginfo-2.12-1.149.el6_6.5.s390.rpm glibc-debuginfo-2.12-1.149.el6_6.5.s390x.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.s390.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.s390x.rpm glibc-devel-2.12-1.149.el6_6.5.s390.rpm glibc-devel-2.12-1.149.el6_6.5.s390x.rpm glibc-headers-2.12-1.149.el6_6.5.s390x.rpm glibc-utils-2.12-1.149.el6_6.5.s390x.rpm nscd-2.12-1.149.el6_6.5.s390x.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386: glibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm glibc-static-2.12-1.149.el6_6.5.i686.rpm

ppc64: glibc-debuginfo-2.12-1.149.el6_6.5.ppc.rpm glibc-debuginfo-2.12-1.149.el6_6.5.ppc64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.ppc.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.ppc64.rpm glibc-static-2.12-1.149.el6_6.5.ppc.rpm glibc-static-2.12-1.149.el6_6.5.ppc64.rpm

s390x: glibc-debuginfo-2.12-1.149.el6_6.5.s390.rpm glibc-debuginfo-2.12-1.149.el6_6.5.s390x.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.s390.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.s390x.rpm glibc-static-2.12-1.149.el6_6.5.s390.rpm glibc-static-2.12-1.149.el6_6.5.s390x.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source: glibc-2.12-1.149.el6_6.5.src.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386: glibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm glibc-static-2.12-1.149.el6_6.5.i686.rpm

Red Hat Enterprise Linux Client (v. 7):

Source: glibc-2.17-55.el7_0.5.src.rpm

x86_64: glibc-2.17-55.el7_0.5.i686.rpm glibc-2.17-55.el7_0.5.x86_64.rpm glibc-common-2.17-55.el7_0.5.x86_64.rpm glibc-debuginfo-2.17-55.el7_0.5.i686.rpm glibc-debuginfo-2.17-55.el7_0.5.x86_64.rpm glibc-debuginfo-common-2.17-55.el7_0.5.i686.rpm glibc-debuginfo-common-2.17-55.el7_0.5.x86_64.rpm glibc-devel-2.17-55.el7_0.5.i686.rpm glibc-devel-2.17-55.el7_0.5.x86_64.rpm glibc-headers-2.17-55.el7_0.5.x86_64.rpm glibc-utils-2.17-55.el7_0.5.x86_64.rpm nscd-2.17-55.el7_0.5.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64: glibc-debuginfo-2.17-55.el7_0.5.i686.rpm glibc-debuginfo-2.17-55.el7_0.5.x86_64.rpm glibc-debuginfo-common-2.17-55.el7_0.5.i686.rpm glibc-debuginfo-common-2.17-55.el7_0.5.x86_64.rpm glibc-static-2.17-55.el7_0.5.i686.rpm glibc-static-2.17-55.el7_0.5.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source: glibc-2.17-55.el7_0.5.src.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

Red Hat Enterprise Linux Server (v. 7):

Source: glibc-2.17-55.el7_0.5.src.rpm

ppc64: glibc-2.17-55.el7_0.5.ppc.rpm glibc-2.17-55.el7_0.5.ppc64.rpm glibc-common-2.17-55.el7_0.5.ppc64.rpm glibc-debuginfo-2.17-55.el7_0.5.ppc.rpm glibc-debuginfo-2.17-55.el7_0.5.ppc64.rpm glibc-debuginfo-common-2.17-55.el7_0.5.ppc.rpm glibc-debuginfo-common-2.17-55.el7_0.5.ppc64.rpm glibc-devel-2.17-55.el7_0.5.ppc.rpm glibc-devel-2.17-55.el7_0.5.ppc64.rpm glibc-headers-2.17-55.el7_0.5.ppc64.rpm glibc-utils-2.17-55.el7_0.5.ppc64.rpm nscd-2.17-55.el7_0.5.ppc64.rpm

s390x: glibc-2.17-55.el7_0.5.s390.rpm glibc-2.17-55.el7_0.5.s390x.rpm glibc-common-2.17-55.el7_0.5.s390x.rpm glibc-debuginfo-2.17-55.el7_0.5.s390.rpm glibc-debuginfo-2.17-55.el7_0.5.s390x.rpm glibc-debuginfo-common-2.17-55.el7_0.5.s390.rpm glibc-debuginfo-common-2.17-55.el7_0.5.s390x.rpm glibc-devel-2.17-55.el7_0.5.s390.rpm glibc-devel-2.17-55.el7_0.5.s390x.rpm glibc-headers-2.17-55.el7_0.5.s390x.rpm glibc-utils-2.17-55.el7_0.5.s390x.rpm nscd-2.17-55.el7_0.5.s390x.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64: glibc-debuginfo-2.17-55.el7_0.5.ppc.rpm glibc-debuginfo-2.17-55.el7_0.5.ppc64.rpm glibc-debuginfo-common-2.17-55.el7_0.5.ppc.rpm glibc-debuginfo-common-2.17-55.el7_0.5.ppc64.rpm glibc-static-2.17-55.el7_0.5.ppc.rpm glibc-static-2.17-55.el7_0.5.ppc64.rpm

s390x: glibc-debuginfo-2.17-55.el7_0.5.s390.rpm glibc-debuginfo-2.17-55.el7_0.5.s390x.rpm glibc-debuginfo-common-2.17-55.el7_0.5.s390.rpm glibc-debuginfo-common-2.17-55.el7_0.5.s390x.rpm glibc-static-2.17-55.el7_0.5.s390.rpm glibc-static-2.17-55.el7_0.5.s390x.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: glibc-2.17-55.el7_0.5.src.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

References:

https://access.redhat.com/security/cve/CVE-2015-0235 https://access.redhat.com/security/updates/classification/#critical

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

iD8DBQFUx9bmXlSAg2UNWIIRAjP4AJ9/EPFLyhSuapG8Lie71zPk6VaF8wCfVAw2 VIBda0hF+i0zAuST73ezXzI= =w5UI -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .

Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/glibc-2.17-i486-10_slack14.1.txz: Rebuilt. This flaw could allow local or remote attackers to take control of a machine running a vulnerable version of glibc. Thanks to Qualys for discovering this issue (also known as the GHOST vulnerability.) For more information, see: https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235 ( Security fix ) patches/packages/glibc-i18n-2.17-i486-10_slack14.1.txz: Rebuilt. patches/packages/glibc-profile-2.17-i486-10_slack14.1.txz: Rebuilt. patches/packages/glibc-solibs-2.17-i486-10_slack14.1.txz: Rebuilt. patches/packages/glibc-zoneinfo-2014j-noarch-1.txz: Upgraded. Upgraded to tzcode2014j and tzdata2014j. +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated packages for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/glibc-2.9-i486-7_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/glibc-i18n-2.9-i486-7_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/glibc-profile-2.9-i486-7_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/glibc-solibs-2.9-i486-7_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/glibc-zoneinfo-2014j-noarch-1.txz

Updated packages for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/glibc-2.9-x86_64-7_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/glibc-i18n-2.9-x86_64-7_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/glibc-profile-2.9-x86_64-7_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/glibc-solibs-2.9-x86_64-7_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/glibc-zoneinfo-2014j-noarch-1.txz

Updated packages for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-2.11.1-i486-9_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-i18n-2.11.1-i486-9_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-profile-2.11.1-i486-9_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-solibs-2.11.1-i486-9_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-zoneinfo-2014j-noarch-1.txz

Updated packages for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-2.11.1-x86_64-9_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-i18n-2.11.1-x86_64-9_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-profile-2.11.1-x86_64-9_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-solibs-2.11.1-x86_64-9_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-zoneinfo-2014j-noarch-1.txz

Updated packages for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/glibc-2.13-i486-8_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/glibc-i18n-2.13-i486-8_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/glibc-profile-2.13-i486-8_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/glibc-solibs-2.13-i486-8_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/glibc-zoneinfo-2014j-noarch-1.txz

Updated packages for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/glibc-2.13-x86_64-8_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/glibc-i18n-2.13-x86_64-8_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/glibc-profile-2.13-x86_64-8_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/glibc-solibs-2.13-x86_64-8_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/glibc-zoneinfo-2014j-noarch-1.txz

Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/glibc-2.15-i486-9_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/glibc-i18n-2.15-i486-9_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/glibc-profile-2.15-i486-9_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/glibc-solibs-2.15-i486-9_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/glibc-zoneinfo-2014j-noarch-1.txz

Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/glibc-2.15-x86_64-9_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/glibc-i18n-2.15-x86_64-9_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/glibc-profile-2.15-x86_64-9_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/glibc-solibs-2.15-x86_64-9_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/glibc-zoneinfo-2014j-noarch-1.txz

Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/glibc-2.17-i486-10_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/glibc-i18n-2.17-i486-10_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/glibc-profile-2.17-i486-10_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/glibc-solibs-2.17-i486-10_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/glibc-zoneinfo-2014j-noarch-1.txz

Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/glibc-2.17-x86_64-10_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/glibc-i18n-2.17-x86_64-10_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/glibc-profile-2.17-x86_64-10_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/glibc-solibs-2.17-x86_64-10_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/glibc-zoneinfo-2014j-noarch-1.txz

Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/glibc-solibs-2.20-i486-2.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/glibc-zoneinfo-2014j-noarch-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-2.20-i486-2.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-i18n-2.20-i486-2.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-profile-2.20-i486-2.txz

Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/glibc-solibs-2.20-x86_64-2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/glibc-zoneinfo-2014j-noarch-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-2.20-x86_64-2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-i18n-2.20-x86_64-2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-profile-2.20-x86_64-2.txz

MD5 signatures: +-------------+

Slackware 13.0 packages: 41402c65ebdef4b022c799131556ef7e glibc-2.9-i486-7_slack13.0.txz 7095e3cd743af0179ea14b9bff81e3f4 glibc-i18n-2.9-i486-7_slack13.0.txz 901d50b809ed84837ff45b2ca7838bb3 glibc-profile-2.9-i486-7_slack13.0.txz 421a711b7cf1be2df2421ae5cd50b217 glibc-solibs-2.9-i486-7_slack13.0.txz 61278ba5a904a7474e9b0b64b0daab97 glibc-zoneinfo-2014j-noarch-1.txz

Slackware x86_64 13.0 packages: d4266628a8db63751f3f55b8bc2e2162 glibc-2.9-x86_64-7_slack13.0.txz b6161a0e23da771c5c6903605e49e403 glibc-i18n-2.9-x86_64-7_slack13.0.txz b8026d61e3849cce26539def0b665ca3 glibc-profile-2.9-x86_64-7_slack13.0.txz 1f7f4cf57d44d75d4ef2786152f33403 glibc-solibs-2.9-x86_64-7_slack13.0.txz 61278ba5a904a7474e9b0b64b0daab97 glibc-zoneinfo-2014j-noarch-1.txz

Slackware 13.1 packages: 03e0d0224efe8bc794b5be0454612a1e glibc-2.11.1-i486-9_slack13.1.txz fabbdd8d7f14667c7a2dc7ede87b5510 glibc-i18n-2.11.1-i486-9_slack13.1.txz 1c1d86a9dabe329c3d30796188b66ebe glibc-profile-2.11.1-i486-9_slack13.1.txz e2ebe08bb02550c69202a6f973ef7e47 glibc-solibs-2.11.1-i486-9_slack13.1.txz 61278ba5a904a7474e9b0b64b0daab97 glibc-zoneinfo-2014j-noarch-1.txz

Slackware x86_64 13.1 packages: c00de492a4842e3a86101028e8cc03f0 glibc-2.11.1-x86_64-9_slack13.1.txz 9657c55f39b233333e48d08acee9ed78 glibc-i18n-2.11.1-x86_64-9_slack13.1.txz ada2d7f7b7ffdfd7a4407696ad714e48 glibc-profile-2.11.1-x86_64-9_slack13.1.txz b3c393e74aafbb5276cea1217dfcd1aa glibc-solibs-2.11.1-x86_64-9_slack13.1.txz 61278ba5a904a7474e9b0b64b0daab97 glibc-zoneinfo-2014j-noarch-1.txz

Slackware 13.37 packages: 16615e6ef8311b928e3a05e0b7f3e505 glibc-2.13-i486-8_slack13.37.txz 319dfc0cbdaf8410981195fffb1371c6 glibc-i18n-2.13-i486-8_slack13.37.txz 6964339495ab981d17ba27cd5878a400 glibc-profile-2.13-i486-8_slack13.37.txz 1834abd11fab02725e897040bbead56f glibc-solibs-2.13-i486-8_slack13.37.txz 61278ba5a904a7474e9b0b64b0daab97 glibc-zoneinfo-2014j-noarch-1.txz

Slackware x86_64 13.37 packages: 1753003d261831ac235445e23a9f9870 glibc-2.13-x86_64-8_slack13.37.txz 8aa103984bb2cb293072a022dd9144f2 glibc-i18n-2.13-x86_64-8_slack13.37.txz a56e90a34eec8f60e265c45d05490a57 glibc-profile-2.13-x86_64-8_slack13.37.txz c6f684ea049e4091b96d15606eb454d1 glibc-solibs-2.13-x86_64-8_slack13.37.txz 61278ba5a904a7474e9b0b64b0daab97 glibc-zoneinfo-2014j-noarch-1.txz

Slackware 14.0 packages: a2fadb666bfdf5c7c4c9792cbf34785d glibc-2.15-i486-9_slack14.0.txz 3b3626f4a170a603af36ca60c7840fa6 glibc-i18n-2.15-i486-9_slack14.0.txz ad237d138bb874e57c4080071d27e798 glibc-profile-2.15-i486-9_slack14.0.txz f07d37e52014cec80e43d883eda516ae glibc-solibs-2.15-i486-9_slack14.0.txz 61278ba5a904a7474e9b0b64b0daab97 glibc-zoneinfo-2014j-noarch-1.txz

Slackware x86_64 14.0 packages: a5d02d71a230b6daa39d2ebefd8a6548 glibc-2.15-x86_64-9_slack14.0.txz 62c30b615e38ba63cafb8053383eabde glibc-i18n-2.15-x86_64-9_slack14.0.txz 152d094ab6bc4c7f763dd4ad1a53784c glibc-profile-2.15-x86_64-9_slack14.0.txz b256163bb179d1aebfda5f45270a0580 glibc-solibs-2.15-x86_64-9_slack14.0.txz 61278ba5a904a7474e9b0b64b0daab97 glibc-zoneinfo-2014j-noarch-1.txz

Slackware 14.1 packages: 8f2fb91bb39d8a1db3bd6510295e6b1e glibc-2.17-i486-10_slack14.1.txz 8d179820a827a4dce028b57d3fa39237 glibc-i18n-2.17-i486-10_slack14.1.txz 19a4824c6ff8792a1166a38ceff824e0 glibc-profile-2.17-i486-10_slack14.1.txz 417dede2ae464059002b6fcc2048f942 glibc-solibs-2.17-i486-10_slack14.1.txz 61278ba5a904a7474e9b0b64b0daab97 glibc-zoneinfo-2014j-noarch-1.txz

Slackware x86_64 14.1 packages: 490ce11a13439e30ff312769cc4fabb1 glibc-2.17-x86_64-10_slack14.1.txz cd145e0d6a12b15d5282d7d1b3de92ed glibc-i18n-2.17-x86_64-10_slack14.1.txz 93aea777dd41dc1c631dce1cf252bf14 glibc-profile-2.17-x86_64-10_slack14.1.txz 6b759039a5b3f8c88b3753e722ded78e glibc-solibs-2.17-x86_64-10_slack14.1.txz 61278ba5a904a7474e9b0b64b0daab97 glibc-zoneinfo-2014j-noarch-1.txz

Slackware -current packages: 395d4ad5fb71c4a56a500c3e51d07c8b a/glibc-solibs-2.20-i486-2.txz 61278ba5a904a7474e9b0b64b0daab97 a/glibc-zoneinfo-2014j-noarch-1.txz 3ca2827446e66d0d2d0e0bc8c55ba1ed l/glibc-2.20-i486-2.txz 94105b1a10c42ce0995f8ace6b4f06a8 l/glibc-i18n-2.20-i486-2.txz fcc2ad4f5aad3a7d704d708a170c5351 l/glibc-profile-2.20-i486-2.txz

Slackware x86_64 -current packages: 25129dd9dfed8a8e834c87ba40c1ef17 a/glibc-solibs-2.20-x86_64-2.txz 61278ba5a904a7474e9b0b64b0daab97 a/glibc-zoneinfo-2014j-noarch-1.txz b8ff5e308769d8e4eddccd9940058d5c l/glibc-2.20-x86_64-2.txz 8c3db9286aa93346d25ffad38178137b l/glibc-i18n-2.20-x86_64-2.txz 21f2a62d975b433f570cd5129cdc21fb l/glibc-profile-2.20-x86_64-2.txz

Installation instructions: +------------------------+

Upgrade the packages as root:

upgradepkg glibc-*

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. SEC Consult Vulnerability Lab Security Advisory < 20210901-0 > ======================================================================= title: Multiple vulnerabilities product: see "Vulnerable / tested versions" vulnerable version: see "Vulnerable / tested versions" fixed version: see "Solution" CVE number: CVE-2021-39278, CVE-2021-39279 impact: High homepage: https://www.moxa.com/ found: 2020-08-31 by: T. Weber (Office Vienna) SEC Consult Vulnerability Lab

                  An integrated part of SEC Consult, an Atos company
                  Europe | Asia | North America

                  https://www.sec-consult.com

=======================================================================

Vendor description:

"Together, We Create Change

Moxa is committed to making a positive impact around the world. We put our all behind this commitment--from our employees, to our products and supply chain.

In our local communities, we nurture and support the spirit of volunteering. We encourage our employees to contribute to community development, with an emphasis on ecology, education, and health.

In our products, we invest in social awareness programs and environment-friendly policies at every stage of the product lifecycle. We make sure our manufacturing meets the highest standards with regards to quality, ethics, and sustainability."

Source: https://www.moxa.com/en/about-us/corporate-responsibility

Business recommendation:

SEC Consult recommends to immediately apply the available patches from the vendor. A thorough security review should be performed by security professionals to identify further potential security issues.

Vulnerability overview/description:

1) Authenticated Command Injection (CVE-2021-39279) An authenticated command injection vulnerability can be triggered by issuing a GET request to the "/forms/web_importTFTP" CGI program which is available on the web interface. An attacker can abuse this vulnerability to compromise the operating system of the device. This issue was found by emulating the firmware of the device.

2) Reflected Cross-Site Scripting via Manipulated Config-File (CVE-2021-39278) Via a crafted config-file, a reflected cross-site scripting vulnerability can be exploited in the context of the victim's browser. This config-file can be uploaded to the device via the "Config Import Export" tab in the main menu. One of the discovered vulnerabilities (CVE-2015-0235, gethostbyname "GHOST" buffer overflow) was verified by using the MEDUSA scalable firmware runtime.

4) Multiple Outdated Software Components Multiple outdated software components containing vulnerabilities were found by the IoT Inspector.

The vulnerabilities 1), 2) and 3) were manually verified on an emulated device by using the MEDUSA scalable firmware runtime.

Proof of concept:

1) Authenticated Command Injection (CVE-2021-39279) The vulnerability can be triggered by navigating in the web interface to the tab:

"Main Menu"->"Maintenance"->"Config Import Export"

The "TFTP Import" menu is prone to command injection via all parameters. To exploit the vulnerability, an IP address, a configuration path and a filename must be set. If the filename is used to trigger the exploit, the payload in the interceptor proxy would be:

http://192.168.1.1/forms/web_importTFTP?servIP=192.168.1.1&configPath=/&fileName=name|ping localhost -c 100

2) Reflected Cross-Site Scripting via Manipulated Config-File (CVE-2021-39278) The vulnerability can be triggered by navigating in the web interface to the tab:

"Main Menu"->"Maintenance"->"Config Import Export"

The "Config Import" menu is prone to reflected cross-site scripting via the upload of config files. Example of malicious config file:

[board] deviceName="WAC-2004_0000alert(document.cookie)" deviceLocation="" [..]

Uploading such a crafted file triggers cross-site scripting as the erroneous value is displayed without filtering characters.

The gethostbyname buffer overflow vulnerability (GHOST) was checked with the help of the exploit code from https://seclists.org/oss-sec/2015/q1/274. It was compiled and executed on the emulated device to test the system.

4) Multiple Outdated Software Components The IoT Inspector recognized multiple outdated software components with known vulnerabilities:

BusyBox 1.18.5 06/2011 Dropbear SSH 2011.54 11/2011 GNU glibc 2.9 02/2009 Linux Kernel 2.6.27 10/2008 OpenSSL 0.9.7g 04/2005 Only found in the program "iw_director" OpenSSL 1.0.0 03/2010

Vulnerable / tested versions:

The following firmware versions for various devices have been identified to be vulnerable: * WAC-2004 / 1.7 * WAC-1001 / 2.1 * WAC-1001-T / 2.1 * OnCell G3470A-LTE-EU / 1.7 * OnCell G3470A-LTE-EU-T / 1.7 * TAP-323-EU-CT-T / 1.3 * TAP-323-US-CT-T / 1.3 * TAP-323-JP-CT-T / 1.3 * WDR-3124A-EU / 2.3 * WDR-3124A-EU-T / 2.3 * WDR-3124A-US / 2.3 * WDR-3124A-US-T / 2.3

Vendor contact timeline:

2020-10-09: Contacting vendor through moxa.csrt@moxa.com. 2020-10-12: Contact sends PGP key for encrypted communication and asks for the detailed advisory. Sent encrypted advisory to vendor. 2020-11-06: Status update from vendor regarding technical analysis. Vendor requested more time for fixing the vulnerabilities as more products are affected. 2020-11-09: Granted more time for fixing to vendor. 2020-11-10: Vendor asked for next steps regarding the advisory publication. 2020-11-11: Asked vendor for an estimation when a public disclosure is possible. 2020-11-16: Vendor responded that the product team can give a rough feedback. 2020-11-25: Asked for a status update. 2020-11-25: Vendor responded that the investigation is not done yet. 2020-12-14: Vendor provided a list of potential affected devices and stated that full investigation may take until January 2021 due to the list of CVEs that were provided with the appended IoT Inspector report. The patches may be available until June 2021. 2020-12-15: Shifted next status update round with vendor on May 2021. 2020-12-23: Vendor provided full list of affected devices. 2021-02-05: Vendor sieved out the found issues from 4) manually and provided a full list of confirmed vulnerabilities. WAC-2004 phased-out in 2019. 2021-02-21: Confirmed receive of vulnerabilities, next status update in May 2021. 2021-06-10: Asking for an update. 2021-06-15: Vendor stated, that the update will be provided in the next days. 2021-06-21: Vendor will give an update in the next week as Covid gets worse in Taiwan. 2021-06-23: Vendor stated, that patches are under development. Vendor needs more time to finish the patches. 2021-06-24: Set release date to 2021-09-01. 2021-07-02: Vendor provides status updates. 2021-08-16: Vendor provides status updates. 2021-08-17: Vendor asks for CVE IDs and stated, that WDR-3124A has phased-out. 2021-08-20: Sent assigned CVE-IDs to vendor. Asked for fixed version numbers. 2021-08-31: Vendor provides fixed firmware version numbers and the advisory links. 2021-09-01: Coordinated release of security advisory.

Solution:

According to the vendor the following patches must be applied to fix issues: * WAC-1001 / 2.1.5 * WAC-1001-T / 2.1.5 * OnCell G3470A-LTE-EU / 1.7.4 * OnCell G3470A-LTE-EU-T / 1.7.4 * TAP-323-EU-CT-T / 1.8.1 * TAP-323-US-CT-T / 1.8.1 * TAP-323-JP-CT-T / 1.8.1

The Moxa Technical Support must be contacted for requesting the security patches.

The corresponding security advisories for the affected devices are available on the vendor's website: TAP-323/WAC-1001/WAC-2004 https://www.moxa.com/en/support/product-support/security-advisory/tap-323-wac-1001-2004-wireless-ap-bridge-client-vulnerabilities OnCell G3470A-LTE/WDR-3124A https://www.moxa.com/en/support/product-support/security-advisory/oncell-g3470a-wdr-3124a-cellular-gateways-router-vulnerabilities

The following device models are EOL and should be replaced: * WAC-2004 * WDR-3124A-EU * WDR-3124A-EU-T * WDR-3124A-US * WDR-3124A-US-T

Workaround:

None.

Advisory URL:

https://sec-consult.com/vulnerability-lab/


SEC Consult Vulnerability Lab

SEC Consult, an Atos company
Europe | Asia | North America

About SEC Consult Vulnerability Lab
The SEC Consult Vulnerability Lab is an integrated part of SEC Consult, an
Atos company. It ensures the continued knowledge gain of SEC Consult in the
field of network and application security to stay ahead of the attacker. The
SEC Consult Vulnerability Lab supports high-quality penetration testing and
the evaluation of new offensive and defensive technologies for our customers. 
Hence our customers obtain the most current information about vulnerabilities
and valid recommendation about the risk profile of new technologies.

Interested to work with the experts of SEC Consult? Send us your application https://sec-consult.com/career/

Interested in improving your cyber security with the experts of SEC Consult? Contact our local offices https://sec-consult.com/contact/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Mail: research at sec-consult dot com Web: https://www.sec-consult.com Blog: http://blog.sec-consult.com Twitter: https://twitter.com/sec_consult

EOF Thomas Weber / @2021

. If Apache was manually enabled and the configuration was not changed, some files that should not be accessible might have been accessible using a specially crafted URL. This issue was addressed through the addition of a mechanism to trust only a subset of certificates issued prior to the mis-issuance of the intermediate. This issue, also known as Logjam, allowed an attacker with a privileged network position to downgrade security to 512-bit DH if the server supported an export-strength ephemeral DH cipher suite. The issue was addressed by increasing the default minimum size allowed for DH ephemeral keys to 768 bits. CVE-ID CVE-2015-3695 : Ian Beer of Google Project Zero CVE-2015-3696 : Ian Beer of Google Project Zero CVE-2015-3697 : Ian Beer of Google Project Zero CVE-2015-3698 : Ian Beer of Google Project Zero CVE-2015-3699 : Ian Beer of Google Project Zero CVE-2015-3700 : Ian Beer of Google Project Zero CVE-2015-3701 : Ian Beer of Google Project Zero CVE-2015-3702 : KEEN Team

ImageIO Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Multiple vulnerabilities existed in libtiff, the most serious of which may lead to arbitrary code execution Description: Multiple vulnerabilities existed in libtiff versions prior to 4.0.4. CVE-ID CVE-2015-3661 : G. Geshev working with HP's Zero Day Initiative CVE-2015-3662 : kdot working with HP's Zero Day Initiative CVE-2015-3663 : kdot working with HP's Zero Day Initiative CVE-2015-3666 : Steven Seeley of Source Incite working with HP's Zero Day Initiative CVE-2015-3667 : Ryan Pentney, Richard Johnson of Cisco Talos and Kai Lu of Fortinet's FortiGuard Labs, Ryan Pentney, and Richard Johnson of Cisco Talos and Kai Lu of Fortinet's FortiGuard Labs CVE-2015-3668 : Kai Lu of Fortinet's FortiGuard Labs CVE-2015-3713 : Apple

Security Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution Description: An integer overflow existed in the Security framework code for parsing S/MIME e-mail and some other signed or encrypted objects. CVE-ID CVE-2013-1741

Security Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Tampered applications may not be prevented from launching Description: Apps using custom resource rules may have been susceptible to tampering that would not have invalidated the signature

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "communications policy management",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "oracle",
        "version": "9.9.1"
      },
      {
        "_id": null,
        "model": "exalogic infrastructure",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "oracle",
        "version": "2.0"
      },
      {
        "_id": null,
        "model": "communications webrtc session controller",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "oracle",
        "version": "7.0"
      },
      {
        "_id": null,
        "model": "exalogic infrastructure",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "oracle",
        "version": "1.0"
      },
      {
        "_id": null,
        "model": "communications policy management",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "oracle",
        "version": "9.7.3"
      },
      {
        "_id": null,
        "model": "communications eagle lnp application processor",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "oracle",
        "version": "10.0"
      },
      {
        "_id": null,
        "model": "security access manager for enterprise single sign-on",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "_id": null,
        "model": "communications eagle application processor",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "oracle",
        "version": "16.0"
      },
      {
        "_id": null,
        "model": "communications lsms",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "oracle",
        "version": "13.1"
      },
      {
        "_id": null,
        "model": "communications policy management",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "oracle",
        "version": "12.1.1"
      },
      {
        "_id": null,
        "model": "communications webrtc session controller",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "oracle",
        "version": "7.1"
      },
      {
        "_id": null,
        "model": "communications webrtc session controller",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "oracle",
        "version": "7.2"
      },
      {
        "_id": null,
        "model": "communications policy management",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "oracle",
        "version": "10.4.1"
      },
      {
        "_id": null,
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "1.1.0.0"
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "7.0"
      },
      {
        "_id": null,
        "model": "php",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.0"
      },
      {
        "_id": null,
        "model": "php",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.4.38"
      },
      {
        "_id": null,
        "model": "virtualization",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "_id": null,
        "model": "mac os x",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.11.1"
      },
      {
        "_id": null,
        "model": "vm virtualbox",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.1.24"
      },
      {
        "_id": null,
        "model": "glibc",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "gnu",
        "version": "2.18"
      },
      {
        "_id": null,
        "model": "communications user data repository",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "10.0.1"
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "8.0"
      },
      {
        "_id": null,
        "model": "communications session border controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "7.2.0"
      },
      {
        "_id": null,
        "model": "php",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.6"
      },
      {
        "_id": null,
        "model": "communications session border controller",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "7.2.0"
      },
      {
        "_id": null,
        "model": "php",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.5.22"
      },
      {
        "_id": null,
        "model": "communications policy management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "11.5"
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5"
      },
      {
        "_id": null,
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "1.0.0.0"
      },
      {
        "_id": null,
        "model": "glibc",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "gnu",
        "version": "2.0"
      },
      {
        "_id": null,
        "model": "php",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.4.0"
      },
      {
        "_id": null,
        "model": "communications application session controller",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "3.7.1"
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "7"
      },
      {
        "_id": null,
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "2.0.0.0"
      },
      {
        "_id": null,
        "model": "php",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.6.0"
      },
      {
        "_id": null,
        "model": "communications user data repository",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "10.0.0"
      },
      {
        "_id": null,
        "model": "communications session border controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.0"
      },
      {
        "_id": null,
        "model": "glibc",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "gnu",
        "version": "2.17"
      },
      {
        "_id": null,
        "model": "glibc",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "gnu",
        "version": "2.14.1"
      },
      {
        "_id": null,
        "model": "glibc",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "gnu",
        "version": "2.15"
      },
      {
        "_id": null,
        "model": "glibc",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "gnu",
        "version": "2.13"
      },
      {
        "_id": null,
        "model": "glibc",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "gnu",
        "version": "2.12"
      },
      {
        "_id": null,
        "model": "glibc",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "gnu",
        "version": "2.14"
      },
      {
        "_id": null,
        "model": "glibc",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "gnu",
        "version": "2.11.2"
      },
      {
        "_id": null,
        "model": "glibc",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "gnu",
        "version": "2.12.2"
      },
      {
        "_id": null,
        "model": "glibc",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "gnu",
        "version": "2.16"
      },
      {
        "_id": null,
        "model": "glibc",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "gnu",
        "version": "2.12.1"
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "arch linux",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "citrix",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "debian gnu linux",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "f5",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gentoo linux",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openwall gnu linux",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "red hat",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "suse linux",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "slackware linux",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ubuntu",
        "version": null
      },
      {
        "_id": null,
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "opensuse",
        "version": null
      },
      {
        "_id": null,
        "model": "ubuntu",
        "scope": null,
        "trust": 0.8,
        "vendor": "canonical",
        "version": null
      },
      {
        "_id": null,
        "model": "gnu/linux",
        "scope": null,
        "trust": 0.8,
        "vendor": "debian",
        "version": null
      },
      {
        "_id": null,
        "model": "fedora",
        "scope": null,
        "trust": 0.8,
        "vendor": "fedora",
        "version": null
      },
      {
        "_id": null,
        "model": "embedded glibc",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "gnu",
        "version": "2.14"
      },
      {
        "_id": null,
        "model": "linux enterprise server",
        "scope": null,
        "trust": 0.8,
        "vendor": "suse",
        "version": null
      },
      {
        "_id": null,
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "3000"
      },
      {
        "_id": null,
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7835"
      },
      {
        "_id": null,
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.0"
      },
      {
        "_id": null,
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0"
      },
      {
        "_id": null,
        "model": "scale out network attached storage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.0"
      },
      {
        "_id": null,
        "model": "big-ip wom hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "_id": null,
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.2"
      },
      {
        "_id": null,
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "_id": null,
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7225"
      },
      {
        "_id": null,
        "model": "communications application session controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.5"
      },
      {
        "_id": null,
        "model": "telepresence video communication server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "_id": null,
        "model": "infosphere guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "_id": null,
        "model": "as infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "6"
      },
      {
        "_id": null,
        "model": "sparc enterprise m5000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1118"
      },
      {
        "_id": null,
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.40"
      },
      {
        "_id": null,
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.4"
      },
      {
        "_id": null,
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "_id": null,
        "model": "point software security gateway r75.20.4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "80"
      },
      {
        "_id": null,
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.0.3"
      },
      {
        "_id": null,
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "_id": null,
        "model": "ios-xe for catalyst air-ct5760",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "_id": null,
        "model": "sinumerik 840d sl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "_id": null,
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "_id": null,
        "model": "big-ip gtm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "_id": null,
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11"
      },
      {
        "_id": null,
        "model": "big-ip apm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "_id": null,
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "5890"
      },
      {
        "_id": null,
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "_id": null,
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.1.1"
      },
      {
        "_id": null,
        "model": "big-ip webaccelerator hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "_id": null,
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "_id": null,
        "model": "fortiauthenticator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "_id": null,
        "model": "big-ip gtm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "_id": null,
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "_id": null,
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.10.1"
      },
      {
        "_id": null,
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.1.0"
      },
      {
        "_id": null,
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "_id": null,
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7"
      },
      {
        "_id": null,
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "_id": null,
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1"
      },
      {
        "_id": null,
        "model": "big-ip link controller hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "_id": null,
        "model": "one-x client enablement services sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "_id": null,
        "model": "platform director",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "2.0"
      },
      {
        "_id": null,
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "(x86)4.2"
      },
      {
        "_id": null,
        "model": "ds8870",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "_id": null,
        "model": "ace application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "_id": null,
        "model": "meeting exchange sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "_id": null,
        "model": "asr series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "_id": null,
        "model": "point software secureplatform os r76",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "_id": null,
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.5"
      },
      {
        "_id": null,
        "model": "operations manager i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.00"
      },
      {
        "_id": null,
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3400"
      },
      {
        "_id": null,
        "model": "virtualization performance viewer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.0"
      },
      {
        "_id": null,
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "_id": null,
        "model": "point software security management r71.30",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "_id": null,
        "model": "point software gaia os r75.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "_id": null,
        "model": "hunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.1"
      },
      {
        "_id": null,
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "_id": null,
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "_id": null,
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.16"
      },
      {
        "_id": null,
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "_id": null,
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.1.16"
      },
      {
        "_id": null,
        "model": "intelligent automation for cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "_id": null,
        "model": "jabber guest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0(2)"
      },
      {
        "_id": null,
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.7"
      },
      {
        "_id": null,
        "model": "big-iq device",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.5"
      },
      {
        "_id": null,
        "model": "platform director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "0"
      },
      {
        "_id": null,
        "model": "big-iq device",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.2"
      },
      {
        "_id": null,
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.2"
      },
      {
        "_id": null,
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.0"
      },
      {
        "_id": null,
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.0.0"
      },
      {
        "_id": null,
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "_id": null,
        "model": "fortiswitch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "_id": null,
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "77009.7"
      },
      {
        "_id": null,
        "model": "mobility software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.5.3.0"
      },
      {
        "_id": null,
        "model": "big-ip edge gateway 11.1.0-hf2",
        "scope": null,
        "trust": 0.3,
        "vendor": "f5",
        "version": null
      },
      {
        "_id": null,
        "model": "aura conferencing standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "_id": null,
        "model": "big-ip asm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "_id": null,
        "model": "point software secureplatform r60 hfa 05",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "_id": null,
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.1"
      },
      {
        "_id": null,
        "model": "system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x0"
      },
      {
        "_id": null,
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "_id": null,
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "_id": null,
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.3.1"
      },
      {
        "_id": null,
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "_id": null,
        "model": "fs1-2 flash storage system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.3"
      },
      {
        "_id": null,
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "_id": null,
        "model": "integrated lights out manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.4"
      },
      {
        "_id": null,
        "model": "telepresence te software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "-0"
      },
      {
        "_id": null,
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.3"
      },
      {
        "_id": null,
        "model": "ascenlink 7.1-b5745",
        "scope": null,
        "trust": 0.3,
        "vendor": "fortinet",
        "version": null
      },
      {
        "_id": null,
        "model": "linux enterprise software development kit sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "_id": null,
        "model": "big-ip edge gateway hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "_id": null,
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "_id": null,
        "model": "as infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "7"
      },
      {
        "_id": null,
        "model": "big-ip apm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "_id": null,
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.3"
      },
      {
        "_id": null,
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "_id": null,
        "model": "communications application session controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.6"
      },
      {
        "_id": null,
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "_id": null,
        "model": "qradar risk manager mr2 patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.19"
      },
      {
        "_id": null,
        "model": "operation agent virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.14"
      },
      {
        "_id": null,
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.0.9"
      },
      {
        "_id": null,
        "model": "videoscape distribution suite transparent caching",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "_id": null,
        "model": "api management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "_id": null,
        "model": "aura system platform sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "_id": null,
        "model": "flex system ib6131 40gb infiniband switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.4"
      },
      {
        "_id": null,
        "model": "big-ip ltm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "_id": null,
        "model": "as infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "1"
      },
      {
        "_id": null,
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.1.0"
      },
      {
        "_id": null,
        "model": "fs1-2 flash storage system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "_id": null,
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "_id": null,
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "_id": null,
        "model": "point software secureplatform r65 hfa02",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "_id": null,
        "model": "xiv storage system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "281011.5.1"
      },
      {
        "_id": null,
        "model": "colorqube",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "9393"
      },
      {
        "_id": null,
        "model": "xiv storage system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "281011.4.1"
      },
      {
        "_id": null,
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.1"
      },
      {
        "_id": null,
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "_id": null,
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1"
      },
      {
        "_id": null,
        "model": "realpresence resource manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "8.3.1"
      },
      {
        "_id": null,
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "5855"
      },
      {
        "_id": null,
        "model": "sparc enterprise m5000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "0"
      },
      {
        "_id": null,
        "model": "point software security gateway r75.46",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "_id": null,
        "model": "xiv storage system a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "281011.3"
      },
      {
        "_id": null,
        "model": "traffix-sdc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "3.4"
      },
      {
        "_id": null,
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "_id": null,
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "_id": null,
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5"
      },
      {
        "_id": null,
        "model": "ruggedcom ape",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "14040"
      },
      {
        "_id": null,
        "model": "point software security management r75.10",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "_id": null,
        "model": "app for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "3.1.3"
      },
      {
        "_id": null,
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "_id": null,
        "model": "alienvault",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.15.1"
      },
      {
        "_id": null,
        "model": "integrated lights out manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.6"
      },
      {
        "_id": null,
        "model": "colorqube",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "9303"
      },
      {
        "_id": null,
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "_id": null,
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.1"
      },
      {
        "_id": null,
        "model": "operations analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2"
      },
      {
        "_id": null,
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.1.1"
      },
      {
        "_id": null,
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "_id": null,
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "_id": null,
        "model": "meeting exchange sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "_id": null,
        "model": "big-ip apm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "_id": null,
        "model": "icewall sso dfw r1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0"
      },
      {
        "_id": null,
        "model": "aura application server sip core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.0"
      },
      {
        "_id": null,
        "model": "big-ip ltm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "_id": null,
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0.0.52"
      },
      {
        "_id": null,
        "model": "big-ip webaccelerator hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "_id": null,
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "_id": null,
        "model": "point software gaia os r75.10",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "_id": null,
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.3"
      },
      {
        "_id": null,
        "model": "ctpview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "_id": null,
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "_id": null,
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "_id": null,
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.3.0.3"
      },
      {
        "_id": null,
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "_id": null,
        "model": "communications application session controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.4"
      },
      {
        "_id": null,
        "model": "communications application session controller 3.7.1m0",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "_id": null,
        "model": "fortimail",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "_id": null,
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.3.2"
      },
      {
        "_id": null,
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.2"
      },
      {
        "_id": null,
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "_id": null,
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "6.0.6"
      },
      {
        "_id": null,
        "model": "point software secureplatform os r77.20",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "_id": null,
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "_id": null,
        "model": "cms r17ac.h",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "_id": null,
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.13"
      },
      {
        "_id": null,
        "model": "point software gaia os r77.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "_id": null,
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.1.1"
      },
      {
        "_id": null,
        "model": "flex system en6131 40gb ethernet switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.4"
      },
      {
        "_id": null,
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.0"
      },
      {
        "_id": null,
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "(x86)4.3"
      },
      {
        "_id": null,
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.1"
      },
      {
        "_id": null,
        "model": "cloudaxis wsp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "0"
      },
      {
        "_id": null,
        "model": "telepresence tx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90000"
      },
      {
        "_id": null,
        "model": "mds 9222i multilayer fabric switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "_id": null,
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.2.1"
      },
      {
        "_id": null,
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "_id": null,
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.12"
      },
      {
        "_id": null,
        "model": "rss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "40000"
      },
      {
        "_id": null,
        "model": "mds multilayer director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "95060"
      },
      {
        "_id": null,
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "_id": null,
        "model": "mds 9250i multilayer fabric switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "_id": null,
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "_id": null,
        "model": "unified sip proxy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "_id": null,
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.0.6"
      },
      {
        "_id": null,
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "_id": null,
        "model": "real-time compression appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.9"
      },
      {
        "_id": null,
        "model": "qradar siem mr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "_id": null,
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.40"
      },
      {
        "_id": null,
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.4"
      },
      {
        "_id": null,
        "model": "aura communication manager ssp04",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "_id": null,
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "_id": null,
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.4"
      },
      {
        "_id": null,
        "model": "integrated lights out manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "0"
      },
      {
        "_id": null,
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "_id": null,
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "_id": null,
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "_id": null,
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "_id": null,
        "model": "big-ip ltm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "_id": null,
        "model": "big-ip analytics hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "_id": null,
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.31"
      },
      {
        "_id": null,
        "model": "big-ip link controller hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "_id": null,
        "model": "ruggedcom ape1404-c01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.0.8"
      },
      {
        "_id": null,
        "model": "point software security gateway r71.00",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "80"
      },
      {
        "_id": null,
        "model": "virtualization performance viewer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.1"
      },
      {
        "_id": null,
        "model": "prime optical for sps",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "_id": null,
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.2"
      },
      {
        "_id": null,
        "model": "manycore platform software stack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "intel",
        "version": "3.4.3"
      },
      {
        "_id": null,
        "model": "ds8870",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "_id": null,
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.19"
      },
      {
        "_id": null,
        "model": "ruggedcom ape 1402-c01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "_id": null,
        "model": "operations analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "_id": null,
        "model": "big-ip link controller hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "_id": null,
        "model": "mac os security update",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x2015"
      },
      {
        "_id": null,
        "model": "big-ip edge gateway 10.2.3-hf1",
        "scope": null,
        "trust": 0.3,
        "vendor": "f5",
        "version": null
      },
      {
        "_id": null,
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.3"
      },
      {
        "_id": null,
        "model": "distributed media application",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "6.2.1"
      },
      {
        "_id": null,
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "_id": null,
        "model": "sparc enterprise m4000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1118"
      },
      {
        "_id": null,
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2"
      },
      {
        "_id": null,
        "model": "aura application server sip core pb23",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.0"
      },
      {
        "_id": null,
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11"
      },
      {
        "_id": null,
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1"
      },
      {
        "_id": null,
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "_id": null,
        "model": "linux enterprise server sp3 for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "_id": null,
        "model": "colorqube",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "8700"
      },
      {
        "_id": null,
        "model": "big-ip asm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "_id": null,
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "_id": null,
        "model": "helion application lifecycle service for linux",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.0.1.11"
      },
      {
        "_id": null,
        "model": "as infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "5"
      },
      {
        "_id": null,
        "model": "ethernet switch es2-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.9.1"
      },
      {
        "_id": null,
        "model": "big-ip ltm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "_id": null,
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.1.14"
      },
      {
        "_id": null,
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.0"
      },
      {
        "_id": null,
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.20"
      },
      {
        "_id": null,
        "model": "smart call home",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "_id": null,
        "model": "point software secureplatform r65.70",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "_id": null,
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "_id": null,
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "6.1.4"
      },
      {
        "_id": null,
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.1.3"
      },
      {
        "_id": null,
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.1"
      },
      {
        "_id": null,
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "_id": null,
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "_id": null,
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "_id": null,
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "_id": null,
        "model": "qradar vulnerability manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.4"
      },
      {
        "_id": null,
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "_id": null,
        "model": "communications user data repository",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.0"
      },
      {
        "_id": null,
        "model": "secure acs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.446.5"
      },
      {
        "_id": null,
        "model": "mmp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "_id": null,
        "model": "one-x client enablement services sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "_id": null,
        "model": "point software security gateway r75.20",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "_id": null,
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "6.0.5"
      },
      {
        "_id": null,
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.0"
      },
      {
        "_id": null,
        "model": "sunstone xrv-64 vrp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "_id": null,
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.2"
      },
      {
        "_id": null,
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.1.1"
      },
      {
        "_id": null,
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.3.10"
      },
      {
        "_id": null,
        "model": "point software gaia os r77.10",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "_id": null,
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "_id": null,
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.2.2"
      },
      {
        "_id": null,
        "model": "mds fiber channel switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2"
      },
      {
        "_id": null,
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "_id": null,
        "model": "meeting exchange sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "_id": null,
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "_id": null,
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "_id": null,
        "model": "physical access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "_id": null,
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "3.0"
      },
      {
        "_id": null,
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.3"
      },
      {
        "_id": null,
        "model": "sun blade ethernet switched nem 24p 10ge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "60000"
      },
      {
        "_id": null,
        "model": "websphere transformation extender",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4.11"
      },
      {
        "_id": null,
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "_id": null,
        "model": "unified communications manager im and presence service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "_id": null,
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "_id": null,
        "model": "point software security management r70.40",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "_id": null,
        "model": "big-ip gtm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "_id": null,
        "model": "aura experience portal sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "_id": null,
        "model": "ethernet switch es2-72",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.9.1"
      },
      {
        "_id": null,
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.4"
      },
      {
        "_id": null,
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "_id": null,
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "_id": null,
        "model": "security proventia network enterprise scanner",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "_id": null,
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.5.0"
      },
      {
        "_id": null,
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "_id": null,
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "_id": null,
        "model": "big-ip ltm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "_id": null,
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "_id": null,
        "model": "mds series multilayer switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90000"
      },
      {
        "_id": null,
        "model": "aura conferencing sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "_id": null,
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "_id": null,
        "model": "big-ip analytics hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "_id": null,
        "model": "pan-os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "7.0"
      },
      {
        "_id": null,
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "_id": null,
        "model": "ace application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "300"
      },
      {
        "_id": null,
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "_id": null,
        "model": "traffix-sdc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.0"
      },
      {
        "_id": null,
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.3.3"
      },
      {
        "_id": null,
        "model": "big-ip gtm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "_id": null,
        "model": "video border proxy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "0"
      },
      {
        "_id": null,
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.3"
      },
      {
        "_id": null,
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "_id": null,
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.8.0"
      },
      {
        "_id": null,
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.1"
      },
      {
        "_id": null,
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.0.10"
      },
      {
        "_id": null,
        "model": "sdn for virtual environments",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.2"
      },
      {
        "_id": null,
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.3"
      },
      {
        "_id": null,
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9"
      },
      {
        "_id": null,
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.11"
      },
      {
        "_id": null,
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.2"
      },
      {
        "_id": null,
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.2"
      },
      {
        "_id": null,
        "model": "ios-xe for asr1k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "_id": null,
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "77109.7"
      },
      {
        "_id": null,
        "model": "point software vsx r67",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "_id": null,
        "model": "meeting exchange sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "_id": null,
        "model": "big-ip link controller hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "_id": null,
        "model": "enterprise linux desktop client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "_id": null,
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.4.1"
      },
      {
        "_id": null,
        "model": "big-ip edge gateway 11.0.0-hf2",
        "scope": null,
        "trust": 0.3,
        "vendor": "f5",
        "version": null
      },
      {
        "_id": null,
        "model": "small cell factory recovery root filesystem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.99.4"
      },
      {
        "_id": null,
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "_id": null,
        "model": "point software security gateway r75.45",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "_id": null,
        "model": "big-iq device",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.3"
      },
      {
        "_id": null,
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "_id": null,
        "model": "websphere transformation extender",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4.0.5"
      },
      {
        "_id": null,
        "model": "websphere datapower xc10 appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5"
      },
      {
        "_id": null,
        "model": "big-ip edge gateway hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "_id": null,
        "model": "security privileged identity manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1.1"
      },
      {
        "_id": null,
        "model": "fortisanbbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "_id": null,
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "_id": null,
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "_id": null,
        "model": "point software gaia os r76.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "_id": null,
        "model": "aura communication manager utility services sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.16.1.0.9.8"
      },
      {
        "_id": null,
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.4"
      },
      {
        "_id": null,
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.0.5"
      },
      {
        "_id": null,
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.0"
      },
      {
        "_id": null,
        "model": "videoscape back office",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "_id": null,
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7845"
      },
      {
        "_id": null,
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "_id": null,
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "6.1.2"
      },
      {
        "_id": null,
        "model": "xiv storage system 10.2.4.e-7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2810"
      },
      {
        "_id": null,
        "model": "point software security gateway r71.45",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "_id": null,
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "(x86)4.1"
      },
      {
        "_id": null,
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "_id": null,
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.6"
      },
      {
        "_id": null,
        "model": "mds fabric switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "91240"
      },
      {
        "_id": null,
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "_id": null,
        "model": "rss",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "40008.5.3"
      },
      {
        "_id": null,
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "_id": null,
        "model": "big-ip ltm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "_id": null,
        "model": "switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50200"
      },
      {
        "_id": null,
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "_id": null,
        "model": "sinumerik 828d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "_id": null,
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "_id": null,
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.5"
      },
      {
        "_id": null,
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "_id": null,
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "_id": null,
        "model": "point software gaia os r71.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "_id": null,
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.2.2"
      },
      {
        "_id": null,
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.00"
      },
      {
        "_id": null,
        "model": "cms r17 r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "_id": null,
        "model": "infosphere guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "_id": null,
        "model": "ascenlink 7.1-b5599",
        "scope": null,
        "trust": 0.3,
        "vendor": "fortinet",
        "version": null
      },
      {
        "_id": null,
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "_id": null,
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.2.1"
      },
      {
        "_id": null,
        "model": "qradar siem patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.34"
      },
      {
        "_id": null,
        "model": "sparc enterprise m9000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1117"
      },
      {
        "_id": null,
        "model": "big-ip asm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "_id": null,
        "model": "capture server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "2.0"
      },
      {
        "_id": null,
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0.0"
      },
      {
        "_id": null,
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "_id": null,
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.4.0.15"
      },
      {
        "_id": null,
        "model": "cloudaxis wsp",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "1.7"
      },
      {
        "_id": null,
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "3.1.11"
      },
      {
        "_id": null,
        "model": "traffix-sdc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.1"
      },
      {
        "_id": null,
        "model": "fortirecorder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "1.4.1"
      },
      {
        "_id": null,
        "model": "big-ip gtm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "_id": null,
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.41"
      },
      {
        "_id": null,
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "_id": null,
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.4"
      },
      {
        "_id": null,
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7855"
      },
      {
        "_id": null,
        "model": "sdn for virtual environments",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0"
      },
      {
        "_id": null,
        "model": "big-ip apm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "_id": null,
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "_id": null,
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "_id": null,
        "model": "big-ip wom hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "_id": null,
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "13000"
      },
      {
        "_id": null,
        "model": "prime infrastructure plug and play gateway server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "_id": null,
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.3.1"
      },
      {
        "_id": null,
        "model": "big-ip asm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "_id": null,
        "model": "capture server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "0"
      },
      {
        "_id": null,
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "3.1"
      },
      {
        "_id": null,
        "model": "fortiadc-d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "_id": null,
        "model": "ace \u0026 application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10200"
      },
      {
        "_id": null,
        "model": "sparc enterprise m4000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "0"
      },
      {
        "_id": null,
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "76009.7"
      },
      {
        "_id": null,
        "model": "qradar siem patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.41"
      },
      {
        "_id": null,
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opensuse",
        "version": "12.3"
      },
      {
        "_id": null,
        "model": "mds fabric switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "91340"
      },
      {
        "_id": null,
        "model": "telepresence exchange system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "_id": null,
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "_id": null,
        "model": "cms r17",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "_id": null,
        "model": "sun data center infiniband switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "360"
      },
      {
        "_id": null,
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "_id": null,
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.2"
      },
      {
        "_id": null,
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.8.2.0"
      },
      {
        "_id": null,
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7"
      },
      {
        "_id": null,
        "model": "fortivoice 200d",
        "scope": null,
        "trust": 0.3,
        "vendor": "fortinet",
        "version": null
      },
      {
        "_id": null,
        "model": "communications session border controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "0"
      },
      {
        "_id": null,
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "_id": null,
        "model": "messagesight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2"
      },
      {
        "_id": null,
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.4"
      },
      {
        "_id": null,
        "model": "aura application server sip core pb28",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.0"
      },
      {
        "_id": null,
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "5845"
      },
      {
        "_id": null,
        "model": "hunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0"
      },
      {
        "_id": null,
        "model": "sdn for virtual environments",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2"
      },
      {
        "_id": null,
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4"
      },
      {
        "_id": null,
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.1"
      },
      {
        "_id": null,
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.00"
      },
      {
        "_id": null,
        "model": "big-ip link controller hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "_id": null,
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "_id": null,
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-37"
      },
      {
        "_id": null,
        "model": "communications application session controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.0"
      },
      {
        "_id": null,
        "model": "as infinity",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "8.1"
      },
      {
        "_id": null,
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.2"
      },
      {
        "_id": null,
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "_id": null,
        "model": "big-ip edge gateway hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "_id": null,
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "_id": null,
        "model": "telepresence system series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "_id": null,
        "model": "manycore platform software stack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "intel",
        "version": "3.4"
      },
      {
        "_id": null,
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1.0"
      },
      {
        "_id": null,
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.1.7"
      },
      {
        "_id": null,
        "model": "big-ip webaccelerator hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "_id": null,
        "model": "meeting exchange sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "_id": null,
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2"
      },
      {
        "_id": null,
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "_id": null,
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.2.2"
      },
      {
        "_id": null,
        "model": "point software security gateway r76",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "_id": null,
        "model": "ios-xe for catalyst 4k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "_id": null,
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "_id": null,
        "model": "point software secureplatform r71.30",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "_id": null,
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "_id": null,
        "model": "linux enterprise server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "_id": null,
        "model": "realpresence resource manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "0"
      },
      {
        "_id": null,
        "model": "fujitsu m10-4 server xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2230"
      },
      {
        "_id": null,
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "_id": null,
        "model": "websphere transformation extender",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.44"
      },
      {
        "_id": null,
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0"
      },
      {
        "_id": null,
        "model": "point software secureplatform os r75.40vs",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "_id": null,
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "_id": null,
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "_id": null,
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.2.2"
      },
      {
        "_id": null,
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "_id": null,
        "model": "big-ip wom hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "_id": null,
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000"
      },
      {
        "_id": null,
        "model": "onepk all-in-one vm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "_id": null,
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "_id": null,
        "model": "point software security gateway r77",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "_id": null,
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.5"
      },
      {
        "_id": null,
        "model": "point software secureplatform os r75.10",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "_id": null,
        "model": "big-ip link controller hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "_id": null,
        "model": "sun network 10ge switch 72p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "0"
      },
      {
        "_id": null,
        "model": "prime network service controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "_id": null,
        "model": "message networking sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "_id": null,
        "model": "xiv storage system a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "281011.4.1"
      },
      {
        "_id": null,
        "model": "ucs manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "_id": null,
        "model": "infosphere guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "_id": null,
        "model": "big-ip edge gateway hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "_id": null,
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "_id": null,
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.12.1"
      },
      {
        "_id": null,
        "model": "fortirecorder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "1.5"
      },
      {
        "_id": null,
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.2.4"
      },
      {
        "_id": null,
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "_id": null,
        "model": "point software security gateway r75.40 vs",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "_id": null,
        "model": "message networking sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "_id": null,
        "model": "aura conferencing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "_id": null,
        "model": "big-iq security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.3"
      },
      {
        "_id": null,
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "_id": null,
        "model": "traffix-sdc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "3.4.1"
      },
      {
        "_id": null,
        "model": "prime data center network manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "_id": null,
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.0"
      },
      {
        "_id": null,
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.5.0.15"
      },
      {
        "_id": null,
        "model": "network performance analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "_id": null,
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.6"
      },
      {
        "_id": null,
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.2"
      },
      {
        "_id": null,
        "model": "ios-xe for asr903",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "_id": null,
        "model": "big-ip webaccelerator hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "_id": null,
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "(x86)5.0"
      },
      {
        "_id": null,
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "_id": null,
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.3.1"
      },
      {
        "_id": null,
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.0"
      },
      {
        "_id": null,
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.4"
      },
      {
        "_id": null,
        "model": "hunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.2"
      },
      {
        "_id": null,
        "model": "aura system manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "_id": null,
        "model": "mobility software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.4.3.0"
      },
      {
        "_id": null,
        "model": "ace series application control engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "47000"
      },
      {
        "_id": null,
        "model": "webex node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "_id": null,
        "model": "websphere datapower xc10 appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "_id": null,
        "model": "big-ip wom hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "_id": null,
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "_id": null,
        "model": "big-ip analytics 11.0.0-hf2",
        "scope": null,
        "trust": 0.3,
        "vendor": "f5",
        "version": null
      },
      {
        "_id": null,
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "_id": null,
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "_id": null,
        "model": "icewall sso dfw r2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0"
      },
      {
        "_id": null,
        "model": "agent desktop for cisco unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "_id": null,
        "model": "big-ip afm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "_id": null,
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.3"
      },
      {
        "_id": null,
        "model": "one-x client enablement services sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "_id": null,
        "model": "ios-xe for isr4400",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "_id": null,
        "model": "point software gaia os r70.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "_id": null,
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.1.0"
      },
      {
        "_id": null,
        "model": "point software gaia os r75.47",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "_id": null,
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.1"
      },
      {
        "_id": null,
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.2"
      },
      {
        "_id": null,
        "model": "qradar siem mr2 patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.18"
      },
      {
        "_id": null,
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.3.0"
      },
      {
        "_id": null,
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.3.6"
      },
      {
        "_id": null,
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.6"
      },
      {
        "_id": null,
        "model": "big-ip asm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "_id": null,
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.0"
      },
      {
        "_id": null,
        "model": "point software security gateway r77.10",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "_id": null,
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.1.0"
      },
      {
        "_id": null,
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "_id": null,
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "_id": null,
        "model": "message networking sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "_id": null,
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "_id": null,
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.6"
      },
      {
        "_id": null,
        "model": "cms r17 r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "_id": null,
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.2"
      },
      {
        "_id": null,
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.17"
      },
      {
        "_id": null,
        "model": "big-ip analytics hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "_id": null,
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7220"
      },
      {
        "_id": null,
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.3"
      },
      {
        "_id": null,
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.0.16"
      },
      {
        "_id": null,
        "model": "big-ip analytics hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "_id": null,
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.2"
      },
      {
        "_id": null,
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "_id": null,
        "model": "puredata system for operational analytics a1791",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0"
      },
      {
        "_id": null,
        "model": "sdn for virtual environments",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "_id": null,
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0"
      },
      {
        "_id": null,
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.0.3"
      },
      {
        "_id": null,
        "model": "websphere transformation extender",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4.12"
      },
      {
        "_id": null,
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.1.13"
      },
      {
        "_id": null,
        "model": "hyper-scale manager virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "_id": null,
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "_id": null,
        "model": "big-ip edge gateway hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "_id": null,
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.4"
      },
      {
        "_id": null,
        "model": "big-ip apm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "_id": null,
        "model": "websphere transformation extender",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.42"
      },
      {
        "_id": null,
        "model": "dcm series 9900-digital content manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "_id": null,
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.16"
      },
      {
        "_id": null,
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.6"
      },
      {
        "_id": null,
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.3.8.3"
      },
      {
        "_id": null,
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.1"
      },
      {
        "_id": null,
        "model": "aura application server sip core pb5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53003.0"
      },
      {
        "_id": null,
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.1.2"
      },
      {
        "_id": null,
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.1.10"
      },
      {
        "_id": null,
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5"
      },
      {
        "_id": null,
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.6"
      },
      {
        "_id": null,
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.0.9"
      },
      {
        "_id": null,
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "_id": null,
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.2.3"
      },
      {
        "_id": null,
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "3.1.9"
      },
      {
        "_id": null,
        "model": "big-ip ltm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "_id": null,
        "model": "uc phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "??vvx0"
      },
      {
        "_id": null,
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.3.9.3"
      },
      {
        "_id": null,
        "model": "realpresence collaboration server hotfix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "8.4.2"
      },
      {
        "_id": null,
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "_id": null,
        "model": "netezza host management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2.0"
      },
      {
        "_id": null,
        "model": "point software security gateway r75",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "_id": null,
        "model": "point software secureplatform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "2.60"
      },
      {
        "_id": null,
        "model": "point software security gateway r75.20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "80"
      },
      {
        "_id": null,
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.1"
      },
      {
        "_id": null,
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.1"
      },
      {
        "_id": null,
        "model": "aura application server sip core pb19",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.0"
      },
      {
        "_id": null,
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.0.14"
      },
      {
        "_id": null,
        "model": "icewall sso dfw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0"
      },
      {
        "_id": null,
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "_id": null,
        "model": "security privileged identity manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "_id": null,
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "_id": null,
        "model": "aura system manager sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "_id": null,
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "_id": null,
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0"
      },
      {
        "_id": null,
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1x8664"
      },
      {
        "_id": null,
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "_id": null,
        "model": "point software security gateway r71.45",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "80"
      },
      {
        "_id": null,
        "model": "point software security management r71.40",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "_id": null,
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.1.2"
      },
      {
        "_id": null,
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.0.10"
      },
      {
        "_id": null,
        "model": "big-ip apm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "_id": null,
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.6.1"
      },
      {
        "_id": null,
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "_id": null,
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "_id": null,
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "_id": null,
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.1"
      },
      {
        "_id": null,
        "model": "point software secureplatform os r75",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "_id": null,
        "model": "manycore platform software stack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "intel",
        "version": "3.2"
      },
      {
        "_id": null,
        "model": "ip office application server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.01"
      },
      {
        "_id": null,
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "_id": null,
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1.0"
      },
      {
        "_id": null,
        "model": "point software multi-domain management/provider-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "0"
      },
      {
        "_id": null,
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8"
      },
      {
        "_id": null,
        "model": "websphere transformation extender",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.43"
      },
      {
        "_id": null,
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.3"
      },
      {
        "_id": null,
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.7"
      },
      {
        "_id": null,
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.4"
      },
      {
        "_id": null,
        "model": "webex meeting center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "_id": null,
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.0"
      },
      {
        "_id": null,
        "model": "big-ip edge gateway 11.1.0-hf3",
        "scope": null,
        "trust": 0.3,
        "vendor": "f5",
        "version": null
      },
      {
        "_id": null,
        "model": "mds director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "97060"
      },
      {
        "_id": null,
        "model": "big-ip asm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "_id": null,
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "_id": null,
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.2"
      },
      {
        "_id": null,
        "model": "aura conferencing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.2"
      },
      {
        "_id": null,
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "_id": null,
        "model": "sun network qdr infiniband gateway switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2.2.2"
      },
      {
        "_id": null,
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "_id": null,
        "model": "point software secureplatform os r77.10",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "_id": null,
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.1.1"
      },
      {
        "_id": null,
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "_id": null,
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.00"
      },
      {
        "_id": null,
        "model": "qradar risk manager mr2 patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.18"
      },
      {
        "_id": null,
        "model": "hosted collaboration mediation fulfillment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "_id": null,
        "model": "big-ip link controller hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "_id": null,
        "model": "mint",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "0"
      },
      {
        "_id": null,
        "model": "big-iq cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.0"
      },
      {
        "_id": null,
        "model": "big-ip ltm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "_id": null,
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "_id": null,
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.00"
      },
      {
        "_id": null,
        "model": "application networking manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "_id": null,
        "model": "fortivoice",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.0"
      },
      {
        "_id": null,
        "model": "standalone rack server cimc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "_id": null,
        "model": "socialminer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "_id": null,
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.3"
      },
      {
        "_id": null,
        "model": "as infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "3"
      },
      {
        "_id": null,
        "model": "sparc enterprise m8000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1117"
      },
      {
        "_id": null,
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.0.15"
      },
      {
        "_id": null,
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.2.1"
      },
      {
        "_id": null,
        "model": "big-ip apm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "_id": null,
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "_id": null,
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.1"
      },
      {
        "_id": null,
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.8"
      },
      {
        "_id": null,
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "_id": null,
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.0.4"
      },
      {
        "_id": null,
        "model": "ascenlink",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "7.0"
      },
      {
        "_id": null,
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "_id": null,
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.2.0"
      },
      {
        "_id": null,
        "model": "big-ip gtm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "_id": null,
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.2"
      },
      {
        "_id": null,
        "model": "sinumerik 808d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "_id": null,
        "model": "ruggedcom ape",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "14020"
      },
      {
        "_id": null,
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.0"
      },
      {
        "_id": null,
        "model": "ace application control engine module ace20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "_id": null,
        "model": "big-ip link controller hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "_id": null,
        "model": "point software security management r65.70",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "_id": null,
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.112"
      },
      {
        "_id": null,
        "model": "meetingplace",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "_id": null,
        "model": "ip office application server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.02"
      },
      {
        "_id": null,
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.1.15"
      },
      {
        "_id": null,
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1"
      },
      {
        "_id": null,
        "model": "helion application lifecycle service for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.0.1.10"
      },
      {
        "_id": null,
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "_id": null,
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.0.4"
      },
      {
        "_id": null,
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.3"
      },
      {
        "_id": null,
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "_id": null,
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.8.1.0"
      },
      {
        "_id": null,
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "_id": null,
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "_id": null,
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "_id": null,
        "model": "big-ip wom hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "_id": null,
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "_id": null,
        "model": "aura application server sip core pb3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53003.0"
      },
      {
        "_id": null,
        "model": "point software secureplatform r75",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "_id": null,
        "model": "nexus series fex",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "20000"
      },
      {
        "_id": null,
        "model": "telepresence sx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "_id": null,
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "_id": null,
        "model": "big-iq cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.2"
      },
      {
        "_id": null,
        "model": "digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44000"
      },
      {
        "_id": null,
        "model": "operation agent virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.13"
      },
      {
        "_id": null,
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "_id": null,
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.4"
      },
      {
        "_id": null,
        "model": "content sharing suite client/server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "0"
      },
      {
        "_id": null,
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "5875"
      },
      {
        "_id": null,
        "model": "point software secureplatform os r75.40",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "_id": null,
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.9.0"
      },
      {
        "_id": null,
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "_id": null,
        "model": "aura application server sip core pb26",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.0"
      },
      {
        "_id": null,
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.6.0"
      },
      {
        "_id": null,
        "model": "virtualization performance viewer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.01"
      },
      {
        "_id": null,
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "_id": null,
        "model": "as infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "2"
      },
      {
        "_id": null,
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.1.3"
      },
      {
        "_id": null,
        "model": "ctp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "_id": null,
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.2.1"
      },
      {
        "_id": null,
        "model": "sparc enterprise m3000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1117"
      },
      {
        "_id": null,
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "6.0"
      },
      {
        "_id": null,
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "_id": null,
        "model": "distributed media application",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "6.1.3"
      },
      {
        "_id": null,
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.1"
      },
      {
        "_id": null,
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.1.1"
      },
      {
        "_id": null,
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.2.0"
      },
      {
        "_id": null,
        "model": "ios-xe for catalyst 3k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "_id": null,
        "model": "sparc enterprise m3000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "0"
      },
      {
        "_id": null,
        "model": "big-ip asm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.00"
      },
      {
        "_id": null,
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.0.2"
      },
      {
        "_id": null,
        "model": "qradar vulnerability manager patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.43"
      },
      {
        "_id": null,
        "model": "xiv storage system 10.2.4.e-6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2810"
      },
      {
        "_id": null,
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "7830"
      },
      {
        "_id": null,
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.3.4"
      },
      {
        "_id": null,
        "model": "ace application control engine module ace10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "_id": null,
        "model": "big-ip analytics hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "_id": null,
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.1"
      },
      {
        "_id": null,
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "_id": null,
        "model": "expressway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "_id": null,
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "_id": null,
        "model": "aura experience portal sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "_id": null,
        "model": "big-ip gtm hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "_id": null,
        "model": "big-iq cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.1"
      },
      {
        "_id": null,
        "model": "big-ip webaccelerator hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "_id": null,
        "model": "switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50100"
      },
      {
        "_id": null,
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.2"
      },
      {
        "_id": null,
        "model": "hdx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "3.1.7"
      },
      {
        "_id": null,
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.3.0"
      },
      {
        "_id": null,
        "model": "telepresence recording server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "_id": null,
        "model": "point software secureplatform os r75.20",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "_id": null,
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "_id": null,
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "_id": null,
        "model": "big-ip gtm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "_id": null,
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.0"
      },
      {
        "_id": null,
        "model": "aura presence services sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "_id": null,
        "model": "big-ip link controller 11.1.0-hf3",
        "scope": null,
        "trust": 0.3,
        "vendor": "f5",
        "version": null
      },
      {
        "_id": null,
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "_id": null,
        "model": "prime infrastructure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "_id": null,
        "model": "colorqube",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "8900"
      },
      {
        "_id": null,
        "model": "aura presence services sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "_id": null,
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.3"
      },
      {
        "_id": null,
        "model": "sparc enterprise m9000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1118"
      },
      {
        "_id": null,
        "model": "aura system manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "_id": null,
        "model": "linux enterprise server sp4 ltss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "_id": null,
        "model": "traffix-sdc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.0.5"
      },
      {
        "_id": null,
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.3"
      },
      {
        "_id": null,
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.3.2"
      },
      {
        "_id": null,
        "model": "big-ip link controller hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "_id": null,
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "_id": null,
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.3"
      },
      {
        "_id": null,
        "model": "aura system manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "_id": null,
        "model": "communications session border controller 7.2.0m4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "_id": null,
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "_id": null,
        "model": "fujitsu m10-4s server xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2230"
      },
      {
        "_id": null,
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "_id": null,
        "model": "big-ip asm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "_id": null,
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.1.11"
      },
      {
        "_id": null,
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "_id": null,
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "_id": null,
        "model": "linux enterprise desktop sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "_id": null,
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "_id": null,
        "model": "fs1-2 flash storage system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1"
      },
      {
        "_id": null,
        "model": "websphere transformation extender",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.40"
      },
      {
        "_id": null,
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.7.0"
      },
      {
        "_id": null,
        "model": "powervu d9190 conditional access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "_id": null,
        "model": "identity services engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "_id": null,
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.1"
      },
      {
        "_id": null,
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.0"
      },
      {
        "_id": null,
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.1"
      },
      {
        "_id": null,
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1.0"
      },
      {
        "_id": null,
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "_id": null,
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "glibc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.18"
      },
      {
        "_id": null,
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.2"
      },
      {
        "_id": null,
        "model": "flex system ib6131 40gb infiniband switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.4.1110"
      },
      {
        "_id": null,
        "model": "webex meetings server base",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.5"
      },
      {
        "_id": null,
        "model": "point software vsx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "0"
      },
      {
        "_id": null,
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "12.3"
      },
      {
        "_id": null,
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "_id": null,
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.115"
      },
      {
        "_id": null,
        "model": "connected grid routers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "_id": null,
        "model": "big-ip edge gateway 11.0.0-hf1",
        "scope": null,
        "trust": 0.3,
        "vendor": "f5",
        "version": null
      },
      {
        "_id": null,
        "model": "webex meetings server 2.0mr2",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "_id": null,
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "_id": null,
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.13"
      },
      {
        "_id": null,
        "model": "aura conferencing sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "_id": null,
        "model": "ds8870",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "_id": null,
        "model": "telepresence integrator c series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "_id": null,
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "_id": null,
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.9"
      },
      {
        "_id": null,
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.5"
      },
      {
        "_id": null,
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.2"
      },
      {
        "_id": null,
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "_id": null,
        "model": "operation agent virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.12"
      },
      {
        "_id": null,
        "model": "point software gaia os r75.40",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "_id": null,
        "model": "ios-xe for csr1000v",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "_id": null,
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "_id": null,
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.10"
      },
      {
        "_id": null,
        "model": "point software gaia os r75.45",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "_id": null,
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.5"
      },
      {
        "_id": null,
        "model": "realpresence collaboration server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "0"
      },
      {
        "_id": null,
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "5865"
      },
      {
        "_id": null,
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.11"
      },
      {
        "_id": null,
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "_id": null,
        "model": "mds multiplayer director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "95130"
      },
      {
        "_id": null,
        "model": "point software security gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "0"
      },
      {
        "_id": null,
        "model": "big-ip apm hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "_id": null,
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.1.2"
      },
      {
        "_id": null,
        "model": "enterprise manager 2.1.0-hf2",
        "scope": null,
        "trust": 0.3,
        "vendor": "f5",
        "version": null
      },
      {
        "_id": null,
        "model": "aura session manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "_id": null,
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "_id": null,
        "model": "colorqube",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "9302"
      },
      {
        "_id": null,
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.13"
      },
      {
        "_id": null,
        "model": "big-ip analytics hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "_id": null,
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "_id": null,
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1"
      },
      {
        "_id": null,
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.02"
      },
      {
        "_id": null,
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "_id": null,
        "model": "ds8870",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "_id": null,
        "model": "linux enterprise server sp1 ltss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "_id": null,
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "_id": null,
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.1"
      },
      {
        "_id": null,
        "model": "network analysis module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "_id": null,
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "_id": null,
        "model": "glibc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.19"
      },
      {
        "_id": null,
        "model": "big-ip asm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "_id": null,
        "model": "point software secureplatform os r75.46",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "_id": null,
        "model": "manycore platform software stack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "intel",
        "version": "3.3"
      },
      {
        "_id": null,
        "model": "qradar risk manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.4"
      },
      {
        "_id": null,
        "model": "ios-xe for catalyst 3k 4k",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "_id": null,
        "model": "point software secureplatform os r75.45",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "_id": null,
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.0.11"
      },
      {
        "_id": null,
        "model": "virtualization performance viewer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.2"
      },
      {
        "_id": null,
        "model": "sun network qdr infiniband gateway switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "0"
      },
      {
        "_id": null,
        "model": "point software secureplatform r70.40",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "_id": null,
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "_id": null,
        "model": "prime infrastructure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "_id": null,
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10"
      },
      {
        "_id": null,
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "_id": null,
        "model": "point software gaia os r75.20",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "_id": null,
        "model": "as infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "4"
      },
      {
        "_id": null,
        "model": "big-ip link controller 11.1.0-hf2",
        "scope": null,
        "trust": 0.3,
        "vendor": "f5",
        "version": null
      },
      {
        "_id": null,
        "model": "point software gaia os r75.46",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "_id": null,
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.2.5"
      },
      {
        "_id": null,
        "model": "flex system en6131 40gb ethernet switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.4.1110"
      },
      {
        "_id": null,
        "model": "point software secureplatform os r75.30",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "_id": null,
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.4"
      },
      {
        "_id": null,
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "_id": null,
        "model": "real-time compression appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.8"
      },
      {
        "_id": null,
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "_id": null,
        "model": "big-ip webaccelerator hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "_id": null,
        "model": "virtualization performance viewer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.10"
      },
      {
        "_id": null,
        "model": "xiv storage system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "281011.3.1"
      },
      {
        "_id": null,
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "_id": null,
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-32"
      },
      {
        "_id": null,
        "model": "communications application session controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.7"
      },
      {
        "_id": null,
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "6655"
      },
      {
        "_id": null,
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.4.0"
      },
      {
        "_id": null,
        "model": "telepresence ex series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "_id": null,
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "_id": null,
        "model": "wireless security gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "_id": null,
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "6.0.8"
      },
      {
        "_id": null,
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "_id": null,
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "3.1.10"
      },
      {
        "_id": null,
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "_id": null,
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.8"
      },
      {
        "_id": null,
        "model": "security identity manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "_id": null,
        "model": "xiv storage system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "281011.4"
      },
      {
        "_id": null,
        "model": "point software vsx r65.20",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "_id": null,
        "model": "qradar risk manager patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.43"
      },
      {
        "_id": null,
        "model": "aura conferencing sp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.2"
      },
      {
        "_id": null,
        "model": "switch es1-24",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.3"
      },
      {
        "_id": null,
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "_id": null,
        "model": "alienvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.15"
      },
      {
        "_id": null,
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.0.8"
      },
      {
        "_id": null,
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.0.1"
      },
      {
        "_id": null,
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "_id": null,
        "model": "mds 9148s switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "_id": null,
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1.0.9"
      },
      {
        "_id": null,
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "_id": null,
        "model": "messagesight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "_id": null,
        "model": "aura application server sip core sp10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53003.0"
      },
      {
        "_id": null,
        "model": "ios-xr for cisco network convergence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "_id": null,
        "model": "big-ip apm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "_id": null,
        "model": "xiv storage system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "281011.3"
      },
      {
        "_id": null,
        "model": "mobility software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.4.0.0"
      },
      {
        "_id": null,
        "model": "digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "43100"
      },
      {
        "_id": null,
        "model": "ace application control engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "47000"
      },
      {
        "_id": null,
        "model": "colorqube",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "9301"
      },
      {
        "_id": null,
        "model": "aura application server sip core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53003.0"
      },
      {
        "_id": null,
        "model": "aura application server sip core pb25",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.0"
      },
      {
        "_id": null,
        "model": "aura application server sip core sp10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.0"
      },
      {
        "_id": null,
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.1.4"
      },
      {
        "_id": null,
        "model": "operation agent virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.11"
      },
      {
        "_id": null,
        "model": "sun data center infiniband switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "362.2.2"
      },
      {
        "_id": null,
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.4"
      },
      {
        "_id": null,
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "(x86)4.4"
      },
      {
        "_id": null,
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.20"
      },
      {
        "_id": null,
        "model": "mds director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "97100"
      },
      {
        "_id": null,
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "36550"
      },
      {
        "_id": null,
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "_id": null,
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "_id": null,
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.1"
      },
      {
        "_id": null,
        "model": "big-ip analytics hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "_id": null,
        "model": "icewall sso dfw r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0"
      },
      {
        "_id": null,
        "model": "videoscape conductor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "_id": null,
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.5"
      },
      {
        "_id": null,
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.5"
      },
      {
        "_id": null,
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "_id": null,
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "_id": null,
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "_id": null,
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "_id": null,
        "model": "websphere transformation extender",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.41"
      },
      {
        "_id": null,
        "model": "as infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "8"
      },
      {
        "_id": null,
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "_id": null,
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1.0"
      },
      {
        "_id": null,
        "model": "big-ip asm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "_id": null,
        "model": "websphere transformation extender",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4.10"
      },
      {
        "_id": null,
        "model": "hdx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "0"
      },
      {
        "_id": null,
        "model": "integrated lights out manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.3"
      },
      {
        "_id": null,
        "model": "big-ip ltm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "_id": null,
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "_id": null,
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "_id": null,
        "model": "telepresence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "13100"
      },
      {
        "_id": null,
        "model": "point software security management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "0"
      },
      {
        "_id": null,
        "model": "big-iq security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.0"
      },
      {
        "_id": null,
        "model": "point software secureplatform os r75.47",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.1"
      },
      {
        "_id": null,
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.1.5"
      },
      {
        "_id": null,
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "_id": null,
        "model": "aura system platform sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "_id": null,
        "model": "big-ip analytics hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "_id": null,
        "model": "cms r17ac.g",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "_id": null,
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "_id": null,
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "_id": null,
        "model": "telepresence conductor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "_id": null,
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "_id": null,
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.3"
      },
      {
        "_id": null,
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.0"
      },
      {
        "_id": null,
        "model": "uc phones",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "??vvx5.3"
      },
      {
        "_id": null,
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.1.2"
      },
      {
        "_id": null,
        "model": "d9036 modular encoding platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "_id": null,
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.12"
      },
      {
        "_id": null,
        "model": "mds multilayer director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "95090"
      },
      {
        "_id": null,
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "_id": null,
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "3.1.12"
      },
      {
        "_id": null,
        "model": "aura conferencing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.0"
      },
      {
        "_id": null,
        "model": "traffix-sdc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "3.5.2"
      },
      {
        "_id": null,
        "model": "qradar siem patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.43"
      },
      {
        "_id": null,
        "model": "real-time compression appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "_id": null,
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.32"
      },
      {
        "_id": null,
        "model": "content security appliance updater servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "_id": null,
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "_id": null,
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "_id": null,
        "model": "aura system platform sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "_id": null,
        "model": "qradar siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.3"
      },
      {
        "_id": null,
        "model": "point software gaia os r77.20",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "_id": null,
        "model": "big-ip gtm hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "_id": null,
        "model": "big-iq cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.3"
      },
      {
        "_id": null,
        "model": "sparc enterprise m4000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1117"
      },
      {
        "_id": null,
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.11.3"
      },
      {
        "_id": null,
        "model": "multicast manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "_id": null,
        "model": "point software security management r75.20",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "_id": null,
        "model": "big-ip ltm hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "_id": null,
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.0.1"
      },
      {
        "_id": null,
        "model": "big-ip apm hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.0"
      },
      {
        "_id": null,
        "model": "big-ip wom hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "_id": null,
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5"
      },
      {
        "_id": null,
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "_id": null,
        "model": "traffix-sdc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "3.3.2"
      },
      {
        "_id": null,
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "_id": null,
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "_id": null,
        "model": "big-iq security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.2"
      },
      {
        "_id": null,
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "_id": null,
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.5"
      },
      {
        "_id": null,
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.2.3"
      },
      {
        "_id": null,
        "model": "unified communications manager session management edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "_id": null,
        "model": "one-x client enablement services sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "_id": null,
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "_id": null,
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.2.1"
      },
      {
        "_id": null,
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "_id": null,
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "_id": null,
        "model": "operations analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "_id": null,
        "model": "big-ip analytics hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "_id": null,
        "model": "point software secureplatform os r77",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "_id": null,
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "_id": null,
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "_id": null,
        "model": "security privileged identity manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1"
      },
      {
        "_id": null,
        "model": "sparc enterprise m8000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "0"
      },
      {
        "_id": null,
        "model": "security identity governance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "_id": null,
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "_id": null,
        "model": "forticache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "_id": null,
        "model": "qradar risk manager mr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "_id": null,
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.4"
      },
      {
        "_id": null,
        "model": "virtualization performance viewer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "_id": null,
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.0.14"
      },
      {
        "_id": null,
        "model": "cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "0"
      },
      {
        "_id": null,
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "_id": null,
        "model": "virtual security gateway for microsoft hyper-v",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "_id": null,
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.3.0"
      },
      {
        "_id": null,
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "_id": null,
        "model": "fortiwan",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "_id": null,
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.1.12"
      },
      {
        "_id": null,
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "_id": null,
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "_id": null,
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "_id": null,
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.0.9.8"
      },
      {
        "_id": null,
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.1"
      },
      {
        "_id": null,
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.12"
      },
      {
        "_id": null,
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "_id": null,
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.3"
      },
      {
        "_id": null,
        "model": "prime service catalog virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "_id": null,
        "model": "aura application server sip core pb16",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.0"
      },
      {
        "_id": null,
        "model": "big-iq security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.1"
      },
      {
        "_id": null,
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.5"
      },
      {
        "_id": null,
        "model": "unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "_id": null,
        "model": "mds fiber channel switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.2"
      },
      {
        "_id": null,
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "_id": null,
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.37"
      },
      {
        "_id": null,
        "model": "video border proxy",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "11.2.22"
      },
      {
        "_id": null,
        "model": "fujitsu m10-1 server xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2230"
      },
      {
        "_id": null,
        "model": "content sharing suite client/server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "1.5"
      },
      {
        "_id": null,
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "_id": null,
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0.00"
      },
      {
        "_id": null,
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "point software security gateway r75.47",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "_id": null,
        "model": "big-ip link controller hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "_id": null,
        "model": "workcentre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "79700"
      },
      {
        "_id": null,
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "6.1.3"
      },
      {
        "_id": null,
        "model": "big-ip gtm hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "_id": null,
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1100"
      },
      {
        "_id": null,
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "_id": null,
        "model": "fortirecorder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "1.4.2"
      },
      {
        "_id": null,
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.1"
      },
      {
        "_id": null,
        "model": "aura conferencing sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.2"
      },
      {
        "_id": null,
        "model": "sparc enterprise m8000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1118"
      },
      {
        "_id": null,
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "_id": null,
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.21"
      },
      {
        "_id": null,
        "model": "evergreen",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opensuse",
        "version": "11.4"
      },
      {
        "_id": null,
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.3.5"
      },
      {
        "_id": null,
        "model": "big-iq cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.5"
      },
      {
        "_id": null,
        "model": "intercloud fabric",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "_id": null,
        "model": "qradar incident forensics patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.41"
      },
      {
        "_id": null,
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "3.1.1"
      },
      {
        "_id": null,
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.11.1"
      },
      {
        "_id": null,
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "_id": null,
        "model": "telepresence mx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "_id": null,
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0.0"
      },
      {
        "_id": null,
        "model": "fortiddos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "_id": null,
        "model": "session border controller for enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.0"
      },
      {
        "_id": null,
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "_id": null,
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "_id": null,
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "_id": null,
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.1.9"
      },
      {
        "_id": null,
        "model": "point software security gateway r71.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "_id": null,
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "3.1"
      },
      {
        "_id": null,
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.0.1"
      },
      {
        "_id": null,
        "model": "aura messaging sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "_id": null,
        "model": "telepresence profile series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "_id": null,
        "model": "big-ip pem hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "_id": null,
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "_id": null,
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.0.7"
      },
      {
        "_id": null,
        "model": "big-ip edge gateway hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "_id": null,
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "distributed media application",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "0"
      },
      {
        "_id": null,
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "_id": null,
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.7"
      },
      {
        "_id": null,
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "_id": null,
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.1.4"
      },
      {
        "_id": null,
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "_id": null,
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.0.6"
      },
      {
        "_id": null,
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.5.1"
      },
      {
        "_id": null,
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.0.7"
      },
      {
        "_id": null,
        "model": "slim",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "_id": null,
        "model": "big-ip edge gateway hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "_id": null,
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "_id": null,
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.4"
      },
      {
        "_id": null,
        "model": "aura application server sip core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.1"
      },
      {
        "_id": null,
        "model": "point software gaia os r75.30",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "_id": null,
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "_id": null,
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1"
      },
      {
        "_id": null,
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.8"
      },
      {
        "_id": null,
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.0.5"
      },
      {
        "_id": null,
        "model": "simatic hmi panels",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "_id": null,
        "model": "sparc enterprise m3000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1118"
      },
      {
        "_id": null,
        "model": "thinpro linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "(x86)5.1"
      },
      {
        "_id": null,
        "model": "cloud object store",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "_id": null,
        "model": "sparc enterprise m5000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1117"
      },
      {
        "_id": null,
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "_id": null,
        "model": "qradar siem mr2 patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.19"
      },
      {
        "_id": null,
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0"
      },
      {
        "_id": null,
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "6.0.9"
      },
      {
        "_id": null,
        "model": "linux enterprise server sp2 ltss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "110"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#967332"
      },
      {
        "db": "BID",
        "id": "72325"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-658"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-007061"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0235"
      }
    ]
  },
  "configurations": {
    "_id": null,
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:canonical:ubuntu_linux",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:debian:debian_linux",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:fedoraproject:fedora",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:gnu:eglibc",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:suse:linux_enterprise_server",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-007061"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Qualys",
    "sources": [
      {
        "db": "BID",
        "id": "72325"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-658"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2015-0235",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2015-0235",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.0,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "availabilityRequirement": "NOT DEFINED",
            "baseScore": 10.0,
            "collateralDamagePotential": "NOT DEFINED",
            "confidentialityImpact": "COMPLETE",
            "confidentialityRequirement": "NOT DEFINED",
            "enviromentalScore": 5.9,
            "exploitability": "PROOF-OF-CONCEPT",
            "exploitabilityScore": 10.0,
            "id": "CVE-2015-0235",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "integrityRequirement": "NOT DEFINED",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "remediationLevel": "OFFICIAL FIX",
            "reportConfidence": "CONFIRMED",
            "severity": "HIGH",
            "targetDistribution": "MEDIUM",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vector_string": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2015-0235",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "VHN-78181",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2015-0235",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-0235",
            "trust": 1.6,
            "value": "HIGH"
          },
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2015-0235",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201501-658",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-78181",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#967332"
      },
      {
        "db": "VULHUB",
        "id": "VHN-78181"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-658"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-007061"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0235"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka \"GHOST.\". This vulnerability has been assigned CVE-2015-0235, and is referred to in the media by the name \"GHOST\". eglibc The package contains a classic buffer overflow vulnerability.Denial of service (DoS) May be in a state. GNU glibc is prone to a heap-based buffer-overflow vulnerability. \nAn attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts may crash the application, denying service to legitimate users. \nCVE-ID\nCVE-2015-7023 : Marvin Scholz; Xiaofeng Zheng and Jinjin Liang of\nTsinghua University, Jian Jiang of University of California,\nBerkeley, Haixin Duan of Tsinghua University and International\nComputer Science Institute, Shuo Chen of Microsoft Research Redmond,\nTao Wan of Huawei Canada, Nicholas Weaver of International Computer\nScience Institute and University of California, Berkeley, coordinated\nvia CERT/CC\n\nconfigd\nAvailable for:  OS X El Capitan 10.11\nImpact:  A malicious application may be able to elevate privileges\nDescription:  A heap based buffer overflow issue existed in the DNS\nclient library. A malicious application with the ability to spoof\nresponses from the local configd service may have been able to cause\narbitrary code execution in DNS clients. \nCVE-ID\nCVE-2015-6994 : Mark Mentovai of Google Inc. A developer-signed app could bypass restrictions on\nuse of restricted entitlements and elevate privileges. These\nissues were addressed by using patches affecting OS X from upstream. This was addressed by disabling synthetic\nclicks for keychain access windows. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2015-09-30-3 OS X El Capitan 10.11\n\nOS X El Capitan 10.11 is now available and addresses the following:\n\nAddress Book\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local attacker may be able to inject arbitrary code to\nprocesses loading the Address Book framework\nDescription:  An issue existed in Address Book framework\u0027s handling\nof an environment variable. This issue was addressed through improved\nenvironment variable handling. \nCVE-ID\nCVE-2015-5897 : Dan Bastone of Gotham Digital Science\n\nAirScan\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  An attacker with a privileged network position may be able\nto extract payload from eSCL packets sent over a secure connection\nDescription:  An issue existed in the processing of eSCL packets. \nThis issue was addressed through improved validation checks. \nCVE-ID\nCVE-2015-5853 : an anonymous researcher\n\napache_mod_php\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Multiple vulnerabilities in PHP\nDescription:  Multiple vulnerabilities existed in PHP versions prior\nto 5.5.27, including one which may have led to remote code execution. \nThis issue was addressed by updating PHP to version 5.5.27. \nCVE-ID\nCVE-2014-9425\nCVE-2014-9427\nCVE-2014-9652\nCVE-2014-9705\nCVE-2014-9709\nCVE-2015-0231\nCVE-2015-0232\nCVE-2015-0235\nCVE-2015-0273\nCVE-2015-1351\nCVE-2015-1352\nCVE-2015-2301\nCVE-2015-2305\nCVE-2015-2331\nCVE-2015-2348\nCVE-2015-2783\nCVE-2015-2787\nCVE-2015-3329\nCVE-2015-3330\n\nApple Online Store Kit\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A malicious application may gain access to a user\u0027s keychain\nitems\nDescription:  An issue existed in validation of access control lists\nfor iCloud keychain items. This issue was addressed through improved\naccess control list checks. \nCVE-ID\nCVE-2015-5836 : XiaoFeng Wang of Indiana University, Luyi Xing of\nIndiana University, Tongxin Li of Peking University, Tongxin Li of\nPeking University, Xiaolong Bai of Tsinghua University\n\nAppleEvents\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A user connected through screen sharing can send Apple\nEvents to a local user\u0027s session\nDescription:  An issue existed with Apple Event filtering that\nallowed some users to send events to other users. This was addressed\nby improved Apple Event handling. \nCVE-ID\nCVE-2015-5849 : Jack Lawrence (@_jackhl)\n\nAudio\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Playing a malicious audio file may lead to an unexpected\napplication termination\nDescription:  A memory corruption issue existed in the handling of\naudio files. This issue issue was addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-5862 : YoungJin Yoon of Information Security Lab. (Adv.:\nProf. Taekyoung Kwon), Yonsei University, Seoul, Korea\n\nbash\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Multiple vulnerabilities in bash\nDescription:  Multiple vulnerabilities existed in bash versions prior\nto 3.2 patch level 57. These issues were addressed by updating bash\nversion 3.2 to patch level 57. \nCVE-ID\nCVE-2014-6277\nCVE-2014-7186\nCVE-2014-7187\n\nCertificate Trust Policy\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Update to the certificate trust policy\nDescription:  The certificate trust policy was updated. The complete\nlist of certificates may be viewed at https://support.apple.com/en-\nus/HT202858. \n\nCFNetwork Cookies\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  An attacker in a privileged network position can track a\nuser\u0027s activity\nDescription:  A cross-domain cookie issue existed in the handling of\ntop level domains. The issue was address through improved\nrestrictions of cookie creation. \nCVE-ID\nCVE-2015-5885 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua\nUniversity\n\nCFNetwork FTPProtocol\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Malicious FTP servers may be able to cause the client to\nperform reconnaissance on other hosts\nDescription:  An issue existed in the handling of FTP packets when\nusing the PASV command. This issue was resolved through improved\nvalidation. \nCVE-ID\nCVE-2015-5912 : Amit Klein\n\nCFNetwork HTTPProtocol\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A maliciously crafted URL may be able to bypass HSTS and\nleak sensitive data\nDescription:  A URL parsing vulnerability existed in HSTS handling. \nThis issue was addressed through improved URL parsing. \nCVE-ID\nCVE-2015-5858 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua\nUniversity\n\nCFNetwork HTTPProtocol\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A malicious website may be able to track users in Safari\nprivate browsing mode\nDescription:  An issue existed in the handling of HSTS state in\nSafari private browsing mode. This issue was addressed through\nimproved state handling. \nCVE-ID\nCVE-2015-5860 : Sam Greenhalgh of RadicalResearch Ltd\n\nCFNetwork Proxies\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Connecting to a malicious web proxy may set malicious\ncookies for a website\nDescription:  An issue existed in the handling of proxy connect\nresponses. This issue was addressed by removing the set-cookie header\nwhile parsing the connect response. \nCVE-ID\nCVE-2015-5841 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua\nUniversity\n\nCFNetwork SSL\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  An attacker with a privileged network position may intercept\nSSL/TLS connections\nDescription:  A certificate validation issue existed in NSURL when a\ncertificate changed. This issue was addressed through improved\ncertificate validation. \nCVE-ID\nCVE-2015-5824 : Timothy J. Wood of The Omni Group\n\nCFNetwork SSL\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  An attacker may be able to decrypt data protected by SSL\nDescription:  There are known attacks on the confidentiality of RC4. \nAn attacker could force the use of RC4, even if the server preferred\nbetter ciphers, by blocking TLS 1.0 and higher connections until\nCFNetwork tried SSL 3.0, which only allows RC4. This issue was\naddressed by removing the fallback to SSL 3.0. \n\nCoreCrypto\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  An attacker may be able to determine a private key\nDescription:  By observing many signing or decryption attempts, an\nattacker may have been able to determine the RSA private key. This\nissue was addressed using improved encryption algorithms. \n\nCoreText\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription:  A memory corruption issue existed in the processing of\nfont files. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2015-5874 : John Villamil (@day6reak), Yahoo Pentest Team\n\nDev Tools\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  A memory corruption issue existed in dyld. This was\naddressed through improved memory handling. \nCVE-ID\nCVE-2015-5876 : beist of grayhash\n\nDev Tools\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  An application may be able to bypass code signing\nDescription:  An issue existed with validation of the code signature\nof executables. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2015-5839 : @PanguTeam\n\nDisk Images\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to execute arbitrary code with\nsystem privileges\nDescription:  A memory corruption issue existed in DiskImages. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-5847 : Filippo Bigarella, Luca Todesco\n\ndyld\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  An application may be able to bypass code signing\nDescription:  An issue existed with validation of the code signature\nof executables. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2015-5839 : TaiG Jailbreak Team\n\nEFI\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A malicious application can prevent some systems from\nbooting\nDescription:  An issue existed with the addresses covered by the\nprotected range register. This issue was fixed by changing the\nprotected range. \nCVE-ID\nCVE-2015-5900 : Xeno Kovah \u0026 Corey Kallenberg from LegbaCore\n\nEFI\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A malicious Apple Ethernet Thunderbolt adapter may be able\nto affect firmware flashing\nDescription:  Apple Ethernet Thunderbolt adapters could modify the\nhost firmware if connected during an EFI update. This issue was\naddressed by not loading option ROMs during updates. \nCVE-ID\nCVE-2015-5914 : Trammell Hudson of Two Sigma Investments and snare\n\nFinder\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  The \"Secure Empty Trash\" feature may not securely delete\nfiles placed in the Trash\nDescription:  An issue existed in guaranteeing secure deletion of\nTrash files on some systems, such as those with flash storage. This\nissue was addressed by removing the \"Secure Empty Trash\" option. \nCVE-ID\nCVE-2015-5901 : Apple\n\nGame Center\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A malicious Game Center application may be able to access a\nplayer\u0027s email address\nDescription:  An issue existed in Game Center in the handling of a\nplayer\u0027s email. This issue was addressed through improved access\nrestrictions. \nCVE-ID\nCVE-2015-5855 : Nasser Alnasser\n\nHeimdal\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  An attacker may be able to replay Kerberos credentials to\nthe SMB server\nDescription:  An authentication issue existed in Kerberos\ncredentials. This issue was addressed through additional validation\nof credentials using a list of recently seen credentials. \nCVE-ID\nCVE-2015-5913 : Tarun Chopra of Microsoft Corporation, U.S. and Yu\nFan of Microsoft Corporation, China\n\nICU\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Multiple vulnerabilities in ICU\nDescription:  Multiple vulnerabilities existed in ICU versions prior\nto 53.1.0. These issues were addressed by updating ICU to version\n55.1. \nCVE-ID\nCVE-2014-8146\nCVE-2014-8147\nCVE-2015-5922\n\nInstall Framework Legacy\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to gain root privileges\nDescription:  A restriction issue existed in the Install private\nframework containing a privileged executable. This issue was\naddressed by removing the executable. \nCVE-ID\nCVE-2015-5888 : Apple\n\nIntel Graphics Driver\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to execute arbitrary code with\nsystem privileges\nDescription:  Multiple memory corruption issues existed in the Intel\nGraphics Driver. These issues were addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-5830 : Yuki MIZUNO (@mzyy94)\nCVE-2015-5877 : Camillus Gerard Cai\n\nIOAudioFamily\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to determine kernel memory layout\nDescription:  An issue existed in IOAudioFamily that led to the\ndisclosure of kernel memory content. This issue was addressed by\npermuting kernel pointers. \nCVE-ID\nCVE-2015-5864 : Luca Todesco\n\nIOGraphics\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  Multiple memory corruption issues existed in the\nkernel. These issues were addressed through improved memory handling. \nCVE-ID\nCVE-2015-5871 : Ilja van Sprundel of IOActive\nCVE-2015-5872 : Ilja van Sprundel of IOActive\nCVE-2015-5873 : Ilja van Sprundel of IOActive\nCVE-2015-5890 : Ilja van Sprundel of IOActive\n\nIOGraphics\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A malicious application may be able to determine kernel\nmemory layout\nDescription:  An issue existed in IOGraphics which could have led to\nthe disclosure of kernel memory layout. This issue was addressed\nthrough improved memory management. \nCVE-ID\nCVE-2015-5865 : Luca Todesco\n\nIOHIDFamily\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  Multiple memory corruption issues existed in\nIOHIDFamily. These issues were addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-5866 : Apple\nCVE-2015-5867 : moony li of Trend Micro\n\nIOStorageFamily\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local attacker may be able to read kernel memory\nDescription:  A memory initialization issue existed in the kernel. \nThis issue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-5863 : Ilja van Sprundel of IOActive\n\nKernel\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  Multiple memory corruption issues existed in the\nKernel. These issues were addressed through improved memory handling. \nCVE-ID\nCVE-2015-5868 : Cererdlong of Alibaba Mobile Security Team\nCVE-2015-5896 : Maxime Villard of m00nbsd\nCVE-2015-5903 : CESG\n\nKernel\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local process can modify other processes without\nentitlement checks\nDescription:  An issue existed where root processes using the\nprocessor_set_tasks API were allowed to retrieve the task ports of\nother processes. This issue was addressed through additional\nentitlement checks. \nCVE-ID\nCVE-2015-5882 : Pedro Vilaca, working from original research by\nMing-chieh Pan and Sung-ting Tsai; Jonathan Levin\n\nKernel\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local attacker may control the value of stack cookies\nDescription:  Multiple weaknesses existed in the generation of user\nspace stack cookies. These issues were addressed through improved\ngeneration of stack cookies. \nCVE-ID\nCVE-2013-3951 : Stefan Esser\n\nKernel\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  An attacker may be able to launch denial of service attacks\non targeted TCP connections without knowing the correct sequence\nnumber\nDescription:  An issue existed in xnu\u0027s validation of TCP packet\nheaders. This issue was addressed through improved TCP packet header\nvalidation. \nCVE-ID\nCVE-2015-5879 : Jonathan Looney\n\nKernel\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  An attacker in a local LAN segment may disable IPv6 routing\nDescription:  An insufficient validation issue existed in the\nhandling of IPv6 router advertisements that allowed an attacker to\nset the hop limit to an arbitrary value. This issue was addressed by\nenforcing a minimum hop limit. \nCVE-ID\nCVE-2015-5869 : Dennis Spindel Ljungmark\n\nKernel\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to determine kernel memory layout\nDescription:  An issue existed that led to the disclosure of kernel\nmemory layout. This was addressed through improved initialization of\nkernel memory structures. \nCVE-ID\nCVE-2015-5842 : beist of grayhash\n\nKernel\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to determine kernel memory layout\nDescription:  An issue existed in debugging interfaces that led to\nthe disclosure of memory content. This issue was addressed by\nsanitizing output from debugging interfaces. \nCVE-ID\nCVE-2015-5870 : Apple\n\nKernel\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to cause a system denial of service\nDescription:  A state management issue existed in debugging\nfunctionality. This issue was addressed through improved validation. \nCVE-ID\nCVE-2015-5902 : Sergi Alvarez (pancake) of NowSecure Research Team\n\nlibc\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  A memory corruption issue existed in the kernel. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2014-8611 : Adrian Chadd and Alfred Perlstein of Norse\nCorporation\n\nlibpthread\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  A memory corruption issue existed in the kernel. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-5899 : Lufeng Li of Qihoo 360 Vulcan Team\n\nlibxpc\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Many SSH connections could cause a denial of service\nDescription:  launchd had no limit on the number of processes that\ncould be started by a network connection. This issue was addressed by\nlimiting the number of SSH processes to 40. \nCVE-ID\nCVE-2015-5881 : Apple\n\nLogin Window\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  The screen lock may not engage after the specified time\nperiod\nDescription:  An issue existed with captured display locking. The\nissue was addressed through improved lock handling. \nCVE-ID\nCVE-2015-5833 : Carlos Moreira, Rainer Dorau of rainer dorau\ninformationsdesign, Chris Nehren, Kai Takac, Hans Douma, Toni\nVaahtera, and an anonymous researcher\n\nlukemftpd\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A remote attacker may be able to deny service to the FTP\nserver\nDescription:  A glob-processing issue existed in tnftpd. This issue\nwas addressed through improved glob validation. \nCVE-ID\nCVE-2015-5917 : Maksymilian Arciemowicz of cxsecurity.com\n\nMail\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Printing an email may leak sensitive user information\nDescription:  An issue existed in Mail which bypassed user\npreferences when printing an email. This issue was addressed through\nimproved user preference enforcement. \nCVE-ID\nCVE-2015-5881 : Owen DeLong of Akamai Technologies, Noritaka Kamiya,\nDennis Klein from Eschenburg, Germany, Jeff Hammett of Systim\nTechnology Partners\n\nMail\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  An attacker in a privileged network position may be able to\nintercept attachments of S/MIME-encrypted e-mail sent via Mail Drop\nDescription:  An issue existed in handling encryption parameters for\nlarge email attachments sent via Mail Drop. The issue is addressed by\nno longer offering Mail Drop when sending an encrypted e-mail. \nCVE-ID\nCVE-2015-5884 : John McCombs of Integrated Mapping Ltd\n\nMultipeer Connectivity\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local attacker may be able to observe unprotected\nmultipeer data\nDescription:  An issue existed in convenience initializer handling in\nwhich encryption could be actively downgraded to a non-encrypted\nsession. This issue was addressed by changing the convenience\ninitializer to require encryption. \nCVE-ID\nCVE-2015-5851 : Alban Diquet (@nabla_c0d3) of Data Theorem\n\nNetworkExtension\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A malicious application may be able to determine kernel\nmemory layout\nDescription:  An uninitialized memory issue in the kernel led to the\ndisclosure of kernel memory content. This issue was addressed through\nimproved memory initialization. \nCVE-ID\nCVE-2015-5831 : Maxime Villard of m00nbsd\n\nNotes\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to leak sensitive user information\nDescription:  An issue existed in parsing links in the Notes\napplication. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2015-5878 : Craig Young of Tripwire VERT, an anonymous researcher\n\nNotes\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to leak sensitive user information\nDescription:  A cross-site scripting issue existed in parsing text by\nthe Notes application. This issue was addressed through improved\ninput validation. \nCVE-ID\nCVE-2015-5875 : xisigr of Tencent\u0027s Xuanwu LAB (www.tencent.com)\n\nOpenSSH\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Multiple vulnerabilities in OpenSSH\nDescription:  Multiple vulnerabilities existed in OpenSSH versions\nprior to 6.9. These issues were addressed by updating OpenSSH to\nversion 6.9. \nCVE-ID\nCVE-2014-2532\n\nOpenSSL\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Multiple vulnerabilities in OpenSSL\nDescription:  Multiple vulnerabilities existed in OpenSSL versions\nprior to 0.9.8zg. These were addressed by updating OpenSSL to version\n0.9.8zg. \nCVE-ID\nCVE-2015-0286\nCVE-2015-0287\n\nprocmail\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Multiple vulnerabilities in procmail\nDescription:  Multiple vulnerabilities existed in procmail versions\nprior to 3.22. These issues were addressed by removing procmail. \nCVE-ID\nCVE-2014-3618\n\nremote_cmds\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to execute arbitrary code with root\nprivileges\nDescription:  An issue existed in the usage of environment variables\nby the rsh binary. This issue was addressed by dropping setuid\nprivileges from the rsh binary. \nCVE-ID\nCVE-2015-5889 : Philip Pettersson\n\nremovefile\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Processing malicious data may lead to unexpected application\ntermination\nDescription:  An overflow fault existed in the checkint division\nroutines. This issue was addressed with improved division routines. \nCVE-ID\nCVE-2015-5840 : an anonymous researcher\n\nRuby\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Multiple vulnerabilities in Ruby\nDescription:  Multiple vulnerabilities existed in Ruby versions prior\nto 2.0.0p645. These were addressed by updating Ruby to version\n2.0.0p645. \nCVE-ID\nCVE-2014-8080\nCVE-2014-8090\nCVE-2015-1855\n\nSecurity\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  The lock state of the keychain may be incorrectly displayed\nto the user\nDescription:  A state management issue existed in the way keychain\nlock status was tracked. This issue was addressed through improved\nstate management. \nCVE-ID\nCVE-2015-5915 : Peter Walz of University of Minnesota, David Ephron,\nEric E. Lawrence, Apple\n\nSecurity\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A trust evaluation configured to require revocation checking\nmay succeed even if revocation checking fails\nDescription:  The kSecRevocationRequirePositiveResponse flag was\nspecified but not implemented. This issue was addressed by\nimplementing the flag. \nCVE-ID\nCVE-2015-5894 : Hannes Oud of kWallet GmbH\n\nSecurity\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A remote server may prompt for a certificate before\nidentifying itself\nDescription:  Secure Transport accepted the CertificateRequest\nmessage before the ServerKeyExchange message. This issue was\naddressed by requiring the ServerKeyExchange first. \nCVE-ID\nCVE-2015-5887 : Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine\nDelignat-Lavaud, Alfredo Pironti, and Jean Karim Zinzindohoue of\nINRIA Paris-Rocquencourt, and Cedric Fournet and Markulf Kohlweiss of\nMicrosoft Research, Pierre-Yves Strub of IMDEA Software Institute\n\nSMB\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  A memory corruption issue existed in the kernel. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-5891 : Ilja van Sprundel of IOActive\n\nSMB\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local user may be able to determine kernel memory layout\nDescription:  An issue existed in SMBClient that led to the\ndisclosure of kernel memory content. This issue was addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2015-5893 : Ilja van Sprundel of IOActive\n\nSQLite\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Multiple vulnerabilities in SQLite v3.8.5\nDescription:  Multiple vulnerabilities existed in SQLite v3.8.5. \nThese issues were addressed by updating SQLite to version 3.8.10.2. \nCVE-ID\nCVE-2015-3414\nCVE-2015-3415\nCVE-2015-3416\n\nTelephony\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local attacker can place phone calls without the user\u0027s\nknowledge when using Continuity\nDescription:  An issue existed in the authorization checks for\nplacing phone calls. This issue was addressed through improved\nauthorization checks. \nCVE-ID\nCVE-2015-3785 : Dan Bastone of Gotham Digital Science\n\nTerminal\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Maliciously crafted text could mislead the user in Terminal\nDescription:  Terminal did not handle bidirectional override\ncharacters in the same way when displaying text and when selecting\ntext. This issue was addressed by suppressing bidirectional override\ncharacters in Terminal. \nCVE-ID\nCVE-2015-5883 : an anonymous researcher\n\ntidy\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription:  Multiple memory corruption issues existed in tidy. \nThese issues were addressed through improved memory handling. \nCVE-ID\nCVE-2015-5522 : Fernando Munoz of NULLGroup.com\nCVE-2015-5523 : Fernando Munoz of NULLGroup.com\n\nTime Machine\nAvailable for:  Mac OS X v10.6.8 and later\nImpact:  A local attacker may gain access to keychain items\nDescription:  An issue existed in backups by the Time Machine\nframework. This issue was addressed through improved coverage of Time\nMachine backups. \nCVE-ID\nCVE-2015-5854 : Jonas Magazinius of Assured AB\n\nNote:  OS X El Capitan 10.11 includes the security content of\nSafari 9: https://support.apple.com/kb/HT205265. \n\nOS X El Capitan 10.11 may be obtained from the Mac App Store:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBCAAGBQJWDB2wAAoJEBcWfLTuOo7t0sYP/2L3JOGPkHH8XUh2YHpu5qaw\nS5F2v+SRpWleKQBVsGZ7oA8PV0rBTzEkzt8K1tNxYmxEqL9f/TpRiGoforn89thO\n/hOtmVOfUcBjPZ4XKwMVzycfSMC9o6LxWTLEKDVylE+F+5jkXafOC9QaqD11dxX6\nQhENkpS1BwrKhyaSVxEcgBQtZM9aTsVdZ78rTCb9XTn6gDnvs8NfIQquFOnaQT54\nYJ36e5UcUsnyBIol+yGDbC3ZEhzSVIGE5/8/NFlFfRXLgnJArxD8lqz8WdfU9fop\nhpT/dDqqAdYbRcW1ihcG1haiNHgP9yQCY5jRNfttb+Tc/kIi/QmPkEO0QS8Ygt/O\nc3sUbNulr1LCinymFVwx16CM1DplGS/GmBL18BAEBnL6yi9tEhYDynZWLSEa37VR\n8q802rXRSF10Wct9/kEeR4HgY/1k0KK/4Uddm3c0YyOU21ya7NAhoHGwmDa9g11r\nN1TniOK8tPiCGjRNOJwuF6DKxD9L3Fv44bVlxAarGUGYkICqzaNS+bgKI1aQNahT\nfJ91x5uKD4+L9v9c5slkoDIvWqIhO9oyuxgnmC5GstkwFplFXSOklLkTktjLGNn1\nnJq8cPnZ/3E1RXTEwVhGljYw5pdZHNx98XmLomGrPqVlZfjGURK+5AXdf2pOlt2e\ng6jld/w5tPuCFhGucE7Z\n=XciV\n-----END PGP SIGNATURE-----\n. Independently operating for three\ngenerations, WAGO is the global leader of spring pressure electrical\ninterconnect and automation solutions. For more than 60 years, WAGO has\ndeveloped and produced innovative products for packaging, transportation,\nprocess, industrial and building automation markets amongst others. Aside from\nits innovations in spring pressure connection technology, WAGO has introduced\nnumerous innovations that have revolutionized industry. \nFurthermore, hardcoded password hashes and credentials were also found by doing\nan automated scan with IoT Inspector. The validity of the password hashes and the embedded keys were\nalso verified by emulating the device. The outdated version was found by IoT Inspector. The outdated version was found by IoT Inspector. \n\n3) Hardcoded Credentials (CVE-2019-12550)\nThe device contains hardcoded users and passwords which can be used to login\nvia SSH and Telnet. \n\n4) Embedded Private Keys (CVE-2019-12549)\nThe device contains hardcoded private keys for the SSH daemon. The fingerprint\nof the SSH host key from the corresponding SSH daemon matches to the embedded\nprivate key. A file with the name \"\\ectest\\n\\e]55;test.txt\\a\" was created\nto trigger the vulnerability. \n\n\n3) Hardcoded Credentials (CVE-2019-12550)\nThe following credentials were found in the \u0027passwd\u0027 file of the firmware:\n\u003cPassword Hash\u003e                                 \u003cPlaintext\u003e         \u003cUser\u003e\n\u003cremoved\u003e                                       \u003cremoved\u003e            root\nNo password is set for the account              [EMPTY PASSWORD]     admin\n\nBy using these credentials, it\u0027s possible to connect via Telnet and SSH on the\nemulated device. Example for Telnet:\n-------------------------------------------------------------------------------\n[root@localhost ~]# telnet 192.168.0.133\nTrying 192.168.0.133... \nConnected to 192.168.0.133. \nEscape character is \u0027^]\u0027. \n\nL2SWITCH login: root\nPassword:\n~ #\n-------------------------------------------------------------------------------\nExample for SSH:\n-------------------------------------------------------------------------------\n[root@localhost ~]# ssh 192.168.0.133\nroot@192.168.0.133\u0027s password:\n~ #\n-------------------------------------------------------------------------------\n\n\n4) Embedded Private Keys (CVE-2019-12549)\nThe following host key fingerprint is shown by accessing the SSH daemon on\nthe emulated device:\n\n[root@localhost ~]# ssh 192.168.0.133\nThe authenticity of host \u0027192.168.0.133 (192.168.0.133)\u0027 can\u0027t be established. \nRSA key fingerprint is SHA256:X5Vr0/x0/j62N/aqZmHz96ojwl8x/I8mfzuT8o6uZso. \nRSA key fingerprint is MD5:2e:65:85:fc:45:04:bd:68:30:74:51:45:7d:2f:95:e2. \n\nThis matches the embedded private key (which has been removed from this advisory):\nSSH Fingerprint: 2e:65:85:fc:45:04:bd:68:30:74:51:45:7d:2f:95:e2\n\n\nVulnerable / tested versions:\n-----------------------------\nAccording to the vendor, the following versions are affected:\n* 852-303: \u003cv1.2.2.S0\n* 852-1305: \u003cv1.1.6.S0\n* 852-1505: \u003cv1.1.5.S0\n\n\nVendor contact timeline:\n------------------------\n2019-03-12: Contacting VDE CERT through info@cert.vde.com, received confirmation\n2019-03-26: Asking for a status update, VDE CERT is still waiting for details\n2019-03-28: VDE CERT requests information from WAGO again\n2019-04-09: Asking for a status update\n2019-04-11: VDE CERT: patched firmware release planned for end of May, requested\n            postponement of advisory release\n2019-04-16: VDE CERT: update regarding affected firmware versions\n2019-04-24: Confirming advisory release for beginning of June\n2019-05-20: Asking for a status update\n2019-05-22: VDE CERT: no news from WAGO yet, 5th June release date\n2019-05-29: Asking for a status update\n2019-05-29: VDE CERT: detailed answer from WAGO, patches will be published\n            on 7th June, SEC Consult proposes new advisory release date for\n            12th June\n2019-06-07: VDE CERT provides security advisory information from WAGO;\n            WAGO releases security patches\n2019-06-12: Coordinated release of security advisory\n\n\nSolution:\n---------\nThe vendor provides patches to their customers at their download page. The\nfollowing versions fix the issues:\n* 852-303: v1.2.2.S0\n* 852-1305: v1.1.6.S0\n* 852-1505: v1.1.5.S0\n\nAccording to the vendor, busybox and glibc have been updated and the embedded\nprivate keys are being newly generated upon first boot and after a factory reset. \nThe root login via Telnet and SSH has been disabled and the admin account is\ndocumented and can be changed by the customer. \n\n\n\nWorkaround:\n-----------\nRestrict network access to the device \u0026 SSH server. Weber / @2019\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04602055\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04602055\nVersion: 1\n\nHPSBHF03289 rev.1- HP ThinClient PCs running ThinPro Linux, Remote Code\nExecution, Denial of Service, Disclosure of information\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2015-03-20\nLast Updated: 2015-03-20\n\nPotential Security Impact: Remote code execution, denial of service,\ndisclosure of information\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability has been identified with HP ThinPro Linux\nThis is the glibc vulnerability known as \"GHOST\", which could be exploited\nremotely to allow execution of arbitrary code. This update also addresses\nother vulnerabilities in SSL that would remotely allow denial of service,\ndisclosure of information and other vulnerabilities. \n\nReferences:\n\nCVE-2015-0235 (SSRT101953)\nCVE-2014-3569\nCVE-2014-3570\nCVE-2014-3571\nCVE-2014-3572\nCVE-2014-8275\nCVE-2015-0204\nCVE-2015-0205\nCVE-2015-0206\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\nHP ThinPro Linux (x86) v5.1\nHP ThinPro Linux (x86) v5.0\nHP ThinPro Linux (x86) v4.4\nHP ThinPro Linux (x86) v4.3\nHP ThinPro Linux (x86) v4.2\nHP ThinPro Linux (x86) v4.1\nHP ThinPro Linux (ARM) v4.4\nHP ThinPro Linux (ARM) v4.3\nHP ThinPro Linux (ARM) v4.2\nHP ThinPro Linux (ARM) v4.1\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2014-3569    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2014-3570    (AV:N/AC:L/Au:N/C:P/I:N/A:N)        5.0\nCVE-2014-3571    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2014-3572    (AV:N/AC:L/Au:N/C:N/I:P/A:N)        5.0\nCVE-2014-8275    (AV:N/AC:L/Au:N/C:N/I:P/A:N)        5.0\nCVE-2015-0204    (AV:N/AC:L/Au:N/C:N/I:P/A:N)        5.0\nCVE-2015-0205    (AV:N/AC:L/Au:N/C:N/I:P/A:N)        5.0\nCVE-2015-0206    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-0235    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has released the following software updates to resolve the vulnerability\nfor HP ThinPro Linux. \n\nSoftpaq:\nhttp://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe\n\nEasy Update Via ThinPro / EasyUpdate (x86):\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all-\n4.4-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all-\n5.0-5.1-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all-\n5.0-5.1-x86.xar\n\nVia ThinPro / EasyUpdate (ARM):\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all-\n4.4-armel.xar\n\nNote: Known issue on security-sp-2.0-all-4.1-4.3-arm.xar: With the patch\napplied, VMware cannot connect if security level is set to \"Refuse insecure\nconnections\". Updating VMware to the latest package on ftp.hp.com will solve\nthe problem. \n\nHISTORY\nVersion:1 (rev.1) - 20 March 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\n    The original glibc bug was reported by Peter Klotz. \n\nCVE-2014-7817\n\n    Tim Waugh of Red Hat discovered that the WRDE_NOCMD option of the\n    wordexp function did not suppress command execution in all cases. \n    This allows a context-dependent attacker to execute shell\n    commands. \n\nCVE-2012-6656\nCVE-2014-6040\n\n    The charset conversion code for certain IBM multi-byte code pages\n    could perform an out-of-bounds array access, causing the process\n    to crash.  In some scenarios, this allows a remote attacker to\n    cause a persistent denial of service. \n\nFor the upcoming stable distribution (jessie) and the unstable\ndistribution (sid), the CVE-2015-0235 issue has been fixed in version\n2.18-1 of the glibc package. \n\nWe recommend that you upgrade your eglibc packages. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235\n https://rhn.redhat.com/errata/RHSA-2015-0092.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 1/X86_64:\n 678efef85b85206451ef8927bad808e0  mbs1/x86_64/glibc-2.14.1-12.11.mbs1.x86_64.rpm\n 46cd508f03e36c1e4f752c317852ec8e  mbs1/x86_64/glibc-devel-2.14.1-12.11.mbs1.x86_64.rpm\n 069302c80e3b79504e2b0eaaa72c2745  mbs1/x86_64/glibc-doc-2.14.1-12.11.mbs1.noarch.rpm\n 3a841c0295823354655dd3e7734ada0b  mbs1/x86_64/glibc-doc-pdf-2.14.1-12.11.mbs1.noarch.rpm\n 11a672a0b4bae77c7adfa803bea9871f  mbs1/x86_64/glibc-i18ndata-2.14.1-12.11.mbs1.x86_64.rpm\n d3f113ccec4f18e4bb08c951625e51d7  mbs1/x86_64/glibc-profile-2.14.1-12.11.mbs1.x86_64.rpm\n f6d6aa5806dd747e66996ea8cc01c9b4  mbs1/x86_64/glibc-static-devel-2.14.1-12.11.mbs1.x86_64.rpm\n 98cc6eae0234eeed945712bbc8b2c0ea  mbs1/x86_64/glibc-utils-2.14.1-12.11.mbs1.x86_64.rpm\n bf6f2fcc3dd21bd8380aac40e91bb802  mbs1/x86_64/nscd-2.14.1-12.11.mbs1.x86_64.rpm \n f597e4d6241c76701733d730e84f5714  mbs1/SRPMS/glibc-2.14.1-12.11.mbs1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Critical: glibc security update\nAdvisory ID:       RHSA-2015:0092-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2015-0092.html\nIssue date:        2015-01-27\nCVE Names:         CVE-2015-0235 \n=====================================================================\n\n1. Summary:\n\nUpdated glibc packages that fix one security issue are now available for\nRed Hat Enterprise Linux 6 and 7. \n\nRed Hat Product Security has rated this update as having Critical security\nimpact. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available from the CVE link in the\nReferences section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread\nlibraries (libpthread), standard math libraries (libm), and the Name\nServer Caching Daemon (nscd) used by multiple programs on the system. \nWithout these libraries, the Linux system cannot function correctly. (CVE-2015-0235)\n\nRed Hat would like to thank Qualys for reporting this issue. \n\nAll glibc users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nglibc-2.12-1.149.el6_6.5.src.rpm\n\ni386:\nglibc-2.12-1.149.el6_6.5.i686.rpm\nglibc-common-2.12-1.149.el6_6.5.i686.rpm\nglibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm\nglibc-devel-2.12-1.149.el6_6.5.i686.rpm\nglibc-headers-2.12-1.149.el6_6.5.i686.rpm\nglibc-utils-2.12-1.149.el6_6.5.i686.rpm\nnscd-2.12-1.149.el6_6.5.i686.rpm\n\nx86_64:\nglibc-2.12-1.149.el6_6.5.i686.rpm\nglibc-2.12-1.149.el6_6.5.x86_64.rpm\nglibc-common-2.12-1.149.el6_6.5.x86_64.rpm\nglibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm\nglibc-debuginfo-2.12-1.149.el6_6.5.x86_64.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.5.x86_64.rpm\nglibc-devel-2.12-1.149.el6_6.5.i686.rpm\nglibc-devel-2.12-1.149.el6_6.5.x86_64.rpm\nglibc-headers-2.12-1.149.el6_6.5.x86_64.rpm\nglibc-utils-2.12-1.149.el6_6.5.x86_64.rpm\nnscd-2.12-1.149.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nglibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm\nglibc-static-2.12-1.149.el6_6.5.i686.rpm\n\nx86_64:\nglibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm\nglibc-debuginfo-2.12-1.149.el6_6.5.x86_64.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.5.x86_64.rpm\nglibc-static-2.12-1.149.el6_6.5.i686.rpm\nglibc-static-2.12-1.149.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nglibc-2.12-1.149.el6_6.5.src.rpm\n\nx86_64:\nglibc-2.12-1.149.el6_6.5.i686.rpm\nglibc-2.12-1.149.el6_6.5.x86_64.rpm\nglibc-common-2.12-1.149.el6_6.5.x86_64.rpm\nglibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm\nglibc-debuginfo-2.12-1.149.el6_6.5.x86_64.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.5.x86_64.rpm\nglibc-devel-2.12-1.149.el6_6.5.i686.rpm\nglibc-devel-2.12-1.149.el6_6.5.x86_64.rpm\nglibc-headers-2.12-1.149.el6_6.5.x86_64.rpm\nglibc-utils-2.12-1.149.el6_6.5.x86_64.rpm\nnscd-2.12-1.149.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nglibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm\nglibc-debuginfo-2.12-1.149.el6_6.5.x86_64.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.5.x86_64.rpm\nglibc-static-2.12-1.149.el6_6.5.i686.rpm\nglibc-static-2.12-1.149.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nglibc-2.12-1.149.el6_6.5.src.rpm\n\ni386:\nglibc-2.12-1.149.el6_6.5.i686.rpm\nglibc-common-2.12-1.149.el6_6.5.i686.rpm\nglibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm\nglibc-devel-2.12-1.149.el6_6.5.i686.rpm\nglibc-headers-2.12-1.149.el6_6.5.i686.rpm\nglibc-utils-2.12-1.149.el6_6.5.i686.rpm\nnscd-2.12-1.149.el6_6.5.i686.rpm\n\nppc64:\nglibc-2.12-1.149.el6_6.5.ppc.rpm\nglibc-2.12-1.149.el6_6.5.ppc64.rpm\nglibc-common-2.12-1.149.el6_6.5.ppc64.rpm\nglibc-debuginfo-2.12-1.149.el6_6.5.ppc.rpm\nglibc-debuginfo-2.12-1.149.el6_6.5.ppc64.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.5.ppc.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.5.ppc64.rpm\nglibc-devel-2.12-1.149.el6_6.5.ppc.rpm\nglibc-devel-2.12-1.149.el6_6.5.ppc64.rpm\nglibc-headers-2.12-1.149.el6_6.5.ppc64.rpm\nglibc-utils-2.12-1.149.el6_6.5.ppc64.rpm\nnscd-2.12-1.149.el6_6.5.ppc64.rpm\n\ns390x:\nglibc-2.12-1.149.el6_6.5.s390.rpm\nglibc-2.12-1.149.el6_6.5.s390x.rpm\nglibc-common-2.12-1.149.el6_6.5.s390x.rpm\nglibc-debuginfo-2.12-1.149.el6_6.5.s390.rpm\nglibc-debuginfo-2.12-1.149.el6_6.5.s390x.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.5.s390.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.5.s390x.rpm\nglibc-devel-2.12-1.149.el6_6.5.s390.rpm\nglibc-devel-2.12-1.149.el6_6.5.s390x.rpm\nglibc-headers-2.12-1.149.el6_6.5.s390x.rpm\nglibc-utils-2.12-1.149.el6_6.5.s390x.rpm\nnscd-2.12-1.149.el6_6.5.s390x.rpm\n\nx86_64:\nglibc-2.12-1.149.el6_6.5.i686.rpm\nglibc-2.12-1.149.el6_6.5.x86_64.rpm\nglibc-common-2.12-1.149.el6_6.5.x86_64.rpm\nglibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm\nglibc-debuginfo-2.12-1.149.el6_6.5.x86_64.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.5.x86_64.rpm\nglibc-devel-2.12-1.149.el6_6.5.i686.rpm\nglibc-devel-2.12-1.149.el6_6.5.x86_64.rpm\nglibc-headers-2.12-1.149.el6_6.5.x86_64.rpm\nglibc-utils-2.12-1.149.el6_6.5.x86_64.rpm\nnscd-2.12-1.149.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nglibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm\nglibc-static-2.12-1.149.el6_6.5.i686.rpm\n\nppc64:\nglibc-debuginfo-2.12-1.149.el6_6.5.ppc.rpm\nglibc-debuginfo-2.12-1.149.el6_6.5.ppc64.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.5.ppc.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.5.ppc64.rpm\nglibc-static-2.12-1.149.el6_6.5.ppc.rpm\nglibc-static-2.12-1.149.el6_6.5.ppc64.rpm\n\ns390x:\nglibc-debuginfo-2.12-1.149.el6_6.5.s390.rpm\nglibc-debuginfo-2.12-1.149.el6_6.5.s390x.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.5.s390.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.5.s390x.rpm\nglibc-static-2.12-1.149.el6_6.5.s390.rpm\nglibc-static-2.12-1.149.el6_6.5.s390x.rpm\n\nx86_64:\nglibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm\nglibc-debuginfo-2.12-1.149.el6_6.5.x86_64.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.5.x86_64.rpm\nglibc-static-2.12-1.149.el6_6.5.i686.rpm\nglibc-static-2.12-1.149.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nglibc-2.12-1.149.el6_6.5.src.rpm\n\ni386:\nglibc-2.12-1.149.el6_6.5.i686.rpm\nglibc-common-2.12-1.149.el6_6.5.i686.rpm\nglibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm\nglibc-devel-2.12-1.149.el6_6.5.i686.rpm\nglibc-headers-2.12-1.149.el6_6.5.i686.rpm\nglibc-utils-2.12-1.149.el6_6.5.i686.rpm\nnscd-2.12-1.149.el6_6.5.i686.rpm\n\nx86_64:\nglibc-2.12-1.149.el6_6.5.i686.rpm\nglibc-2.12-1.149.el6_6.5.x86_64.rpm\nglibc-common-2.12-1.149.el6_6.5.x86_64.rpm\nglibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm\nglibc-debuginfo-2.12-1.149.el6_6.5.x86_64.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.5.x86_64.rpm\nglibc-devel-2.12-1.149.el6_6.5.i686.rpm\nglibc-devel-2.12-1.149.el6_6.5.x86_64.rpm\nglibc-headers-2.12-1.149.el6_6.5.x86_64.rpm\nglibc-utils-2.12-1.149.el6_6.5.x86_64.rpm\nnscd-2.12-1.149.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nglibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm\nglibc-static-2.12-1.149.el6_6.5.i686.rpm\n\nx86_64:\nglibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm\nglibc-debuginfo-2.12-1.149.el6_6.5.x86_64.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.5.x86_64.rpm\nglibc-static-2.12-1.149.el6_6.5.i686.rpm\nglibc-static-2.12-1.149.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nglibc-2.17-55.el7_0.5.src.rpm\n\nx86_64:\nglibc-2.17-55.el7_0.5.i686.rpm\nglibc-2.17-55.el7_0.5.x86_64.rpm\nglibc-common-2.17-55.el7_0.5.x86_64.rpm\nglibc-debuginfo-2.17-55.el7_0.5.i686.rpm\nglibc-debuginfo-2.17-55.el7_0.5.x86_64.rpm\nglibc-debuginfo-common-2.17-55.el7_0.5.i686.rpm\nglibc-debuginfo-common-2.17-55.el7_0.5.x86_64.rpm\nglibc-devel-2.17-55.el7_0.5.i686.rpm\nglibc-devel-2.17-55.el7_0.5.x86_64.rpm\nglibc-headers-2.17-55.el7_0.5.x86_64.rpm\nglibc-utils-2.17-55.el7_0.5.x86_64.rpm\nnscd-2.17-55.el7_0.5.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nglibc-debuginfo-2.17-55.el7_0.5.i686.rpm\nglibc-debuginfo-2.17-55.el7_0.5.x86_64.rpm\nglibc-debuginfo-common-2.17-55.el7_0.5.i686.rpm\nglibc-debuginfo-common-2.17-55.el7_0.5.x86_64.rpm\nglibc-static-2.17-55.el7_0.5.i686.rpm\nglibc-static-2.17-55.el7_0.5.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nglibc-2.17-55.el7_0.5.src.rpm\n\nx86_64:\nglibc-2.17-55.el7_0.5.i686.rpm\nglibc-2.17-55.el7_0.5.x86_64.rpm\nglibc-common-2.17-55.el7_0.5.x86_64.rpm\nglibc-debuginfo-2.17-55.el7_0.5.i686.rpm\nglibc-debuginfo-2.17-55.el7_0.5.x86_64.rpm\nglibc-debuginfo-common-2.17-55.el7_0.5.i686.rpm\nglibc-debuginfo-common-2.17-55.el7_0.5.x86_64.rpm\nglibc-devel-2.17-55.el7_0.5.i686.rpm\nglibc-devel-2.17-55.el7_0.5.x86_64.rpm\nglibc-headers-2.17-55.el7_0.5.x86_64.rpm\nglibc-utils-2.17-55.el7_0.5.x86_64.rpm\nnscd-2.17-55.el7_0.5.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nglibc-debuginfo-2.17-55.el7_0.5.i686.rpm\nglibc-debuginfo-2.17-55.el7_0.5.x86_64.rpm\nglibc-debuginfo-common-2.17-55.el7_0.5.i686.rpm\nglibc-debuginfo-common-2.17-55.el7_0.5.x86_64.rpm\nglibc-static-2.17-55.el7_0.5.i686.rpm\nglibc-static-2.17-55.el7_0.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nglibc-2.17-55.el7_0.5.src.rpm\n\nppc64:\nglibc-2.17-55.el7_0.5.ppc.rpm\nglibc-2.17-55.el7_0.5.ppc64.rpm\nglibc-common-2.17-55.el7_0.5.ppc64.rpm\nglibc-debuginfo-2.17-55.el7_0.5.ppc.rpm\nglibc-debuginfo-2.17-55.el7_0.5.ppc64.rpm\nglibc-debuginfo-common-2.17-55.el7_0.5.ppc.rpm\nglibc-debuginfo-common-2.17-55.el7_0.5.ppc64.rpm\nglibc-devel-2.17-55.el7_0.5.ppc.rpm\nglibc-devel-2.17-55.el7_0.5.ppc64.rpm\nglibc-headers-2.17-55.el7_0.5.ppc64.rpm\nglibc-utils-2.17-55.el7_0.5.ppc64.rpm\nnscd-2.17-55.el7_0.5.ppc64.rpm\n\ns390x:\nglibc-2.17-55.el7_0.5.s390.rpm\nglibc-2.17-55.el7_0.5.s390x.rpm\nglibc-common-2.17-55.el7_0.5.s390x.rpm\nglibc-debuginfo-2.17-55.el7_0.5.s390.rpm\nglibc-debuginfo-2.17-55.el7_0.5.s390x.rpm\nglibc-debuginfo-common-2.17-55.el7_0.5.s390.rpm\nglibc-debuginfo-common-2.17-55.el7_0.5.s390x.rpm\nglibc-devel-2.17-55.el7_0.5.s390.rpm\nglibc-devel-2.17-55.el7_0.5.s390x.rpm\nglibc-headers-2.17-55.el7_0.5.s390x.rpm\nglibc-utils-2.17-55.el7_0.5.s390x.rpm\nnscd-2.17-55.el7_0.5.s390x.rpm\n\nx86_64:\nglibc-2.17-55.el7_0.5.i686.rpm\nglibc-2.17-55.el7_0.5.x86_64.rpm\nglibc-common-2.17-55.el7_0.5.x86_64.rpm\nglibc-debuginfo-2.17-55.el7_0.5.i686.rpm\nglibc-debuginfo-2.17-55.el7_0.5.x86_64.rpm\nglibc-debuginfo-common-2.17-55.el7_0.5.i686.rpm\nglibc-debuginfo-common-2.17-55.el7_0.5.x86_64.rpm\nglibc-devel-2.17-55.el7_0.5.i686.rpm\nglibc-devel-2.17-55.el7_0.5.x86_64.rpm\nglibc-headers-2.17-55.el7_0.5.x86_64.rpm\nglibc-utils-2.17-55.el7_0.5.x86_64.rpm\nnscd-2.17-55.el7_0.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nglibc-debuginfo-2.17-55.el7_0.5.ppc.rpm\nglibc-debuginfo-2.17-55.el7_0.5.ppc64.rpm\nglibc-debuginfo-common-2.17-55.el7_0.5.ppc.rpm\nglibc-debuginfo-common-2.17-55.el7_0.5.ppc64.rpm\nglibc-static-2.17-55.el7_0.5.ppc.rpm\nglibc-static-2.17-55.el7_0.5.ppc64.rpm\n\ns390x:\nglibc-debuginfo-2.17-55.el7_0.5.s390.rpm\nglibc-debuginfo-2.17-55.el7_0.5.s390x.rpm\nglibc-debuginfo-common-2.17-55.el7_0.5.s390.rpm\nglibc-debuginfo-common-2.17-55.el7_0.5.s390x.rpm\nglibc-static-2.17-55.el7_0.5.s390.rpm\nglibc-static-2.17-55.el7_0.5.s390x.rpm\n\nx86_64:\nglibc-debuginfo-2.17-55.el7_0.5.i686.rpm\nglibc-debuginfo-2.17-55.el7_0.5.x86_64.rpm\nglibc-debuginfo-common-2.17-55.el7_0.5.i686.rpm\nglibc-debuginfo-common-2.17-55.el7_0.5.x86_64.rpm\nglibc-static-2.17-55.el7_0.5.i686.rpm\nglibc-static-2.17-55.el7_0.5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nglibc-2.17-55.el7_0.5.src.rpm\n\nx86_64:\nglibc-2.17-55.el7_0.5.i686.rpm\nglibc-2.17-55.el7_0.5.x86_64.rpm\nglibc-common-2.17-55.el7_0.5.x86_64.rpm\nglibc-debuginfo-2.17-55.el7_0.5.i686.rpm\nglibc-debuginfo-2.17-55.el7_0.5.x86_64.rpm\nglibc-debuginfo-common-2.17-55.el7_0.5.i686.rpm\nglibc-debuginfo-common-2.17-55.el7_0.5.x86_64.rpm\nglibc-devel-2.17-55.el7_0.5.i686.rpm\nglibc-devel-2.17-55.el7_0.5.x86_64.rpm\nglibc-headers-2.17-55.el7_0.5.x86_64.rpm\nglibc-utils-2.17-55.el7_0.5.x86_64.rpm\nnscd-2.17-55.el7_0.5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nglibc-debuginfo-2.17-55.el7_0.5.i686.rpm\nglibc-debuginfo-2.17-55.el7_0.5.x86_64.rpm\nglibc-debuginfo-common-2.17-55.el7_0.5.i686.rpm\nglibc-debuginfo-common-2.17-55.el7_0.5.x86_64.rpm\nglibc-static-2.17-55.el7_0.5.i686.rpm\nglibc-static-2.17-55.el7_0.5.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-0235\nhttps://access.redhat.com/security/updates/classification/#critical\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFUx9bmXlSAg2UNWIIRAjP4AJ9/EPFLyhSuapG8Lie71zPk6VaF8wCfVAw2\nVIBda0hF+i0zAuST73ezXzI=\n=w5UI\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/glibc-2.17-i486-10_slack14.1.txz:  Rebuilt.  This flaw could allow local or remote attackers to take control\n  of a machine running a vulnerable version of glibc.  Thanks to Qualys for\n  discovering this issue (also known as the GHOST vulnerability.)\n  For more information, see:\n    https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235\n  (* Security fix *)\npatches/packages/glibc-i18n-2.17-i486-10_slack14.1.txz:  Rebuilt. \npatches/packages/glibc-profile-2.17-i486-10_slack14.1.txz:  Rebuilt. \npatches/packages/glibc-solibs-2.17-i486-10_slack14.1.txz:  Rebuilt. \npatches/packages/glibc-zoneinfo-2014j-noarch-1.txz:  Upgraded. \n  Upgraded to tzcode2014j and tzdata2014j. \n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/glibc-2.9-i486-7_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/glibc-i18n-2.9-i486-7_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/glibc-profile-2.9-i486-7_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/glibc-solibs-2.9-i486-7_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/glibc-zoneinfo-2014j-noarch-1.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/glibc-2.9-x86_64-7_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/glibc-i18n-2.9-x86_64-7_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/glibc-profile-2.9-x86_64-7_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/glibc-solibs-2.9-x86_64-7_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/glibc-zoneinfo-2014j-noarch-1.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-2.11.1-i486-9_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-i18n-2.11.1-i486-9_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-profile-2.11.1-i486-9_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-solibs-2.11.1-i486-9_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-zoneinfo-2014j-noarch-1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-2.11.1-x86_64-9_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-i18n-2.11.1-x86_64-9_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-profile-2.11.1-x86_64-9_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-solibs-2.11.1-x86_64-9_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-zoneinfo-2014j-noarch-1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/glibc-2.13-i486-8_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/glibc-i18n-2.13-i486-8_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/glibc-profile-2.13-i486-8_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/glibc-solibs-2.13-i486-8_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/glibc-zoneinfo-2014j-noarch-1.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/glibc-2.13-x86_64-8_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/glibc-i18n-2.13-x86_64-8_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/glibc-profile-2.13-x86_64-8_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/glibc-solibs-2.13-x86_64-8_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/glibc-zoneinfo-2014j-noarch-1.txz\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/glibc-2.15-i486-9_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/glibc-i18n-2.15-i486-9_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/glibc-profile-2.15-i486-9_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/glibc-solibs-2.15-i486-9_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/glibc-zoneinfo-2014j-noarch-1.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/glibc-2.15-x86_64-9_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/glibc-i18n-2.15-x86_64-9_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/glibc-profile-2.15-x86_64-9_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/glibc-solibs-2.15-x86_64-9_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/glibc-zoneinfo-2014j-noarch-1.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/glibc-2.17-i486-10_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/glibc-i18n-2.17-i486-10_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/glibc-profile-2.17-i486-10_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/glibc-solibs-2.17-i486-10_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/glibc-zoneinfo-2014j-noarch-1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/glibc-2.17-x86_64-10_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/glibc-i18n-2.17-x86_64-10_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/glibc-profile-2.17-x86_64-10_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/glibc-solibs-2.17-x86_64-10_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/glibc-zoneinfo-2014j-noarch-1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/glibc-solibs-2.20-i486-2.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/glibc-zoneinfo-2014j-noarch-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-2.20-i486-2.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-i18n-2.20-i486-2.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-profile-2.20-i486-2.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/glibc-solibs-2.20-x86_64-2.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/glibc-zoneinfo-2014j-noarch-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-2.20-x86_64-2.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-i18n-2.20-x86_64-2.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-profile-2.20-x86_64-2.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 packages:\n41402c65ebdef4b022c799131556ef7e  glibc-2.9-i486-7_slack13.0.txz\n7095e3cd743af0179ea14b9bff81e3f4  glibc-i18n-2.9-i486-7_slack13.0.txz\n901d50b809ed84837ff45b2ca7838bb3  glibc-profile-2.9-i486-7_slack13.0.txz\n421a711b7cf1be2df2421ae5cd50b217  glibc-solibs-2.9-i486-7_slack13.0.txz\n61278ba5a904a7474e9b0b64b0daab97  glibc-zoneinfo-2014j-noarch-1.txz\n\nSlackware x86_64 13.0 packages:\nd4266628a8db63751f3f55b8bc2e2162  glibc-2.9-x86_64-7_slack13.0.txz\nb6161a0e23da771c5c6903605e49e403  glibc-i18n-2.9-x86_64-7_slack13.0.txz\nb8026d61e3849cce26539def0b665ca3  glibc-profile-2.9-x86_64-7_slack13.0.txz\n1f7f4cf57d44d75d4ef2786152f33403  glibc-solibs-2.9-x86_64-7_slack13.0.txz\n61278ba5a904a7474e9b0b64b0daab97  glibc-zoneinfo-2014j-noarch-1.txz\n\nSlackware 13.1 packages:\n03e0d0224efe8bc794b5be0454612a1e  glibc-2.11.1-i486-9_slack13.1.txz\nfabbdd8d7f14667c7a2dc7ede87b5510  glibc-i18n-2.11.1-i486-9_slack13.1.txz\n1c1d86a9dabe329c3d30796188b66ebe  glibc-profile-2.11.1-i486-9_slack13.1.txz\ne2ebe08bb02550c69202a6f973ef7e47  glibc-solibs-2.11.1-i486-9_slack13.1.txz\n61278ba5a904a7474e9b0b64b0daab97  glibc-zoneinfo-2014j-noarch-1.txz\n\nSlackware x86_64 13.1 packages:\nc00de492a4842e3a86101028e8cc03f0  glibc-2.11.1-x86_64-9_slack13.1.txz\n9657c55f39b233333e48d08acee9ed78  glibc-i18n-2.11.1-x86_64-9_slack13.1.txz\nada2d7f7b7ffdfd7a4407696ad714e48  glibc-profile-2.11.1-x86_64-9_slack13.1.txz\nb3c393e74aafbb5276cea1217dfcd1aa  glibc-solibs-2.11.1-x86_64-9_slack13.1.txz\n61278ba5a904a7474e9b0b64b0daab97  glibc-zoneinfo-2014j-noarch-1.txz\n\nSlackware 13.37 packages:\n16615e6ef8311b928e3a05e0b7f3e505  glibc-2.13-i486-8_slack13.37.txz\n319dfc0cbdaf8410981195fffb1371c6  glibc-i18n-2.13-i486-8_slack13.37.txz\n6964339495ab981d17ba27cd5878a400  glibc-profile-2.13-i486-8_slack13.37.txz\n1834abd11fab02725e897040bbead56f  glibc-solibs-2.13-i486-8_slack13.37.txz\n61278ba5a904a7474e9b0b64b0daab97  glibc-zoneinfo-2014j-noarch-1.txz\n\nSlackware x86_64 13.37 packages:\n1753003d261831ac235445e23a9f9870  glibc-2.13-x86_64-8_slack13.37.txz\n8aa103984bb2cb293072a022dd9144f2  glibc-i18n-2.13-x86_64-8_slack13.37.txz\na56e90a34eec8f60e265c45d05490a57  glibc-profile-2.13-x86_64-8_slack13.37.txz\nc6f684ea049e4091b96d15606eb454d1  glibc-solibs-2.13-x86_64-8_slack13.37.txz\n61278ba5a904a7474e9b0b64b0daab97  glibc-zoneinfo-2014j-noarch-1.txz\n\nSlackware 14.0 packages:\na2fadb666bfdf5c7c4c9792cbf34785d  glibc-2.15-i486-9_slack14.0.txz\n3b3626f4a170a603af36ca60c7840fa6  glibc-i18n-2.15-i486-9_slack14.0.txz\nad237d138bb874e57c4080071d27e798  glibc-profile-2.15-i486-9_slack14.0.txz\nf07d37e52014cec80e43d883eda516ae  glibc-solibs-2.15-i486-9_slack14.0.txz\n61278ba5a904a7474e9b0b64b0daab97  glibc-zoneinfo-2014j-noarch-1.txz\n\nSlackware x86_64 14.0 packages:\na5d02d71a230b6daa39d2ebefd8a6548  glibc-2.15-x86_64-9_slack14.0.txz\n62c30b615e38ba63cafb8053383eabde  glibc-i18n-2.15-x86_64-9_slack14.0.txz\n152d094ab6bc4c7f763dd4ad1a53784c  glibc-profile-2.15-x86_64-9_slack14.0.txz\nb256163bb179d1aebfda5f45270a0580  glibc-solibs-2.15-x86_64-9_slack14.0.txz\n61278ba5a904a7474e9b0b64b0daab97  glibc-zoneinfo-2014j-noarch-1.txz\n\nSlackware 14.1 packages:\n8f2fb91bb39d8a1db3bd6510295e6b1e  glibc-2.17-i486-10_slack14.1.txz\n8d179820a827a4dce028b57d3fa39237  glibc-i18n-2.17-i486-10_slack14.1.txz\n19a4824c6ff8792a1166a38ceff824e0  glibc-profile-2.17-i486-10_slack14.1.txz\n417dede2ae464059002b6fcc2048f942  glibc-solibs-2.17-i486-10_slack14.1.txz\n61278ba5a904a7474e9b0b64b0daab97  glibc-zoneinfo-2014j-noarch-1.txz\n\nSlackware x86_64 14.1 packages:\n490ce11a13439e30ff312769cc4fabb1  glibc-2.17-x86_64-10_slack14.1.txz\ncd145e0d6a12b15d5282d7d1b3de92ed  glibc-i18n-2.17-x86_64-10_slack14.1.txz\n93aea777dd41dc1c631dce1cf252bf14  glibc-profile-2.17-x86_64-10_slack14.1.txz\n6b759039a5b3f8c88b3753e722ded78e  glibc-solibs-2.17-x86_64-10_slack14.1.txz\n61278ba5a904a7474e9b0b64b0daab97  glibc-zoneinfo-2014j-noarch-1.txz\n\nSlackware -current packages:\n395d4ad5fb71c4a56a500c3e51d07c8b  a/glibc-solibs-2.20-i486-2.txz\n61278ba5a904a7474e9b0b64b0daab97  a/glibc-zoneinfo-2014j-noarch-1.txz\n3ca2827446e66d0d2d0e0bc8c55ba1ed  l/glibc-2.20-i486-2.txz\n94105b1a10c42ce0995f8ace6b4f06a8  l/glibc-i18n-2.20-i486-2.txz\nfcc2ad4f5aad3a7d704d708a170c5351  l/glibc-profile-2.20-i486-2.txz\n\nSlackware x86_64 -current packages:\n25129dd9dfed8a8e834c87ba40c1ef17  a/glibc-solibs-2.20-x86_64-2.txz\n61278ba5a904a7474e9b0b64b0daab97  a/glibc-zoneinfo-2014j-noarch-1.txz\nb8ff5e308769d8e4eddccd9940058d5c  l/glibc-2.20-x86_64-2.txz\n8c3db9286aa93346d25ffad38178137b  l/glibc-i18n-2.20-x86_64-2.txz\n21f2a62d975b433f570cd5129cdc21fb  l/glibc-profile-2.20-x86_64-2.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg glibc-*\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address. SEC Consult Vulnerability Lab Security Advisory \u003c 20210901-0 \u003e\n=======================================================================\n               title: Multiple vulnerabilities\n             product: see \"Vulnerable / tested versions\"\n  vulnerable version: see \"Vulnerable / tested versions\"\n       fixed version: see \"Solution\"\n          CVE number: CVE-2021-39278, CVE-2021-39279\n              impact: High\n            homepage: https://www.moxa.com/\n               found: 2020-08-31\n                  by: T. Weber (Office Vienna)\n                      SEC Consult Vulnerability Lab\n\n                      An integrated part of SEC Consult, an Atos company\n                      Europe | Asia | North America\n\n                      https://www.sec-consult.com\n\n=======================================================================\n\nVendor description:\n-------------------\n\"Together, We Create Change\n\nMoxa is committed to making a positive impact around the world. We put our all\nbehind this commitment--from our employees, to our products and supply chain. \n\nIn our local communities, we nurture and support the spirit of volunteering. \nWe encourage our employees to contribute to community development, with an\nemphasis on ecology, education, and health. \n\nIn our products, we invest in social awareness programs and\nenvironment-friendly policies at every stage of the product lifecycle. We make\nsure our manufacturing meets the highest standards with regards to quality,\nethics, and sustainability.\"\n\nSource: https://www.moxa.com/en/about-us/corporate-responsibility\n\nBusiness recommendation:\n------------------------\nSEC Consult recommends to immediately apply the available patches\nfrom the vendor. A thorough security review should be performed by\nsecurity professionals to identify further potential security issues. \n\n\nVulnerability overview/description:\n-----------------------------------\n1) Authenticated Command Injection (CVE-2021-39279)\nAn authenticated command injection vulnerability can be triggered by issuing a\nGET request to the \"/forms/web_importTFTP\" CGI program which is available on\nthe web interface. An attacker can abuse this vulnerability to compromise the\noperating system of the device. This issue was found by emulating the firmware\nof the device. \n\n2) Reflected Cross-Site Scripting via Manipulated Config-File (CVE-2021-39278)\nVia a crafted config-file, a reflected cross-site scripting vulnerability can\nbe exploited in the context of the victim\u0027s browser. This config-file can be\nuploaded to the device via the \"Config Import Export\" tab in the main menu. One of the discovered vulnerabilities (CVE-2015-0235,\ngethostbyname \"GHOST\" buffer overflow) was verified by using the MEDUSA\nscalable firmware runtime. \n\n4) Multiple Outdated Software Components\nMultiple outdated software components containing vulnerabilities were found by\nthe IoT Inspector. \n\nThe vulnerabilities 1), 2) and 3) were manually verified on an emulated device\nby using the MEDUSA scalable firmware runtime. \n\nProof of concept:\n-----------------\n1) Authenticated Command Injection (CVE-2021-39279)\nThe vulnerability can be triggered by navigating in the web interface to the\ntab:\n\n\"Main Menu\"-\u003e\"Maintenance\"-\u003e\"Config Import Export\"\n\nThe \"TFTP Import\" menu is prone to command injection via all parameters. To\nexploit the vulnerability, an IP address, a configuration path and a filename\nmust be set. \nIf the filename is used to trigger the exploit, the payload in the interceptor\nproxy would be:\n\nhttp://192.168.1.1/forms/web_importTFTP?servIP=192.168.1.1\u0026configPath=/\u0026fileName=name|`ping localhost -c 100`\n\n\n2) Reflected Cross-Site Scripting via Manipulated Config-File (CVE-2021-39278)\nThe vulnerability can be triggered by navigating in the web interface to the\ntab:\n\n\"Main Menu\"-\u003e\"Maintenance\"-\u003e\"Config Import Export\"\n\nThe \"Config Import\" menu is prone to reflected cross-site scripting via the\nupload of config files. Example of malicious config file:\n-------------------------------------------------------------------------------\n[board]\ndeviceName=\"WAC-2004_0000\u003c/span\u003e\u003cscript\u003ealert(document.cookie)\u003c/script\u003e\"\ndeviceLocation=\"\"\n[..]\n-------------------------------------------------------------------------------\nUploading such a crafted file triggers cross-site scripting as the erroneous\nvalue is displayed without filtering characters. \n\nThe gethostbyname buffer overflow vulnerability (GHOST) was checked with the\nhelp of the exploit code from https://seclists.org/oss-sec/2015/q1/274. It was\ncompiled and executed on the emulated device to test the system. \n\n\n4) Multiple Outdated Software Components\nThe IoT Inspector recognized multiple outdated software components with known\nvulnerabilities:\n\nBusyBox         1.18.5   06/2011\nDropbear SSH    2011.54  11/2011\nGNU glibc       2.9      02/2009\nLinux Kernel    2.6.27   10/2008\nOpenSSL         0.9.7g   04/2005\nOnly found in the program \"iw_director\"\nOpenSSL         1.0.0    03/2010\n\n\nVulnerable / tested versions:\n-----------------------------\nThe following firmware versions for various devices have been identified\nto be vulnerable:\n* WAC-2004               / 1.7\n* WAC-1001               / 2.1\n* WAC-1001-T             / 2.1\n* OnCell G3470A-LTE-EU   / 1.7\n* OnCell G3470A-LTE-EU-T / 1.7\n* TAP-323-EU-CT-T        / 1.3\n* TAP-323-US-CT-T        / 1.3\n* TAP-323-JP-CT-T        / 1.3\n* WDR-3124A-EU           / 2.3\n* WDR-3124A-EU-T         / 2.3\n* WDR-3124A-US           / 2.3\n* WDR-3124A-US-T         / 2.3\n\n\nVendor contact timeline:\n------------------------\n2020-10-09: Contacting vendor through moxa.csrt@moxa.com. \n2020-10-12: Contact sends PGP key for encrypted communication and asks for the\n             detailed advisory. Sent encrypted advisory to vendor. \n2020-11-06: Status update from vendor regarding technical analysis. Vendor\n             requested more time for fixing the vulnerabilities as more products\n             are affected. \n2020-11-09: Granted more time for fixing to vendor. \n2020-11-10: Vendor asked for next steps regarding the advisory publication. \n2020-11-11: Asked vendor for an estimation when a public disclosure is possible. \n2020-11-16: Vendor responded that the product team can give a rough feedback. \n2020-11-25: Asked for a status update. \n2020-11-25: Vendor responded that the investigation is not done yet. \n2020-12-14: Vendor provided a list of potential affected devices and stated\n             that full investigation may take until January 2021 due to the list\n             of CVEs that were provided with the appended IoT Inspector report. \n             The patches may be available until June 2021. \n2020-12-15: Shifted next status update round with vendor on May 2021. \n2020-12-23: Vendor provided full list of affected devices. \n2021-02-05: Vendor sieved out the found issues from 4) manually and provided a\n             full list of confirmed vulnerabilities. WAC-2004 phased-out in\n             2019. \n2021-02-21: Confirmed receive of vulnerabilities, next status update in May\n             2021. \n2021-06-10: Asking for an update. \n2021-06-15: Vendor stated, that the update will be provided in the next days. \n2021-06-21: Vendor will give an update in the next week as Covid gets worse in\n             Taiwan. \n2021-06-23: Vendor stated, that patches are under development. Vendor needs more\n             time to finish the patches. \n2021-06-24: Set release date to 2021-09-01. \n2021-07-02: Vendor provides status updates. \n2021-08-16: Vendor provides status updates. \n2021-08-17: Vendor asks for CVE IDs and stated, that WDR-3124A has phased-out. \n2021-08-20: Sent assigned CVE-IDs to vendor. Asked for fixed version numbers. \n2021-08-31: Vendor provides fixed firmware version numbers and the advisory\n             links. \n2021-09-01: Coordinated release of security advisory. \n\nSolution:\n---------\nAccording to the vendor the following patches must be applied to fix issues:\n* WAC-1001               / 2.1.5\n* WAC-1001-T             / 2.1.5\n* OnCell G3470A-LTE-EU   / 1.7.4\n* OnCell G3470A-LTE-EU-T / 1.7.4\n* TAP-323-EU-CT-T        / 1.8.1\n* TAP-323-US-CT-T        / 1.8.1\n* TAP-323-JP-CT-T        / 1.8.1\n\nThe Moxa Technical Support must be contacted for requesting the security\npatches. \n\nThe corresponding security advisories for the affected devices are available on\nthe vendor\u0027s website:\nTAP-323/WAC-1001/WAC-2004\nhttps://www.moxa.com/en/support/product-support/security-advisory/tap-323-wac-1001-2004-wireless-ap-bridge-client-vulnerabilities\nOnCell G3470A-LTE/WDR-3124A\nhttps://www.moxa.com/en/support/product-support/security-advisory/oncell-g3470a-wdr-3124a-cellular-gateways-router-vulnerabilities\n\nThe following device models are EOL and should be replaced:\n* WAC-2004\n* WDR-3124A-EU\n* WDR-3124A-EU-T\n* WDR-3124A-US\n* WDR-3124A-US-T\n\n\nWorkaround:\n-----------\nNone. \n\n\nAdvisory URL:\n-------------\nhttps://sec-consult.com/vulnerability-lab/\n\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nSEC Consult Vulnerability Lab\n\nSEC Consult, an Atos company\nEurope | Asia | North America\n\nAbout SEC Consult Vulnerability Lab\nThe SEC Consult Vulnerability Lab is an integrated part of SEC Consult, an\nAtos company. It ensures the continued knowledge gain of SEC Consult in the\nfield of network and application security to stay ahead of the attacker. The\nSEC Consult Vulnerability Lab supports high-quality penetration testing and\nthe evaluation of new offensive and defensive technologies for our customers. \nHence our customers obtain the most current information about vulnerabilities\nand valid recommendation about the risk profile of new technologies. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\nInterested to work with the experts of SEC Consult?\nSend us your application https://sec-consult.com/career/\n\nInterested in improving your cyber security with the experts of SEC Consult?\nContact our local offices https://sec-consult.com/contact/\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nMail: research at sec-consult dot com\nWeb: https://www.sec-consult.com\nBlog: http://blog.sec-consult.com\nTwitter: https://twitter.com/sec_consult\n\nEOF Thomas Weber / @2021\n\n. If Apache was manually enabled and the configuration\nwas not changed, some files that should not be accessible might have\nbeen accessible using a specially crafted URL. This issue was addressed through the\naddition of a mechanism to trust only a subset of certificates issued\nprior to the mis-issuance of the intermediate. This\nissue, also known as Logjam, allowed an attacker with a privileged\nnetwork position to downgrade security to 512-bit DH if the server\nsupported an export-strength ephemeral DH cipher suite. The issue was\naddressed by increasing the default minimum size allowed for DH\nephemeral keys to 768 bits. \nCVE-ID\nCVE-2015-3695 : Ian Beer of Google Project Zero\nCVE-2015-3696 : Ian Beer of Google Project Zero\nCVE-2015-3697 : Ian Beer of Google Project Zero\nCVE-2015-3698 : Ian Beer of Google Project Zero\nCVE-2015-3699 : Ian Beer of Google Project Zero\nCVE-2015-3700 : Ian Beer of Google Project Zero\nCVE-2015-3701 : Ian Beer of Google Project Zero\nCVE-2015-3702 : KEEN Team\n\nImageIO\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact:  Multiple vulnerabilities existed in libtiff, the most\nserious of which may lead to arbitrary code execution\nDescription:  Multiple vulnerabilities existed in libtiff versions\nprior to 4.0.4. \nCVE-ID\nCVE-2015-3661 : G. Geshev working with HP\u0027s Zero Day Initiative\nCVE-2015-3662 : kdot working with HP\u0027s Zero Day Initiative\nCVE-2015-3663 : kdot working with HP\u0027s Zero Day Initiative\nCVE-2015-3666 : Steven Seeley of Source Incite working with HP\u0027s Zero\nDay Initiative\nCVE-2015-3667 : Ryan Pentney, Richard Johnson of Cisco Talos and Kai\nLu of Fortinet\u0027s FortiGuard Labs, Ryan Pentney, and Richard Johnson\nof Cisco Talos and Kai Lu of Fortinet\u0027s FortiGuard Labs\nCVE-2015-3668 : Kai Lu of Fortinet\u0027s FortiGuard Labs\nCVE-2015-3713 : Apple\n\nSecurity\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact:  A remote attacker may cause an unexpected application\ntermination or arbitrary code execution\nDescription:  An integer overflow existed in the Security framework\ncode for parsing S/MIME e-mail and some other signed or encrypted\nobjects. \nCVE-ID\nCVE-2013-1741\n\nSecurity\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact:  Tampered applications may not be prevented from launching\nDescription:  Apps using custom resource rules may have been\nsusceptible to tampering that would not have invalidated the\nsignature",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-0235"
      },
      {
        "db": "CERT/CC",
        "id": "VU#967332"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-007061"
      },
      {
        "db": "BID",
        "id": "72325"
      },
      {
        "db": "VULHUB",
        "id": "VHN-78181"
      },
      {
        "db": "PACKETSTORM",
        "id": "134055"
      },
      {
        "db": "PACKETSTORM",
        "id": "133803"
      },
      {
        "db": "PACKETSTORM",
        "id": "153278"
      },
      {
        "db": "PACKETSTORM",
        "id": "130987"
      },
      {
        "db": "PACKETSTORM",
        "id": "130098"
      },
      {
        "db": "PACKETSTORM",
        "id": "130333"
      },
      {
        "db": "PACKETSTORM",
        "id": "130114"
      },
      {
        "db": "PACKETSTORM",
        "id": "130163"
      },
      {
        "db": "PACKETSTORM",
        "id": "164014"
      },
      {
        "db": "PACKETSTORM",
        "id": "132518"
      }
    ],
    "trust": 3.6
  },
  "exploit_availability": {
    "_id": null,
    "data": [
      {
        "reference": "https://www.kb.cert.org/vuls/id/967332",
        "trust": 0.8,
        "type": "poc"
      },
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-78181",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#967332"
      },
      {
        "db": "VULHUB",
        "id": "VHN-78181"
      }
    ]
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-0235",
        "trust": 4.6
      },
      {
        "db": "BID",
        "id": "72325",
        "trust": 2.0
      },
      {
        "db": "JUNIPER",
        "id": "JSA10671",
        "trust": 2.0
      },
      {
        "db": "PACKETSTORM",
        "id": "164014",
        "trust": 1.8
      },
      {
        "db": "PACKETSTORM",
        "id": "153278",
        "trust": 1.8
      },
      {
        "db": "BID",
        "id": "91787",
        "trust": 1.7
      },
      {
        "db": "PACKETSTORM",
        "id": "167552",
        "trust": 1.7
      },
      {
        "db": "PACKETSTORM",
        "id": "130974",
        "trust": 1.7
      },
      {
        "db": "PACKETSTORM",
        "id": "130768",
        "trust": 1.7
      },
      {
        "db": "PACKETSTORM",
        "id": "130171",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "62883",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "62690",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "62871",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "62680",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "62517",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "62640",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "62715",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "62812",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "62667",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "62879",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "62813",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "62698",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "62681",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "62692",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "62758",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "62870",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "62816",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "62691",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "62688",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "62865",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1032909",
        "trust": 1.7
      },
      {
        "db": "MCAFEE",
        "id": "SB10100",
        "trust": 1.7
      },
      {
        "db": "SIEMENS",
        "id": "SSA-994726",
        "trust": 1.7
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2021/05/04/7",
        "trust": 1.7
      },
      {
        "db": "CERT/CC",
        "id": "VU#967332",
        "trust": 1.1
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2015/01/27/9",
        "trust": 0.8
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2013/09/17/4",
        "trust": 0.8
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2015/01/28/18",
        "trust": 0.8
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2015/01/29/21",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-007061",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-658",
        "trust": 0.7
      },
      {
        "db": "CXSECURITY",
        "id": "WLB-2022060049",
        "trust": 0.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-15-064-01",
        "trust": 0.3
      },
      {
        "db": "PACKETSTORM",
        "id": "130114",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "130163",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "130333",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "131867",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130115",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131214",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "134196",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130216",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130100",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130134",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130135",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130099",
        "trust": 0.1
      },
      {
        "db": "EXPLOIT-DB",
        "id": "36421",
        "trust": 0.1
      },
      {
        "db": "EXPLOIT-DB",
        "id": "35951",
        "trust": 0.1
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-89237",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-78181",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "134055",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "133803",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130987",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130098",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132518",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#967332"
      },
      {
        "db": "VULHUB",
        "id": "VHN-78181"
      },
      {
        "db": "BID",
        "id": "72325"
      },
      {
        "db": "PACKETSTORM",
        "id": "134055"
      },
      {
        "db": "PACKETSTORM",
        "id": "133803"
      },
      {
        "db": "PACKETSTORM",
        "id": "153278"
      },
      {
        "db": "PACKETSTORM",
        "id": "130987"
      },
      {
        "db": "PACKETSTORM",
        "id": "130098"
      },
      {
        "db": "PACKETSTORM",
        "id": "130333"
      },
      {
        "db": "PACKETSTORM",
        "id": "130114"
      },
      {
        "db": "PACKETSTORM",
        "id": "130163"
      },
      {
        "db": "PACKETSTORM",
        "id": "164014"
      },
      {
        "db": "PACKETSTORM",
        "id": "132518"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-658"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-007061"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0235"
      }
    ]
  },
  "id": "VAR-201501-0737",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-78181"
      }
    ],
    "trust": 0.507738211
  },
  "last_update_date": "2026-03-09T21:40:09.204000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.eglibc.org/home"
      },
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "https://getfedora.org/en/"
      },
      {
        "title": "SUSE-SU-2014:1129-1",
        "trust": 0.8,
        "url": "https://lists.opensuse.org/opensuse-security-announce/2014-09/msg00020.html"
      },
      {
        "title": "CVE-2013-4357",
        "trust": 0.8,
        "url": "https://security-tracker.debian.org/tracker/CVE-2013-4357"
      },
      {
        "title": "USN-2306-1",
        "trust": 0.8,
        "url": "https://usn.ubuntu.com/2306-1/"
      },
      {
        "title": "USN-2306-2",
        "trust": 0.8,
        "url": "https://usn.ubuntu.com/2306-2/"
      },
      {
        "title": "USN-2306-3",
        "trust": 0.8,
        "url": "https://usn.ubuntu.com/2306-3/"
      },
      {
        "title": "glibc-2.18",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=53554"
      },
      {
        "title": "glibc-2.18",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=53556"
      },
      {
        "title": "glibc-2.18",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=53555"
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-658"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-007061"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-787",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-120",
        "trust": 0.8
      },
      {
        "problemtype": "CWE-119",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-78181"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-007061"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0235"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 2.6,
        "url": "https://www.qualys.com/research/security-advisories/ghost-cve-2015-0235.txt"
      },
      {
        "trust": 2.3,
        "url": "http://www.debian.org/security/2015/dsa-3142"
      },
      {
        "trust": 2.3,
        "url": "http://packetstormsecurity.com/files/130171/exim-esmtp-ghost-denial-of-service.html"
      },
      {
        "trust": 2.3,
        "url": "http://packetstormsecurity.com/files/130768/emc-secure-remote-services-ghost-sql-injection-command-injection.html"
      },
      {
        "trust": 2.3,
        "url": "http://packetstormsecurity.com/files/130974/exim-ghost-glibc-gethostbyname-buffer-overflow.html"
      },
      {
        "trust": 2.3,
        "url": "http://packetstormsecurity.com/files/153278/wago-852-industrial-managed-switch-series-code-execution-hardcoded-credentials.html"
      },
      {
        "trust": 2.3,
        "url": "http://packetstormsecurity.com/files/164014/moxa-command-injection-cross-site-scripting-vulnerable-software.html"
      },
      {
        "trust": 2.3,
        "url": "http://packetstormsecurity.com/files/167552/nexans-ftto-gigaswitch-outdated-components-hardcoded-backdoor.html"
      },
      {
        "trust": 2.0,
        "url": "http://seclists.org/oss-sec/2015/q1/274"
      },
      {
        "trust": 2.0,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150128-ghost"
      },
      {
        "trust": 2.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695695"
      },
      {
        "trust": 2.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695774"
      },
      {
        "trust": 2.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695835"
      },
      {
        "trust": 2.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695860"
      },
      {
        "trust": 2.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21696131"
      },
      {
        "trust": 2.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21696243"
      },
      {
        "trust": 2.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21696526"
      },
      {
        "trust": 2.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21696600"
      },
      {
        "trust": 2.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21696602"
      },
      {
        "trust": 2.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21696618"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
      },
      {
        "trust": 2.0,
        "url": "https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2015/jun/msg00002.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2015/oct/msg00005.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/72325"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/91787"
      },
      {
        "trust": 1.7,
        "url": "http://seclists.org/oss-sec/2015/q1/269"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/archive/1/534845/100/0/threaded"
      },
      {
        "trust": 1.7,
        "url": "https://seclists.org/bugtraq/2019/jun/14"
      },
      {
        "trust": 1.7,
        "url": "http://blogs.sophos.com/2015/01/29/sophos-products-and-the-ghost-vulnerability-affecting-linux/"
      },
      {
        "trust": 1.7,
        "url": "http://linux.oracle.com/errata/elsa-2015-0090.html"
      },
      {
        "trust": 1.7,
        "url": "http://linux.oracle.com/errata/elsa-2015-0092.html"
      },
      {
        "trust": 1.7,
        "url": "http://support.apple.com/kb/ht204942"
      },
      {
        "trust": 1.7,
        "url": "http://www.idirect.net/partners/~/media/files/cve/idirect-posted-common-vulnerabilities-and-exposures.pdf"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.websense.com/support/article/kbarticle/vulnerabilities-resolved-in-triton-apx-version-8-0"
      },
      {
        "trust": 1.7,
        "url": "https://bto.bluecoat.com/security-advisory/sa90"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-994726.pdf"
      },
      {
        "trust": 1.7,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04874668"
      },
      {
        "trust": 1.7,
        "url": "https://help.ecostruxureit.com/display/public/uadco8x/struxureware+data+center+operation+software+vulnerability+fixes"
      },
      {
        "trust": 1.7,
        "url": "https://security.netapp.com/advisory/ntap-20150127-0001/"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht205267"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht205375"
      },
      {
        "trust": 1.7,
        "url": "https://www.f-secure.com/en/web/labs_global/fsc-2015-1"
      },
      {
        "trust": 1.7,
        "url": "https://www.sophos.com/en-us/support/knowledgebase/121879.aspx"
      },
      {
        "trust": 1.7,
        "url": "http://seclists.org/fulldisclosure/2015/jan/111"
      },
      {
        "trust": 1.7,
        "url": "http://seclists.org/fulldisclosure/2019/jun/18"
      },
      {
        "trust": 1.7,
        "url": "http://seclists.org/fulldisclosure/2021/sep/0"
      },
      {
        "trust": 1.7,
        "url": "http://seclists.org/fulldisclosure/2022/jun/36"
      },
      {
        "trust": 1.7,
        "url": "https://security.gentoo.org/glsa/201503-04"
      },
      {
        "trust": 1.7,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:039"
      },
      {
        "trust": 1.7,
        "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1053-security-advisory-9"
      },
      {
        "trust": 1.7,
        "url": "http://www.openwall.com/lists/oss-security/2021/05/04/7"
      },
      {
        "trust": 1.7,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-0126.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1032909"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/62517"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/62640"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/62667"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/62680"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/62681"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/62688"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/62690"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/62691"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/62692"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/62698"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/62715"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/62758"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/62812"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/62813"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/62816"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/62865"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/62870"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/62871"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/62879"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/62883"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=142781412222323\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=142722450701342\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10671"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=143145428124857\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10100"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=142296726407499\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://lists.suse.com/pipermail/sle-security-updates/2015-january/001186.html"
      },
      {
        "trust": 1.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0235"
      },
      {
        "trust": 0.8,
        "url": "http://www.openwall.com/lists/oss-security/2015/01/27/9"
      },
      {
        "trust": 0.8,
        "url": "https://security-tracker.debian.org/tracker/cve-2015-0235"
      },
      {
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2015-0099.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.slackware.com/security/list.php?l=slackware-security\u0026y=2015"
      },
      {
        "trust": 0.8,
        "url": "https://wiki.ubuntu.com/securityteam/knowledgebase/ghost"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4357"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4357"
      },
      {
        "trust": 0.8,
        "url": "https://www.openwall.com/lists/oss-security/2013/09/17/4"
      },
      {
        "trust": 0.8,
        "url": "http://www.openwall.com/lists/oss-security/2015/01/28/18"
      },
      {
        "trust": 0.8,
        "url": "http://www.openwall.com/lists/oss-security/2015/01/29/21"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/issue/wlb-2022060049"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/security/cve/cve-2015-0235.html"
      },
      {
        "trust": 0.3,
        "url": "https://securityadvisories.paloaltonetworks.com/home/detail/29?aspxautodetectcookiesupport=1"
      },
      {
        "trust": 0.3,
        "url": "http://www.gnu.org/software/libc/"
      },
      {
        "trust": 0.3,
        "url": "http://www.pexip.com/sites/pexip/files/pexip_security_bulletin_2015-01-30.pdf"
      },
      {
        "trust": 0.3,
        "url": "https://support.f5.com/kb/en-us/solutions/public/16000/000/sol16057.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.splunk.com/view/sp-caaanvj"
      },
      {
        "trust": 0.3,
        "url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=\u0026solutionid=sk104443"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04560440"
      },
      {
        "trust": 0.3,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10671\u0026cat=sirt_1\u0026actp=list"
      },
      {
        "trust": 0.3,
        "url": "http://www.fortiguard.com/advisory/fg-ir-15-001/"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/101006702"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/101006704"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/101006705"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097203"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04577814"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04589512"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/nov/14"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04602055"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04599861"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04674742"
      },
      {
        "trust": 0.3,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00000.html"
      },
      {
        "trust": 0.3,
        "url": "https://www.xerox.com/download/security/security-bulletin/2f11f-5117bc2506e9f/cert_security_mini_bulletin_xrx15j_for_connectkey_1.5_r15-02_v1-1.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/mar/48"
      },
      {
        "trust": 0.3,
        "url": "https://securityadvisories.paloaltonetworks.com/home/detail/29"
      },
      {
        "trust": 0.3,
        "url": "http://supportdocs.polycom.com/polycomservice/support/global/documents/support/documentation/security_advisory_ghost_v_2_0.pdf"
      },
      {
        "trust": 0.3,
        "url": "https://www.alienvault.com/forums/discussion/4475/security-advisory-alienvault-v4-15-1-addresses-twenty-20-vulnerabilities"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005056"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21696466"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21696640"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098317"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097331"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005064"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21696204"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21696630"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697192"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695967"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022050"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695859"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21696461"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097163"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005172"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097332"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697268"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005063"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005062"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005122"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21696416"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020559"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022015"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005068"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695947"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697250"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698044"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695637"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21696066"
      },
      {
        "trust": 0.3,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-15-064-01"
      },
      {
        "trust": 0.3,
        "url": "http://www.kb.cert.org/vuls/id/967332"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/support/downloads/"
      },
      {
        "trust": 0.3,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.3,
        "url": "http://gpgtools.org"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0273"
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0287"
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/en-"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286"
      },
      {
        "trust": 0.2,
        "url": "https://seclists.org/oss-sec/2015/q1/274."
      },
      {
        "trust": 0.2,
        "url": "https://www.sec-consult.com"
      },
      {
        "trust": 0.2,
        "url": "https://twitter.com/sec_consult"
      },
      {
        "trust": 0.2,
        "url": "http://blog.sec-consult.com"
      },
      {
        "trust": 0.2,
        "url": "http://www.debian.org/security/"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0235"
      },
      {
        "trust": 0.2,
        "url": "https://rhn.redhat.com/errata/rhsa-2015-0092.html"
      },
      {
        "trust": 0.1,
        "url": "https://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10671"
      },
      {
        "trust": 0.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10100"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=142296726407499\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=142781412222323\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=142722450701342\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=142721102728110\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=143145428124857\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5925"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5936"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6836"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5943"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5924"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5945"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6834"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5935"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5944"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5942"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3565"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6837"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5940"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5927"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5933"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5939"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht205377"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5934"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6835"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6838"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6563"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-6151"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5938"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6974"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5926"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5937"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5932"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8146"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0231"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8080"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2331"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-7187"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1351"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8090"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9705"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1352"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-3951"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8147"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0232"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2301"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht205265."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8611"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9427"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1855"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2305"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9425"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-7186"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3618"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9709"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6277"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2532"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9652"
      },
      {
        "trust": 0.1,
        "url": "https://www.tencent.com)"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0296"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6301"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1472"
      },
      {
        "trust": 0.1,
        "url": "http://www.wago.us/wago/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2716"
      },
      {
        "trust": 0.1,
        "url": "https://www.sec-consult.com/en/career/index.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-4412"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9402"
      },
      {
        "trust": 0.1,
        "url": "https://www.wago.com"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-5325"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-9261"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2147"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3856"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9984"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9761"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4043"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1813"
      },
      {
        "trust": 0.1,
        "url": "https://www.sec-consult.com/en/vulnerability-lab/advisories/index.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12550"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2148"
      },
      {
        "trust": 0.1,
        "url": "https://www.sec-consult.com/en/contact/index.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3571"
      },
      {
        "trust": 0.1,
        "url": "http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3572"
      },
      {
        "trust": 0.1,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.1,
        "url": "http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-"
      },
      {
        "trust": 0.1,
        "url": "http://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all-"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0204"
      },
      {
        "trust": 0.1,
        "url": "http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all-"
      },
      {
        "trust": 0.1,
        "url": "http://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all-"
      },
      {
        "trust": 0.1,
        "url": "http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-"
      },
      {
        "trust": 0.1,
        "url": "http://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe"
      },
      {
        "trust": 0.1,
        "url": "http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all-"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3570"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8275"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0206"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6040"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-6656"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-7817"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/en/support/security/"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/en/support/security/advisories/"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0235"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-39278"
      },
      {
        "trust": 0.1,
        "url": "https://www.moxa.com/en/support/product-support/security-advisory/oncell-g3470a-wdr-3124a-cellular-gateways-router-vulnerabilities"
      },
      {
        "trust": 0.1,
        "url": "https://www.moxa.com/en/about-us/corporate-responsibility"
      },
      {
        "trust": 0.1,
        "url": "https://sec-consult.com/contact/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-7423"
      },
      {
        "trust": 0.1,
        "url": "https://sec-consult.com/vulnerability-lab/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1234"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7547"
      },
      {
        "trust": 0.1,
        "url": "https://www.moxa.com/en/support/product-support/security-advisory/tap-323-wac-1001-2004-wireless-ap-bridge-client-vulnerabilities"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-39279"
      },
      {
        "trust": 0.1,
        "url": "https://www.moxa.com/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1914"
      },
      {
        "trust": 0.1,
        "url": "https://sec-consult.com/career/"
      },
      {
        "trust": 0.1,
        "url": "http://192.168.1.1/forms/web_importtftp?servip=192.168.1.1\u0026configpath=/\u0026filename=name|`ping"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0288"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3673"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8141"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8140"
      },
      {
        "trust": 0.1,
        "url": "http://support.apple.com/kb/ht1222"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/en-us/ht204938"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3672"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8127"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0289"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3661"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3671"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1741"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8128"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8130"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8139"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3662"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8129"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1157"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/en-us/ht204950"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3663"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3668"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0293"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1799"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3666"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1798"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3667"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#967332"
      },
      {
        "db": "VULHUB",
        "id": "VHN-78181"
      },
      {
        "db": "BID",
        "id": "72325"
      },
      {
        "db": "PACKETSTORM",
        "id": "134055"
      },
      {
        "db": "PACKETSTORM",
        "id": "133803"
      },
      {
        "db": "PACKETSTORM",
        "id": "153278"
      },
      {
        "db": "PACKETSTORM",
        "id": "130987"
      },
      {
        "db": "PACKETSTORM",
        "id": "130098"
      },
      {
        "db": "PACKETSTORM",
        "id": "130333"
      },
      {
        "db": "PACKETSTORM",
        "id": "130114"
      },
      {
        "db": "PACKETSTORM",
        "id": "130163"
      },
      {
        "db": "PACKETSTORM",
        "id": "164014"
      },
      {
        "db": "PACKETSTORM",
        "id": "132518"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-658"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-007061"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0235"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#967332",
        "ident": null
      },
      {
        "db": "VULHUB",
        "id": "VHN-78181",
        "ident": null
      },
      {
        "db": "BID",
        "id": "72325",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "134055",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "133803",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "153278",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "130987",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "130098",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "130333",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "130114",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "130163",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "164014",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "132518",
        "ident": null
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-658",
        "ident": null
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-007061",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0235",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2015-01-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#967332",
        "ident": null
      },
      {
        "date": "2015-01-28T00:00:00",
        "db": "VULHUB",
        "id": "VHN-78181",
        "ident": null
      },
      {
        "date": "2015-01-27T00:00:00",
        "db": "BID",
        "id": "72325",
        "ident": null
      },
      {
        "date": "2015-10-21T19:32:22",
        "db": "PACKETSTORM",
        "id": "134055",
        "ident": null
      },
      {
        "date": "2015-10-01T16:33:47",
        "db": "PACKETSTORM",
        "id": "133803",
        "ident": null
      },
      {
        "date": "2019-06-13T19:33:38",
        "db": "PACKETSTORM",
        "id": "153278",
        "ident": null
      },
      {
        "date": "2015-03-24T17:05:09",
        "db": "PACKETSTORM",
        "id": "130987",
        "ident": null
      },
      {
        "date": "2015-01-27T18:04:25",
        "db": "PACKETSTORM",
        "id": "130098",
        "ident": null
      },
      {
        "date": "2015-02-10T17:42:58",
        "db": "PACKETSTORM",
        "id": "130333",
        "ident": null
      },
      {
        "date": "2015-01-27T19:35:59",
        "db": "PACKETSTORM",
        "id": "130114",
        "ident": null
      },
      {
        "date": "2015-01-29T18:21:00",
        "db": "PACKETSTORM",
        "id": "130163",
        "ident": null
      },
      {
        "date": "2021-09-01T15:42:52",
        "db": "PACKETSTORM",
        "id": "164014",
        "ident": null
      },
      {
        "date": "2015-07-01T05:31:53",
        "db": "PACKETSTORM",
        "id": "132518",
        "ident": null
      },
      {
        "date": "2015-01-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201501-658",
        "ident": null
      },
      {
        "date": "2020-01-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-007061",
        "ident": null
      },
      {
        "date": "2015-01-28T19:59:00.063000",
        "db": "NVD",
        "id": "CVE-2015-0235",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2015-10-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#967332",
        "ident": null
      },
      {
        "date": "2021-11-17T00:00:00",
        "db": "VULHUB",
        "id": "VHN-78181",
        "ident": null
      },
      {
        "date": "2018-10-17T06:00:00",
        "db": "BID",
        "id": "72325",
        "ident": null
      },
      {
        "date": "2022-06-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201501-658",
        "ident": null
      },
      {
        "date": "2020-01-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-007061",
        "ident": null
      },
      {
        "date": "2025-04-12T10:46:40.837000",
        "db": "NVD",
        "id": "CVE-2015-0235",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "130114"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-658"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "_id": null,
    "data": "GNU C Library (glibc) __nss_hostname_digits_dots() function vulnerable to buffer overflow",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#967332"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "_id": null,
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-658"
      }
    ],
    "trust": 0.6
  }
}

VAR-201905-0784

Vulnerability from variot - Updated: 2024-11-23 23:01

An issue was discovered in Polycom Group Series 6.1.6.1 and earlier, HDX 3.1.12 and earlier, and Pano 1.1.1 and earlier. A remote code execution vulnerability exists in the content sharing functionality because of a Buffer Overflow via crafted packets. plural Polycom The product contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to execute arbitrary code within the context of the application. Failed exploit attempts will likely cause a denial-of-service condition

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201905-0784",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "group series",
        "scope": "lte",
        "trust": 1.8,
        "vendor": "polycom",
        "version": "6.1.6.1"
      },
      {
        "model": "pano",
        "scope": "lte",
        "trust": 1.8,
        "vendor": "polycom",
        "version": "1.1.1"
      },
      {
        "model": "hdx",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "polycom",
        "version": "3.1.12"
      },
      {
        "model": "hdx system software",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "polycom",
        "version": "3.1.12"
      },
      {
        "model": "pano",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "1.1.1"
      },
      {
        "model": "hdx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "3.1.12"
      },
      {
        "model": "group series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "6.1.6"
      },
      {
        "model": "group series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "6.1.5"
      },
      {
        "model": "group series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "6.1.4"
      },
      {
        "model": "group series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "6.1.3"
      },
      {
        "model": "group series",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "6.1.7"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "108430"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015419"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-15128"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:polycom:group_series",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:polycom:pano",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:polycom:hdx_system_software",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015419"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Frank Cozijnsen from KPN",
    "sources": [
      {
        "db": "BID",
        "id": "108430"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-15128",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2018-15128",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2018-15128",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-15128",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "NVD",
            "id": "CVE-2018-15128",
            "trust": 0.8,
            "value": "Critical"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201905-301",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULMON",
            "id": "CVE-2018-15128",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2018-15128"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015419"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-301"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-15128"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An issue was discovered in Polycom Group Series 6.1.6.1 and earlier, HDX 3.1.12 and earlier, and Pano 1.1.1 and earlier. A remote code execution vulnerability exists in the content sharing functionality because of a Buffer Overflow via crafted packets. plural Polycom The product contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. \nAn attacker can exploit this issue to execute arbitrary code within the context of the application. Failed exploit attempts will likely cause a denial-of-service condition",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-15128"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015419"
      },
      {
        "db": "BID",
        "id": "108430"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-15128"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-15128",
        "trust": 2.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015419",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-301",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "108430",
        "trust": 0.3
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-15128",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2018-15128"
      },
      {
        "db": "BID",
        "id": "108430"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015419"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-301"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-15128"
      }
    ]
  },
  "id": "VAR-201905-0784",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.31323528
  },
  "last_update_date": "2024-11-23T23:01:49.973000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SECURITY BULLETIN - Remote Code Execution Vulnerability Found in Group Series - Bulletin Version 1.0",
        "trust": 0.8,
        "url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/remote-code-exectuion-vulnerability-group-series.pdf"
      },
      {
        "title": "Polycom Group Series Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92478"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015419"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-301"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015419"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-15128"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/remote-code-exectuion-vulnerability-group-series.pdf"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-15128"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15128"
      },
      {
        "trust": 0.3,
        "url": "http://www.polycom.com/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/119.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2018-15128"
      },
      {
        "db": "BID",
        "id": "108430"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015419"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-301"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-15128"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2018-15128"
      },
      {
        "db": "BID",
        "id": "108430"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015419"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-301"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-15128"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-05-13T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-15128"
      },
      {
        "date": "2018-11-01T00:00:00",
        "db": "BID",
        "id": "108430"
      },
      {
        "date": "2019-06-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-015419"
      },
      {
        "date": "2019-05-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201905-301"
      },
      {
        "date": "2019-05-13T14:29:00.440000",
        "db": "NVD",
        "id": "CVE-2018-15128"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-05-14T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-15128"
      },
      {
        "date": "2018-11-01T00:00:00",
        "db": "BID",
        "id": "108430"
      },
      {
        "date": "2019-06-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-015419"
      },
      {
        "date": "2019-05-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201905-301"
      },
      {
        "date": "2024-11-21T03:50:21.940000",
        "db": "NVD",
        "id": "CVE-2018-15128"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-301"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Polycom Product buffer error vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015419"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-301"
      }
    ],
    "trust": 0.6
  }
}

VAR-201303-0507

Vulnerability from variot - Updated: 2022-05-17 02:07

Polycom HDX Series are prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and gain unauthorized root access to the affected device; this may aid in launching further attacks.

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201303-0507",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "hdx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "90000"
      },
      {
        "model": "hdx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "80000"
      },
      {
        "model": "hdx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "70000"
      },
      {
        "model": "hdx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "60000"
      },
      {
        "model": "hdx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "40000"
      },
      {
        "model": "hdx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "90003.1.12"
      },
      {
        "model": "hdx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "80003.1.12"
      },
      {
        "model": "hdx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "70003.1.12"
      },
      {
        "model": "hdx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "60003.1.12"
      },
      {
        "model": "hdx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "40003.1.12"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "58523"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "n.runs AG",
    "sources": [
      {
        "db": "BID",
        "id": "58523"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201303-342"
      }
    ],
    "trust": 0.9
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Polycom HDX Series are prone to a security-bypass vulnerability.\nAn attacker can exploit this issue to bypass certain security restrictions and gain unauthorized root access to the affected device; this may aid in launching further attacks.",
    "sources": [
      {
        "db": "BID",
        "id": "58523"
      }
    ],
    "trust": 0.3
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "58523",
        "trust": 0.9
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201303-342",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "58523"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201303-342"
      }
    ]
  },
  "id": "VAR-201303-0507",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.2159091
  },
  "last_update_date": "2022-05-17T02:07:15.395000Z",
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/bid/58523"
      },
      {
        "trust": 0.3,
        "url": "http://www.polycom.com/"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "58523"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201303-342"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "58523"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201303-342"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-03-15T00:00:00",
        "db": "BID",
        "id": "58523"
      },
      {
        "date": "2013-03-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201303-342"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-03-15T00:00:00",
        "db": "BID",
        "id": "58523"
      },
      {
        "date": "2013-03-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201303-342"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201303-342"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Polycom HDX Series Security bypass vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201303-342"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Design Error",
    "sources": [
      {
        "db": "BID",
        "id": "58523"
      }
    ],
    "trust": 0.3
  }
}

VAR-201303-0456

Vulnerability from variot - Updated: 2022-05-17 02:02

Polycom HDX Series devices are prone to a format-string vulnerability because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function. An attacker may exploit this issue to execute arbitrary code with root access in the context of the vulnerable device. Failed exploit attempts will likely result in a denial-of-service condition.

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201303-0456",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "hdx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "90000"
      },
      {
        "model": "hdx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "80000"
      },
      {
        "model": "hdx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "70000"
      },
      {
        "model": "hdx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "60000"
      },
      {
        "model": "hdx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "40000"
      },
      {
        "model": "hdx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "90003.1.12"
      },
      {
        "model": "hdx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "80003.1.12"
      },
      {
        "model": "hdx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "70003.1.12"
      },
      {
        "model": "hdx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "60003.1.12"
      },
      {
        "model": "hdx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "40003.1.12"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "58525"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Moritz Jodeit of n.runs AG",
    "sources": [
      {
        "db": "BID",
        "id": "58525"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201303-340"
      }
    ],
    "trust": 0.9
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Polycom HDX Series devices are prone to a format-string vulnerability because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function.\nAn attacker may exploit this issue to execute arbitrary code with root  access in the context of the vulnerable device. Failed exploit  attempts will likely result in a denial-of-service condition.",
    "sources": [
      {
        "db": "BID",
        "id": "58525"
      }
    ],
    "trust": 0.3
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "58525",
        "trust": 0.9
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201303-340",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "58525"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201303-340"
      }
    ]
  },
  "id": "VAR-201303-0456",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.2159091
  },
  "last_update_date": "2022-05-17T02:02:35.342000Z",
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/bid/58525"
      },
      {
        "trust": 0.3,
        "url": "http://www.polycom.com/"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "58525"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201303-340"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "58525"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201303-340"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-03-15T00:00:00",
        "db": "BID",
        "id": "58525"
      },
      {
        "date": "2013-03-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201303-340"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-03-15T00:00:00",
        "db": "BID",
        "id": "58525"
      },
      {
        "date": "2013-03-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201303-340"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201303-340"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Polycom HDX Series \u2018 H.323 \u003c/ formatting string vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201303-340"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Input Validation Error",
    "sources": [
      {
        "db": "BID",
        "id": "58525"
      }
    ],
    "trust": 0.3
  }
}

VAR-201801-1848

Vulnerability from variot - Updated: 2022-05-17 01:52

PolycomHDX is a high-definition series of network cameras. A remote code execution vulnerability exists in PolycomHDX endpoints. An attacker can exploit a vulnerability to execute arbitrary code in the context of an application. A failed exploit can result in a denial of service condition. HDX 3.1.11 hotfix 1 and prior versions are affected

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201801-1848",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "hdx hotfix",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "polycom",
        "version": "3.1.111"
      },
      {
        "model": "hdx",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "polycom",
        "version": "3.1.11"
      },
      {
        "model": "hdx hotfix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "3.1.112"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-01931"
      },
      {
        "db": "BID",
        "id": "101973"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SensePost.",
    "sources": [
      {
        "db": "BID",
        "id": "101973"
      }
    ],
    "trust": 0.3
  },
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2018-01931",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "CNVD",
            "id": "CNVD-2018-01931",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-01931"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "PolycomHDX is a high-definition series of network cameras. A remote code execution vulnerability exists in PolycomHDX endpoints. An attacker can exploit a vulnerability to execute arbitrary code in the context of an application. A failed exploit can result in a denial of service condition. \nHDX 3.1.11 hotfix 1 and prior versions are affected",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-01931"
      },
      {
        "db": "BID",
        "id": "101973"
      }
    ],
    "trust": 0.81
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "101973",
        "trust": 0.9
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-01931",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-01931"
      },
      {
        "db": "BID",
        "id": "101973"
      }
    ]
  },
  "id": "VAR-201801-1848",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-01931"
      }
    ],
    "trust": 1.08295455
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-01931"
      }
    ]
  },
  "last_update_date": "2022-05-17T01:52:35.878000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Patch for PolycomHDX Endpoint Remote Code Execution Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/114453"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-01931"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/bid/101973/"
      },
      {
        "trust": 0.3,
        "url": "http://www.polycom.com/"
      },
      {
        "trust": 0.3,
        "url": "http://support.polycom.com/content/dam/polycom-support/global/documentation/secruity-advisory-hdx.pdf"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-01931"
      },
      {
        "db": "BID",
        "id": "101973"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-01931"
      },
      {
        "db": "BID",
        "id": "101973"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-01-26T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-01931"
      },
      {
        "date": "2017-11-24T00:00:00",
        "db": "BID",
        "id": "101973"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-01-26T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-01931"
      },
      {
        "date": "2017-12-19T22:37:00",
        "db": "BID",
        "id": "101973"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "101973"
      }
    ],
    "trust": 0.3
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Polycom HDX Endpoint Remote Code Execution Vulnerability",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-01931"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Input Validation Error",
    "sources": [
      {
        "db": "BID",
        "id": "101973"
      }
    ],
    "trust": 0.3
  }
}

VAR-201203-0516

Vulnerability from variot - Updated: 2022-05-17 01:45

Multiple Polycom products are prone to a directory-traversal vulnerability and a command-injection vulnerability because it fails to sufficiently sanitize user-supplied input. Remote attackers can use a specially crafted request with directory-traversal sequences ('../') to retrieve arbitrary files in the context of the application. Also, attackers can execute arbitrary commands with the privileges of the user running the application.

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201203-0516",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "web management interface g3/hdx hd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "8000"
      },
      {
        "model": "linux development platform 2.14.g3",
        "scope": null,
        "trust": 0.3,
        "vendor": "polycom",
        "version": null
      },
      {
        "model": "hdx video end points",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "2.6"
      },
      {
        "model": "hdx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "80000"
      },
      {
        "model": "durango build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "2.64740"
      },
      {
        "model": "durango",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "2.6"
      },
      {
        "model": "uc apl 2.7.1.j",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "polycom",
        "version": null
      },
      {
        "model": "hdx video end points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "3.0.4"
      },
      {
        "model": "hdx video end points",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "3.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "52301"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Jo??o Paulo Caldas Campello",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201203-053"
      }
    ],
    "trust": 0.6
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple Polycom products are prone to a directory-traversal vulnerability and a command-injection vulnerability because it fails to sufficiently sanitize user-supplied input.\nRemote attackers can use a specially crafted request with  directory-traversal sequences (\u0027../\u0027) to retrieve arbitrary files in the  context of the application. Also, attackers can execute arbitrary commands with the privileges of the user running the application.",
    "sources": [
      {
        "db": "BID",
        "id": "52301"
      }
    ],
    "trust": 0.3
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "52301",
        "trust": 0.9
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201203-053",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "52301"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201203-053"
      }
    ]
  },
  "id": "VAR-201203-0516",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.2159091
  },
  "last_update_date": "2022-05-17T01:45:31.714000Z",
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/bid/52301"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/fulldisclosure/2012/mar/18?utm_source=twitterfeed\u0026utm_medium=twitter"
      },
      {
        "trust": 0.3,
        "url": "http://blog.tempest.com.br/joao-paulo-campello/path-traversal-on-polycom-web-management-interface.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.polycom.com/"
      },
      {
        "trust": 0.3,
        "url": "http://blog.tempest.com.br/joao-paulo-campello/polycom-web-management-interface-os-command-injection.html"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "52301"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201203-053"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "52301"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201203-053"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2012-03-05T00:00:00",
        "db": "BID",
        "id": "52301"
      },
      {
        "date": "2012-03-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201203-053"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-02-13T09:01:00",
        "db": "BID",
        "id": "52301"
      },
      {
        "date": "2012-03-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201203-053"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201203-053"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Polycom Directory Traversal Vulnerabilities and Command Injection Vulnerabilities",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201203-053"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Input Validation Error",
    "sources": [
      {
        "db": "BID",
        "id": "52301"
      }
    ],
    "trust": 0.3
  }
}

VAR-201303-0508

Vulnerability from variot - Updated: 2022-05-17 01:45

Polycom HDX is a high-definition series of network cameras. The Polycom HDX series uses user input that is not properly filtered for use in SQL queries. There is a SQL injection vulnerability in the implementation that an attacker can use to perform unauthorized database operations. Polycom HDX Series devices are prone to a remote command-injection vulnerability. Attackers can exploit this issue to inject and execute arbitrary commands within the context of the affected device

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201303-0508",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "hdx",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "polycom",
        "version": "6000"
      },
      {
        "model": "hdx",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "polycom",
        "version": "7000"
      },
      {
        "model": "hdx",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "polycom",
        "version": "8000"
      },
      {
        "model": "hdx",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "polycom",
        "version": "9000"
      },
      {
        "model": "hdx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "90000"
      },
      {
        "model": "hdx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "80000"
      },
      {
        "model": "hdx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "70000"
      },
      {
        "model": "hdx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "60000"
      },
      {
        "model": "hdx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "40000"
      },
      {
        "model": "hdx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "90003.1.12"
      },
      {
        "model": "hdx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "80003.1.12"
      },
      {
        "model": "hdx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "70003.1.12"
      },
      {
        "model": "hdx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "60003.1.12"
      },
      {
        "model": "hdx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "40003.1.12"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-02164"
      },
      {
        "db": "BID",
        "id": "58524"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Moritz Jodeit of n.runs AG",
    "sources": [
      {
        "db": "BID",
        "id": "58524"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201303-341"
      }
    ],
    "trust": 0.9
  },
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2013-02164",
            "impactScore": 8.5,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "CNVD",
            "id": "CNVD-2013-02164",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-02164"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Polycom HDX is a high-definition series of network cameras. The Polycom HDX series uses user input that is not properly filtered for use in SQL queries. There is a SQL injection vulnerability in the implementation that an attacker can use to perform unauthorized database operations. Polycom HDX Series devices are prone to a remote command-injection vulnerability. \nAttackers can exploit this issue to inject and execute arbitrary commands within the context of the affected device",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-02164"
      },
      {
        "db": "BID",
        "id": "58524"
      }
    ],
    "trust": 0.81
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "58524",
        "trust": 1.5
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-02164",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201303-341",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-02164"
      },
      {
        "db": "BID",
        "id": "58524"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201303-341"
      }
    ]
  },
  "id": "VAR-201303-0508",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-02164"
      }
    ],
    "trust": 0.8159090999999999
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-02164"
      }
    ]
  },
  "last_update_date": "2022-05-17T01:45:25.568000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Patch for Polycom HDX Series SQL Injection Vulnerability (CNVD-2013-02164)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/32994"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-02164"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.2,
        "url": "http://www.securityfocus.com/bid/58524"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2013/mar/97"
      },
      {
        "trust": 0.3,
        "url": "http://www.polycom.com/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-02164"
      },
      {
        "db": "BID",
        "id": "58524"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201303-341"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-02164"
      },
      {
        "db": "BID",
        "id": "58524"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201303-341"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-03-26T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2013-02164"
      },
      {
        "date": "2013-03-15T00:00:00",
        "db": "BID",
        "id": "58524"
      },
      {
        "date": "2013-03-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201303-341"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-04-28T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2013-02164"
      },
      {
        "date": "2013-03-15T00:00:00",
        "db": "BID",
        "id": "58524"
      },
      {
        "date": "2013-03-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201303-341"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201303-341"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Polycom HDX Series Remote Command Injection Vulnerability",
    "sources": [
      {
        "db": "BID",
        "id": "58524"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201303-341"
      }
    ],
    "trust": 0.9
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Input Validation Error",
    "sources": [
      {
        "db": "BID",
        "id": "58524"
      }
    ],
    "trust": 0.3
  }
}

VAR-201303-0457

Vulnerability from variot - Updated: 2022-05-17 01:43

Polycom HDX Series devices are prone to an SQL-injection vulnerability because they fail to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an authenticated attacker to compromise the affected device, access or modify data, or exploit latent vulnerabilities in the underlying database.

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201303-0457",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "hdx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "90000"
      },
      {
        "model": "hdx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "80000"
      },
      {
        "model": "hdx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "70000"
      },
      {
        "model": "hdx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "60000"
      },
      {
        "model": "hdx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "40000"
      },
      {
        "model": "hdx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "90003.1.12"
      },
      {
        "model": "hdx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "80003.1.12"
      },
      {
        "model": "hdx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "70003.1.12"
      },
      {
        "model": "hdx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "60003.1.12"
      },
      {
        "model": "hdx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "polycom",
        "version": "40003.1.12"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "58526"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Moritz Jodeit of n.runs AG",
    "sources": [
      {
        "db": "BID",
        "id": "58526"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201303-339"
      }
    ],
    "trust": 0.9
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Polycom HDX Series devices are prone to an SQL-injection vulnerability because they fail to sufficiently sanitize user-supplied data before using it in an SQL query.\nExploiting this issue could allow an authenticated attacker to compromise the affected device, access or modify data, or exploit latent vulnerabilities in the underlying database.",
    "sources": [
      {
        "db": "BID",
        "id": "58526"
      }
    ],
    "trust": 0.3
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "58526",
        "trust": 0.9
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201303-339",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "58526"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201303-339"
      }
    ]
  },
  "id": "VAR-201303-0457",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.2159091
  },
  "last_update_date": "2022-05-17T01:43:25.548000Z",
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/bid/58526"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2013/mar/98"
      },
      {
        "trust": 0.3,
        "url": "http://www.polycom.com/"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "58526"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201303-339"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "58526"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201303-339"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-03-15T00:00:00",
        "db": "BID",
        "id": "58526"
      },
      {
        "date": "2013-03-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201303-339"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-03-15T00:00:00",
        "db": "BID",
        "id": "58526"
      },
      {
        "date": "2013-03-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201303-339"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201303-339"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Polycom HDX Series SQL Injection Vulnerability",
    "sources": [
      {
        "db": "BID",
        "id": "58526"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201303-339"
      }
    ],
    "trust": 0.9
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SQL injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201303-339"
      }
    ],
    "trust": 0.6
  }
}

CVE-2018-15128 (GCVE-0-2018-15128)

Vulnerability from nvd – Published: 2019-05-13 13:18 – Updated: 2024-08-05 09:46

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

CVE-2018-15128 (GCVE-0-2018-15128)

Vulnerability from cvelistv5 – Published: 2019-05-13 13:18 – Updated: 2024-08-05 09:46

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Search criteria ⓘ Use full-text search for keyword queries. Combine vendor, product, and sources to narrow results. Enable “Apply ordering” to sort by dates instead of relevance.

10 vulnerabilities found for hdx by polycom

Example for SSH:

Vulnerable / tested versions:

Vendor contact timeline:

Solution:

Workaround:

CVSS 2.0 Base Metrics

upgradepkg glibc-*

Vendor description:

Business recommendation:

Vulnerability overview/description:

Proof of concept:

Vulnerable / tested versions:

Vendor contact timeline:

Solution:

Workaround:

Advisory URL:

CVE-2018-15128 (GCVE-0-2018-15128)

CVE-2018-15128 (GCVE-0-2018-15128)

Search criteria ⓘ Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.