Search
Find a vulnerability
Search criteria
107 vulnerabilities by canon
VAR-202006-0391
Vulnerability from variot - Updated: 2026-04-10 22:22The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. The Universal Plug and Play (UPnP) protocol in effect prior to April 17, 2020 can be abused to send traffic to arbitrary destinations using the SUBSCRIBE functionality. The UPnP protocol, as specified by the Open Connectivity Foundation (OCF), is designed to provide automatic discovery and interaction with devices on a network. The UPnP protocol is designed to be used in a trusted local area network (LAN) and the protocol does not implement any form of authentication or verification. Many common Internet-connected devices support UPnP, as noted in previous research from Daniel Garcia (VU#357851) and Rapid7. Garcia presented at DEFCON 2019 and published a scanning and portmapping tool. The UPnP Device Protection service was not widely adopted. A vulnerability in the UPnP SUBSCRIBE capability permits an attacker to send large amounts of data to arbitrary destinations accessible over the Internet, which could lead to a Distributed Denial of Service (DDoS), data exfiltration, and other unexpected network behavior. The OCF has updated the UPnP specification to address this issue. This vulnerability has been assigned CVE-2020-12695 and is also known as Call Stranger. Although offering UPnP services on the Internet is generally considered to be a misconfiguration, a number of devices are still available over the Internet according to a recent Shodan scan. A remote, unauthenticated attacker may be able to abuse the UPnP SUBSCRIBE capability to send traffic to arbitrary destinations, leading to amplified DDoS attacks and data exfiltration. In general, making UPnP available over the the Internet can pose further security vulnerabilities than the one described in this vulnerability note. Open Connectivity Foundation UPnP There is a vulnerability in the specification regarding improper default permissions.Information is obtained and service operation is interrupted (DoS) It may be put into a state. A security vulnerability exists in UPnP versions prior to 2020-04-17.
CVE-2020-12695
It was discovered that hostapd does not properly handle UPnP
subscribe messages under certain conditions, allowing an attacker to
cause a denial of service.
CVE-2021-0326
It was discovered that wpa_supplicant does not properly process P2P
(Wi-Fi Direct) group information from active group owners. An
attacker within radio range of the device running P2P could take
advantage of this flaw to cause a denial of service or potentially
execute arbitrary code.
CVE-2021-27803
It was discovered that wpa_supplicant does not properly process
P2P (Wi-Fi Direct) provision discovery requests. An attacker
within radio range of the device running P2P could take advantage
of this flaw to cause a denial of service or potentially execute
arbitrary code.
For the stable distribution (buster), these problems have been fixed in version 2:2.7+git20190128+0c1e29f-6+deb10u3.
We recommend that you upgrade your wpa packages.
For the detailed security status of wpa please refer to its security tracker page at: https://security-tracker.debian.org/tracker/wpa
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmCBxcZfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0QRbw//chJxW9vhszfe/MrHkuEBC/y0jzkQ0GxJG/DT+EXvHnq8KyVht92B81sU Ia860UeNygOY1vAe8izNVpxPEi1PpI7Y6VfvqcWC5dMFNEmOk8yMzJXPDYtwrO3b q7Fq6MJys6HTooIInCVjdwVTmvVfocEiOl2Oy+smBE8ylkUPIShJj+UsnBR3qMCB 9IoxgeFsHl4HpRzsC1uiTMmNPUqqychqzyn26aA+Vp5nfPkvpsSc6aA68BBUm529 5udANpQneYrsQ+EKMm2wQmw9xNWbrqzRUCmi/XGxJ5YEibOjMLZeBMWq35MRQKDS BaaEPbjPMbBP7p6yp795pdt/XgNL1cJPejEBBQWPs3PrRuW/inhjJbSvenPl5AIB wOV8OzoxDw0m5DdYr2IuYRNu3zt743e/v5oDhDOiSteBl7zjs4cUohfOryaH/htN 7Ok3BbhfVc7xfW/XhXNq2axXPGDdSOI3Y6ZXPgiTlX3eIm8Culg7Rm52JprbAc0a aP0pkGjHO3MAIsvRU/H7WGJbhCdS0i/XTAbuJming5zzCpigGaQG9wOawYH4lNJV BNEX/DjjcsZ4oETxWn0sG/LVIl3m2TCry2cayZsy8806nTqlhFS2py5tx6gn5NBi e5JGaYRgwa6TUxj4UjWnbdIKMpElbtXbMIOHSvG2Gnx/21siyg0= =CU/j -----END PGP SIGNATURE----- . In addition minidlna was susceptible to the "CallStranger" UPnP vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: gssdp and gupnp security update Advisory ID: RHSA-2021:1789-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:1789 Issue date: 2021-05-18 CVE Names: CVE-2020-12695 ==================================================================== 1. Summary:
An update for gssdp and gupnp is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat CodeReady Linux Builder (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
GUPnP is an object-oriented open source framework for creating UPnP devices and control points, written in C using GObject and libsoup. The GUPnP API is intended to be easy to use, efficient and flexible.
GSSDP implements resource discovery and announcement over SSDP and is part of gUPnP.
The following packages have been upgraded to a later upstream version: gssdp (1.0.5), gupnp (1.0.6). (BZ#1846589, BZ#1861928)
Security Fix(es):
- hostapd: UPnP SUBSCRIBE misbehavior in WPS AP (CVE-2020-12695)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1846006 - CVE-2020-12695 hostapd: UPnP SUBSCRIBE misbehavior in WPS AP
- Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source: gssdp-1.0.5-1.el8.src.rpm gupnp-1.0.6-1.el8.src.rpm
aarch64: gssdp-1.0.5-1.el8.aarch64.rpm gssdp-debuginfo-1.0.5-1.el8.aarch64.rpm gssdp-debugsource-1.0.5-1.el8.aarch64.rpm gssdp-utils-debuginfo-1.0.5-1.el8.aarch64.rpm gupnp-1.0.6-1.el8.aarch64.rpm gupnp-debuginfo-1.0.6-1.el8.aarch64.rpm gupnp-debugsource-1.0.6-1.el8.aarch64.rpm
ppc64le: gssdp-1.0.5-1.el8.ppc64le.rpm gssdp-debuginfo-1.0.5-1.el8.ppc64le.rpm gssdp-debugsource-1.0.5-1.el8.ppc64le.rpm gssdp-utils-debuginfo-1.0.5-1.el8.ppc64le.rpm gupnp-1.0.6-1.el8.ppc64le.rpm gupnp-debuginfo-1.0.6-1.el8.ppc64le.rpm gupnp-debugsource-1.0.6-1.el8.ppc64le.rpm
s390x: gssdp-1.0.5-1.el8.s390x.rpm gssdp-debuginfo-1.0.5-1.el8.s390x.rpm gssdp-debugsource-1.0.5-1.el8.s390x.rpm gssdp-utils-debuginfo-1.0.5-1.el8.s390x.rpm gupnp-1.0.6-1.el8.s390x.rpm gupnp-debuginfo-1.0.6-1.el8.s390x.rpm gupnp-debugsource-1.0.6-1.el8.s390x.rpm
x86_64: gssdp-1.0.5-1.el8.i686.rpm gssdp-1.0.5-1.el8.x86_64.rpm gssdp-debuginfo-1.0.5-1.el8.i686.rpm gssdp-debuginfo-1.0.5-1.el8.x86_64.rpm gssdp-debugsource-1.0.5-1.el8.i686.rpm gssdp-debugsource-1.0.5-1.el8.x86_64.rpm gssdp-utils-debuginfo-1.0.5-1.el8.i686.rpm gssdp-utils-debuginfo-1.0.5-1.el8.x86_64.rpm gupnp-1.0.6-1.el8.i686.rpm gupnp-1.0.6-1.el8.x86_64.rpm gupnp-debuginfo-1.0.6-1.el8.i686.rpm gupnp-debuginfo-1.0.6-1.el8.x86_64.rpm gupnp-debugsource-1.0.6-1.el8.i686.rpm gupnp-debugsource-1.0.6-1.el8.x86_64.rpm
Red Hat CodeReady Linux Builder (v. 8):
aarch64: gssdp-debuginfo-1.0.5-1.el8.aarch64.rpm gssdp-debugsource-1.0.5-1.el8.aarch64.rpm gssdp-devel-1.0.5-1.el8.aarch64.rpm gssdp-utils-debuginfo-1.0.5-1.el8.aarch64.rpm gupnp-debuginfo-1.0.6-1.el8.aarch64.rpm gupnp-debugsource-1.0.6-1.el8.aarch64.rpm gupnp-devel-1.0.6-1.el8.aarch64.rpm
noarch: gssdp-docs-1.0.5-1.el8.noarch.rpm
ppc64le: gssdp-debuginfo-1.0.5-1.el8.ppc64le.rpm gssdp-debugsource-1.0.5-1.el8.ppc64le.rpm gssdp-devel-1.0.5-1.el8.ppc64le.rpm gssdp-utils-debuginfo-1.0.5-1.el8.ppc64le.rpm gupnp-debuginfo-1.0.6-1.el8.ppc64le.rpm gupnp-debugsource-1.0.6-1.el8.ppc64le.rpm gupnp-devel-1.0.6-1.el8.ppc64le.rpm
s390x: gssdp-debuginfo-1.0.5-1.el8.s390x.rpm gssdp-debugsource-1.0.5-1.el8.s390x.rpm gssdp-devel-1.0.5-1.el8.s390x.rpm gssdp-utils-debuginfo-1.0.5-1.el8.s390x.rpm gupnp-debuginfo-1.0.6-1.el8.s390x.rpm gupnp-debugsource-1.0.6-1.el8.s390x.rpm gupnp-devel-1.0.6-1.el8.s390x.rpm
x86_64: gssdp-debuginfo-1.0.5-1.el8.i686.rpm gssdp-debuginfo-1.0.5-1.el8.x86_64.rpm gssdp-debugsource-1.0.5-1.el8.i686.rpm gssdp-debugsource-1.0.5-1.el8.x86_64.rpm gssdp-devel-1.0.5-1.el8.i686.rpm gssdp-devel-1.0.5-1.el8.x86_64.rpm gssdp-utils-debuginfo-1.0.5-1.el8.i686.rpm gssdp-utils-debuginfo-1.0.5-1.el8.x86_64.rpm gupnp-debuginfo-1.0.6-1.el8.i686.rpm gupnp-debuginfo-1.0.6-1.el8.x86_64.rpm gupnp-debugsource-1.0.6-1.el8.i686.rpm gupnp-debugsource-1.0.6-1.el8.x86_64.rpm gupnp-devel-1.0.6-1.el8.i686.rpm gupnp-devel-1.0.6-1.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-12695 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYKPxUtzjgjWX9erEAQhZhw//Ypgq/0qu2SS/hw8alPmqQ6CG5C/xOqF6 uJL5HVQ+KPu8Go+UifB3xP3Izm9GYh9aNpcR3bPTx3NsfJdQyzPNSo8O2bC3mUBl Lw6Bh++uhaNx3ADaKfceEG5teXbkwAadSft0W7j9jiY70qjVWfvqKjzBS3UyOL/P ++SdPU96uOX9nAkeT3wqirWjXDjUMJLao6AvRtXOXJ2MNwJp436S/KemSkMq2Mg7 izSYf7Biojg5SMNM4rsFBSnIqmehomfsVFetttHImCfTYteTfddti42gMelZyG8k MK4CJw1DeR1e30teWaHnoVa9xAPJMKx56RG3/Wr+6Y5nK0rFZoZuMiJn2b7KodcH fYbfxkwrQQ/R9bYZn03YgCz4zl/hetsoITKFHcsPNB9qtdRdtQhYzeOG+AyiawWh YtF3vlomMlaxuOZV9zTJUIWZX/ev6wWx8VsXuHKMBwtBxO7l3M0Hd+BOxRPVE/mu m+DBcBQp7fvaw55tCAQtHS3CKvgGYijDvOFHBOkQw5Zh9ttdfLlKo4H4NU0W4dLN HJWuKGelB2vGc0eoqZ7yCi2xuWBYxjDIoYGzlwPJSnrrguqeLfOKVykja8AYpIET V/XCUk/geIiEbSRwAR8EPXDpTLLicGrR6pbekpMfALm/GGc5I4RyA9AbVNJ9fF+a 7bb2GlcOcWo=2GSN -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================= Ubuntu Security Notice USN-4722-1 February 04, 2021
minidlna vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
ReadyMedia (MiniDLNA) could be made to crash if it received specially crafted input. (CVE-2020-12695)
It was discovered that ReadyMedia (MiniDLNA) allowed remote code execution. A remote attacker could send a malicious UPnP HTTP request to the service using HTTP chunked encoding and cause a denial of service. (CVE-2020-28926)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.10: minidlna 1.2.1+dfsg-2ubuntu0.1
Ubuntu 20.04 LTS: minidlna 1.2.1+dfsg-1ubuntu0.20.04.1
Ubuntu 18.04 LTS: minidlna 1.2.1+dfsg-1ubuntu0.18.04.1
Ubuntu 16.04 LTS: minidlna 1.1.5+dfsg-2ubuntu0.1
In general, a standard system update will make all the necessary changes
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "envy 4524 k9t01a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "vmg8324-b10a",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": null
},
{
"_id": null,
"model": "5030 m2u92b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 5542 k7c88a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "adsl",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": null
},
{
"_id": null,
"model": "envy 6020 5se16b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 114 cq812a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "officejet 4654 f1j07b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 5531",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 4505 a9t86a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 111 cq810a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 4500 a9t80b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 4502 a9t85a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 5547 j6u64a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 5664 f8b08a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy photo 6200 y0k13d",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "deskjet ink advantage 5575 g0v48b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 4503 e6g71b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy photo 7800 k7r96a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 4502 a9t87b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 5530",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 5546 k7c90a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 5642 b9s64a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 5000 m2u85a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "xp-8600",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"_id": null,
"model": "deskjet ink advantage 4675 f1h97b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 5536",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 7645 e4w44a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy photo 6234 k7s21b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 4513 k9h51a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "deskjet ink advantage 4538 f0v66b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 6020 5se17a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 114 cq811b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 5545 g0v50a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "b1165nfw",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": null
},
{
"_id": null,
"model": "deskjet ink advantage 4515",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "wap131",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "envy 4520 f0v63a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "ep-101",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"_id": null,
"model": "xp-702",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"_id": null,
"model": "xp-330",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"_id": null,
"model": "xp-970",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"_id": null,
"model": "officejet 4652 k9v84b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy photo 7155 z3m52a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 4522 f0v67a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 4520 e6g67b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 4500 a9t80a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 4526 k9t05b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "xp-320",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"_id": null,
"model": "officejet 4650 f1h96b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy photo 7100 z3m52a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "ew-m970a3t",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"_id": null,
"model": "envy 100 cn517a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 110 cq809b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "deskjet ink advantage 3548 a9t81b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "officejet 4658 v6d30b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy photo 7800 k7s10d",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 4511 k9h50a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 4508 e6g72b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "xp-4105",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"_id": null,
"model": "envy photo 6252 k7g22a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "m571t",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"_id": null,
"model": "deskjet ink advantage 5575 g0v48c",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "officejet 4654 f1j06b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 5000 z4a54a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy pro 6455 5se45a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "wap351",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "envy 5541 k7g89a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 4509 d3p94b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy photo 7164 k7g99a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "xp-2101",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"_id": null,
"model": "envy 4504 c8d04a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "deskjet ink advantage 4535 f0v64c",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 5535",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 4512 k9h49a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "deskjet ink advantage 4535 f0v64b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy photo 7100 k7g99a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "hostapd",
"scope": "lt",
"trust": 1.0,
"vendor": "w1 fi",
"version": "2.0.0"
},
{
"_id": null,
"model": "wap150",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "officejet 4655 k9v82b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 5640 b9s58a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 6020 6wd35a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 4528 k9t08b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 110 cq809a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "zxv10 w300",
"scope": "eq",
"trust": 1.0,
"vendor": "zte",
"version": null
},
{
"_id": null,
"model": "envy photo 6222 y0k14d",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "deskjet ink advantage 4675 f1h97c",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 5000 z4a74a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy photo 7100 3xd89a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "deskjet ink advantage 4535 f0v64a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 5000 m2u91a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "*"
},
{
"_id": null,
"model": "deskjet ink advantage 4675 f1h97a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy photo 7800 k7s00a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "xp-630",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"_id": null,
"model": "xp-620",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"_id": null,
"model": "envy pro 6420 6wd16a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "officejet 4650 e6g87a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "unifi controller",
"scope": "eq",
"trust": 1.0,
"vendor": "ui",
"version": null
},
{
"_id": null,
"model": "deskjet ink advantage 4676 f1h98a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 4500 a9t89a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 5540 g0v47a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "deskjet ink advantage 3456 a9t84c",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "5660 f8b04a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 5643 b9s63a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "selphy cp1200",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": null
},
{
"_id": null,
"model": "envy photo 7120 z3m41d",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 4516 k9h52a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "officejet 4655 f1j00a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 6540 b9s59a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 5532",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 7644 e4w46a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 110 cq812c",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "deskjet ink advantage 3545 a9t81a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "xp-4100",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"_id": null,
"model": "envy 100 cn517c",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "5020 z4a69a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy photo 7800 y0g52b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 120 cz022a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy photo 7822 y0g42d",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "dvg-n5412sp",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"_id": null,
"model": "envy 5540 g0v51a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 4523 j6u60b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy photo 7800 y0g42d",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 4507 e6g70b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 100 cn519b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 5544 k7c89a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 4521 k9t10b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 120 cz022b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy pro 6420 5se46a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy pro 6420 6wd14a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "officejet 4652 f1j02a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy photo 7100 k7g93a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "deskjet ink advantage 4518",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "officejet 4650 f1h96a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 5646 f8b05a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 5665 f8b06a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 7640",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 5543 n9u88a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 5544 k7c93a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "hg255s",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"_id": null,
"model": "envy pro 6420 5se45b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "31"
},
{
"_id": null,
"model": "xp-2105",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"_id": null,
"model": "envy 110 cq809d",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy photo 6200 k7g26b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 5539",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 5644 b9s65a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 100 cn519a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 4501 c8d05a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 4509 d3p94a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "officejet 4655 k9v79a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "xp-100",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"_id": null,
"model": "envy 5540 g0v53a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "20.04"
},
{
"_id": null,
"model": "envy 5640 b9s56a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "officejet 4656 k9v81b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"_id": null,
"model": "envy photo 6200 k7s21b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy photo 6220 k7g20d",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "xp-340",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"_id": null,
"model": "hg532e",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"_id": null,
"model": "envy 4520 f0v63b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"_id": null,
"model": "5030 z4a70a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 4524 f0v71b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 110 cq809c",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 6020 7cz37a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "deskjet ink advantage 4536 f0v65a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy photo 6230 k7g25b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy photo 7822 y0g43d",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 100 cn517b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 120 cz022c",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 4500 d3p93a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "xp-960",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"_id": null,
"model": "envy 4520 f0v69a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 4525 k9t09b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "zonedirector 1200",
"scope": "eq",
"trust": 1.0,
"vendor": "ruckussecurity",
"version": null
},
{
"_id": null,
"model": "envy photo 6232 k7g26b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 5000 m2u91a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "5034 z4a74a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"_id": null,
"model": "envy 4520 e6g67a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy pro 6452 5se47a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "wr8165n",
"scope": "eq",
"trust": 1.0,
"vendor": "nec",
"version": null
},
{
"_id": null,
"model": "deskjet ink advantage 3545 a9t83b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "deskjet ink advantage 4678 f1h99b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "deskjet ink advantage 3546 a9t82a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 4527 j6u61b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 5548 k7g87a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy photo 6220 k7g21b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "xp-8500",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"_id": null,
"model": "xp-440",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"_id": null,
"model": "windows 10",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "envy 5000 m2u94b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 4504 a9t88b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy photo 6200 k7g18a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy photo 7100 z3m37a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 5020 m2u91b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 4524 f0v72b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "officejet 4657 v6d29b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "xp-241",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"_id": null,
"model": "deskjet ink advantage 3545 a9t81c",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "xbox one",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "10.0.19041.2494"
},
{
"_id": null,
"model": "envy 5534",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 5000 m2u85b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 100 cn518a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "rt-n11",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": null
},
{
"_id": null,
"model": "amg1202-t10b",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": null
},
{
"_id": null,
"model": "officejet 4652 f1j05b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "wnhde111",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": null
},
{
"_id": null,
"model": "envy 114 cq811a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy photo 7830 y0g50b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 5540 g0v52a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 6055 5se16a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 5540 f2e72a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy photo 6222 y0k13d",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy photo 6200 y0k15a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "archer c50",
"scope": "eq",
"trust": 1.0,
"vendor": "tp link",
"version": null
},
{
"_id": null,
"model": "envy 5540 k7c85a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "envy 6052 5se18a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "rt-n11",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"_id": null,
"model": "adsl",
"scope": null,
"trust": 0.8,
"vendor": "broadcom",
"version": null
},
{
"_id": null,
"model": "dvg-n5412sp",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "unifi controller",
"scope": null,
"trust": 0.8,
"vendor": "ubiquiti",
"version": null
},
{
"_id": null,
"model": "hostapd",
"scope": null,
"trust": 0.8,
"vendor": "w1 fi",
"version": null
},
{
"_id": null,
"model": "selphy cp1200",
"scope": null,
"trust": 0.8,
"vendor": "canon",
"version": null
},
{
"_id": null,
"model": "wap131",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "wap150",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "wap351",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "b1165nfw",
"scope": null,
"trust": 0.8,
"vendor": "dell",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006708"
},
{
"db": "NVD",
"id": "CVE-2020-12695"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:asus:rt-n11",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:broadcom:adsl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:d-link:dvg-n5412sp",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ubiquiti_networks:unifi_controller",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:w1.fi:hostapd",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:canon:selphy_cp1200",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:wap131",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:wap150",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:wap351",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dell:b1165nfw",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006708"
}
]
},
"credits": {
"_id": null,
"data": "This vulnerability was reported by Yunus \u00c7adirci from EY Turkey. This document was written by Vijay Sarvepalli. ",
"sources": [
{
"db": "CERT/CC",
"id": "VU#339275"
}
],
"trust": 0.8
},
"cve": "CVE-2020-12695",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2020-12695",
"impactScore": 7.8,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-006708",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-165399",
"impactScore": 7.8,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.2,
"id": "CVE-2020-12695",
"impactScore": 4.7,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2020-006708",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-12695",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-006708",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-597",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-165399",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-12695",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-165399"
},
{
"db": "VULMON",
"id": "CVE-2020-12695"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-597"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006708"
},
{
"db": "NVD",
"id": "CVE-2020-12695"
}
]
},
"description": {
"_id": null,
"data": "The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. The Universal Plug and Play (UPnP) protocol in effect prior to April 17, 2020 can be abused to send traffic to arbitrary destinations using the SUBSCRIBE functionality. The UPnP protocol, as specified by the Open Connectivity Foundation (OCF), is designed to provide automatic discovery and interaction with devices on a network. The UPnP protocol is designed to be used in a trusted local area network (LAN) and the protocol does not implement any form of authentication or verification. Many common Internet-connected devices support UPnP, as noted in previous research from Daniel Garcia (VU#357851) and Rapid7. Garcia presented at DEFCON 2019 and published a scanning and portmapping tool. The UPnP Device Protection service was not widely adopted. A vulnerability in the UPnP SUBSCRIBE capability permits an attacker to send large amounts of data to arbitrary destinations accessible over the Internet, which could lead to a Distributed Denial of Service (DDoS), data exfiltration, and other unexpected network behavior. The OCF has updated the UPnP specification to address this issue. This vulnerability has been assigned CVE-2020-12695 and is also known as Call Stranger. Although offering UPnP services on the Internet is generally considered to be a misconfiguration, a number of devices are still available over the Internet according to a recent Shodan scan. A remote, unauthenticated attacker may be able to abuse the UPnP SUBSCRIBE capability to send traffic to arbitrary destinations, leading to amplified DDoS attacks and data exfiltration. In general, making UPnP available over the the Internet can pose further security vulnerabilities than the one described in this vulnerability note. Open Connectivity Foundation UPnP There is a vulnerability in the specification regarding improper default permissions.Information is obtained and service operation is interrupted (DoS) It may be put into a state. A security vulnerability exists in UPnP versions prior to 2020-04-17. \n\nCVE-2020-12695\n\n It was discovered that hostapd does not properly handle UPnP\n subscribe messages under certain conditions, allowing an attacker to\n cause a denial of service. \n\nCVE-2021-0326\n\n It was discovered that wpa_supplicant does not properly process P2P\n (Wi-Fi Direct) group information from active group owners. An\n attacker within radio range of the device running P2P could take\n advantage of this flaw to cause a denial of service or potentially\n execute arbitrary code. \n\nCVE-2021-27803\n\n It was discovered that wpa_supplicant does not properly process\n P2P (Wi-Fi Direct) provision discovery requests. An attacker\n within radio range of the device running P2P could take advantage\n of this flaw to cause a denial of service or potentially execute\n arbitrary code. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2:2.7+git20190128+0c1e29f-6+deb10u3. \n\nWe recommend that you upgrade your wpa packages. \n\nFor the detailed security status of wpa please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/wpa\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmCBxcZfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0QRbw//chJxW9vhszfe/MrHkuEBC/y0jzkQ0GxJG/DT+EXvHnq8KyVht92B81sU\nIa860UeNygOY1vAe8izNVpxPEi1PpI7Y6VfvqcWC5dMFNEmOk8yMzJXPDYtwrO3b\nq7Fq6MJys6HTooIInCVjdwVTmvVfocEiOl2Oy+smBE8ylkUPIShJj+UsnBR3qMCB\n9IoxgeFsHl4HpRzsC1uiTMmNPUqqychqzyn26aA+Vp5nfPkvpsSc6aA68BBUm529\n5udANpQneYrsQ+EKMm2wQmw9xNWbrqzRUCmi/XGxJ5YEibOjMLZeBMWq35MRQKDS\nBaaEPbjPMbBP7p6yp795pdt/XgNL1cJPejEBBQWPs3PrRuW/inhjJbSvenPl5AIB\nwOV8OzoxDw0m5DdYr2IuYRNu3zt743e/v5oDhDOiSteBl7zjs4cUohfOryaH/htN\n7Ok3BbhfVc7xfW/XhXNq2axXPGDdSOI3Y6ZXPgiTlX3eIm8Culg7Rm52JprbAc0a\naP0pkGjHO3MAIsvRU/H7WGJbhCdS0i/XTAbuJming5zzCpigGaQG9wOawYH4lNJV\nBNEX/DjjcsZ4oETxWn0sG/LVIl3m2TCry2cayZsy8806nTqlhFS2py5tx6gn5NBi\ne5JGaYRgwa6TUxj4UjWnbdIKMpElbtXbMIOHSvG2Gnx/21siyg0=\n=CU/j\n-----END PGP SIGNATURE-----\n. In addition minidlna was susceptible to the\n\"CallStranger\" UPnP vulnerability. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: gssdp and gupnp security update\nAdvisory ID: RHSA-2021:1789-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:1789\nIssue date: 2021-05-18\nCVE Names: CVE-2020-12695\n====================================================================\n1. Summary:\n\nAn update for gssdp and gupnp is now available for Red Hat Enterprise Linux\n8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat CodeReady Linux Builder (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nGUPnP is an object-oriented open source framework for creating UPnP devices\nand control points, written in C using GObject and libsoup. The GUPnP API\nis intended to be easy to use, efficient and flexible. \n\nGSSDP implements resource discovery and announcement over SSDP and is part\nof gUPnP. \n\nThe following packages have been upgraded to a later upstream version:\ngssdp (1.0.5), gupnp (1.0.6). (BZ#1846589, BZ#1861928)\n\nSecurity Fix(es):\n\n* hostapd: UPnP SUBSCRIBE misbehavior in WPS AP (CVE-2020-12695)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.4 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1846006 - CVE-2020-12695 hostapd: UPnP SUBSCRIBE misbehavior in WPS AP\n\n6. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 8):\n\nSource:\ngssdp-1.0.5-1.el8.src.rpm\ngupnp-1.0.6-1.el8.src.rpm\n\naarch64:\ngssdp-1.0.5-1.el8.aarch64.rpm\ngssdp-debuginfo-1.0.5-1.el8.aarch64.rpm\ngssdp-debugsource-1.0.5-1.el8.aarch64.rpm\ngssdp-utils-debuginfo-1.0.5-1.el8.aarch64.rpm\ngupnp-1.0.6-1.el8.aarch64.rpm\ngupnp-debuginfo-1.0.6-1.el8.aarch64.rpm\ngupnp-debugsource-1.0.6-1.el8.aarch64.rpm\n\nppc64le:\ngssdp-1.0.5-1.el8.ppc64le.rpm\ngssdp-debuginfo-1.0.5-1.el8.ppc64le.rpm\ngssdp-debugsource-1.0.5-1.el8.ppc64le.rpm\ngssdp-utils-debuginfo-1.0.5-1.el8.ppc64le.rpm\ngupnp-1.0.6-1.el8.ppc64le.rpm\ngupnp-debuginfo-1.0.6-1.el8.ppc64le.rpm\ngupnp-debugsource-1.0.6-1.el8.ppc64le.rpm\n\ns390x:\ngssdp-1.0.5-1.el8.s390x.rpm\ngssdp-debuginfo-1.0.5-1.el8.s390x.rpm\ngssdp-debugsource-1.0.5-1.el8.s390x.rpm\ngssdp-utils-debuginfo-1.0.5-1.el8.s390x.rpm\ngupnp-1.0.6-1.el8.s390x.rpm\ngupnp-debuginfo-1.0.6-1.el8.s390x.rpm\ngupnp-debugsource-1.0.6-1.el8.s390x.rpm\n\nx86_64:\ngssdp-1.0.5-1.el8.i686.rpm\ngssdp-1.0.5-1.el8.x86_64.rpm\ngssdp-debuginfo-1.0.5-1.el8.i686.rpm\ngssdp-debuginfo-1.0.5-1.el8.x86_64.rpm\ngssdp-debugsource-1.0.5-1.el8.i686.rpm\ngssdp-debugsource-1.0.5-1.el8.x86_64.rpm\ngssdp-utils-debuginfo-1.0.5-1.el8.i686.rpm\ngssdp-utils-debuginfo-1.0.5-1.el8.x86_64.rpm\ngupnp-1.0.6-1.el8.i686.rpm\ngupnp-1.0.6-1.el8.x86_64.rpm\ngupnp-debuginfo-1.0.6-1.el8.i686.rpm\ngupnp-debuginfo-1.0.6-1.el8.x86_64.rpm\ngupnp-debugsource-1.0.6-1.el8.i686.rpm\ngupnp-debugsource-1.0.6-1.el8.x86_64.rpm\n\nRed Hat CodeReady Linux Builder (v. 8):\n\naarch64:\ngssdp-debuginfo-1.0.5-1.el8.aarch64.rpm\ngssdp-debugsource-1.0.5-1.el8.aarch64.rpm\ngssdp-devel-1.0.5-1.el8.aarch64.rpm\ngssdp-utils-debuginfo-1.0.5-1.el8.aarch64.rpm\ngupnp-debuginfo-1.0.6-1.el8.aarch64.rpm\ngupnp-debugsource-1.0.6-1.el8.aarch64.rpm\ngupnp-devel-1.0.6-1.el8.aarch64.rpm\n\nnoarch:\ngssdp-docs-1.0.5-1.el8.noarch.rpm\n\nppc64le:\ngssdp-debuginfo-1.0.5-1.el8.ppc64le.rpm\ngssdp-debugsource-1.0.5-1.el8.ppc64le.rpm\ngssdp-devel-1.0.5-1.el8.ppc64le.rpm\ngssdp-utils-debuginfo-1.0.5-1.el8.ppc64le.rpm\ngupnp-debuginfo-1.0.6-1.el8.ppc64le.rpm\ngupnp-debugsource-1.0.6-1.el8.ppc64le.rpm\ngupnp-devel-1.0.6-1.el8.ppc64le.rpm\n\ns390x:\ngssdp-debuginfo-1.0.5-1.el8.s390x.rpm\ngssdp-debugsource-1.0.5-1.el8.s390x.rpm\ngssdp-devel-1.0.5-1.el8.s390x.rpm\ngssdp-utils-debuginfo-1.0.5-1.el8.s390x.rpm\ngupnp-debuginfo-1.0.6-1.el8.s390x.rpm\ngupnp-debugsource-1.0.6-1.el8.s390x.rpm\ngupnp-devel-1.0.6-1.el8.s390x.rpm\n\nx86_64:\ngssdp-debuginfo-1.0.5-1.el8.i686.rpm\ngssdp-debuginfo-1.0.5-1.el8.x86_64.rpm\ngssdp-debugsource-1.0.5-1.el8.i686.rpm\ngssdp-debugsource-1.0.5-1.el8.x86_64.rpm\ngssdp-devel-1.0.5-1.el8.i686.rpm\ngssdp-devel-1.0.5-1.el8.x86_64.rpm\ngssdp-utils-debuginfo-1.0.5-1.el8.i686.rpm\ngssdp-utils-debuginfo-1.0.5-1.el8.x86_64.rpm\ngupnp-debuginfo-1.0.6-1.el8.i686.rpm\ngupnp-debuginfo-1.0.6-1.el8.x86_64.rpm\ngupnp-debugsource-1.0.6-1.el8.i686.rpm\ngupnp-debugsource-1.0.6-1.el8.x86_64.rpm\ngupnp-devel-1.0.6-1.el8.i686.rpm\ngupnp-devel-1.0.6-1.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-12695\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYKPxUtzjgjWX9erEAQhZhw//Ypgq/0qu2SS/hw8alPmqQ6CG5C/xOqF6\nuJL5HVQ+KPu8Go+UifB3xP3Izm9GYh9aNpcR3bPTx3NsfJdQyzPNSo8O2bC3mUBl\nLw6Bh++uhaNx3ADaKfceEG5teXbkwAadSft0W7j9jiY70qjVWfvqKjzBS3UyOL/P\n++SdPU96uOX9nAkeT3wqirWjXDjUMJLao6AvRtXOXJ2MNwJp436S/KemSkMq2Mg7\nizSYf7Biojg5SMNM4rsFBSnIqmehomfsVFetttHImCfTYteTfddti42gMelZyG8k\nMK4CJw1DeR1e30teWaHnoVa9xAPJMKx56RG3/Wr+6Y5nK0rFZoZuMiJn2b7KodcH\nfYbfxkwrQQ/R9bYZn03YgCz4zl/hetsoITKFHcsPNB9qtdRdtQhYzeOG+AyiawWh\nYtF3vlomMlaxuOZV9zTJUIWZX/ev6wWx8VsXuHKMBwtBxO7l3M0Hd+BOxRPVE/mu\nm+DBcBQp7fvaw55tCAQtHS3CKvgGYijDvOFHBOkQw5Zh9ttdfLlKo4H4NU0W4dLN\nHJWuKGelB2vGc0eoqZ7yCi2xuWBYxjDIoYGzlwPJSnrrguqeLfOKVykja8AYpIET\nV/XCUk/geIiEbSRwAR8EPXDpTLLicGrR6pbekpMfALm/GGc5I4RyA9AbVNJ9fF+a\n7bb2GlcOcWo=2GSN\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. =========================================================================\nUbuntu Security Notice USN-4722-1\nFebruary 04, 2021\n\nminidlna vulnerabilities\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 20.10\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n\nSummary:\n\nReadyMedia (MiniDLNA) could be made to crash if it received specially crafted\ninput. (CVE-2020-12695)\n\nIt was discovered that ReadyMedia (MiniDLNA) allowed remote code execution. \nA remote attacker could send a malicious UPnP HTTP request to the service\nusing HTTP chunked encoding and cause a denial of service. \n(CVE-2020-28926)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 20.10:\n minidlna 1.2.1+dfsg-2ubuntu0.1\n\nUbuntu 20.04 LTS:\n minidlna 1.2.1+dfsg-1ubuntu0.20.04.1\n\nUbuntu 18.04 LTS:\n minidlna 1.2.1+dfsg-1ubuntu0.18.04.1\n\nUbuntu 16.04 LTS:\n minidlna 1.1.5+dfsg-2ubuntu0.1\n\nIn general, a standard system update will make all the necessary changes",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12695"
},
{
"db": "CERT/CC",
"id": "VU#339275"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006708"
},
{
"db": "VULHUB",
"id": "VHN-165399"
},
{
"db": "VULMON",
"id": "CVE-2020-12695"
},
{
"db": "PACKETSTORM",
"id": "169049"
},
{
"db": "PACKETSTORM",
"id": "168951"
},
{
"db": "PACKETSTORM",
"id": "162672"
},
{
"db": "PACKETSTORM",
"id": "159172"
},
{
"db": "PACKETSTORM",
"id": "161288"
},
{
"db": "PACKETSTORM",
"id": "161397"
}
],
"trust": 3.06
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-12695",
"trust": 4.0
},
{
"db": "CERT/CC",
"id": "VU#339275",
"trust": 3.3
},
{
"db": "PACKETSTORM",
"id": "158051",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2020/06/08/2",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "161288",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162672",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "159172",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006708",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202006-597",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2021122905",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021052202",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1382",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0575",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4315",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1728",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0417",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4372",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2705",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4315.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2733",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3160",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "161397",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "161444",
"trust": 0.1
},
{
"db": "CNVD",
"id": "CNVD-2020-37941",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-165399",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-12695",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169049",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168951",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#339275"
},
{
"db": "VULHUB",
"id": "VHN-165399"
},
{
"db": "VULMON",
"id": "CVE-2020-12695"
},
{
"db": "PACKETSTORM",
"id": "169049"
},
{
"db": "PACKETSTORM",
"id": "168951"
},
{
"db": "PACKETSTORM",
"id": "162672"
},
{
"db": "PACKETSTORM",
"id": "159172"
},
{
"db": "PACKETSTORM",
"id": "161288"
},
{
"db": "PACKETSTORM",
"id": "161397"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-597"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006708"
},
{
"db": "NVD",
"id": "CVE-2020-12695"
}
]
},
"id": "VAR-202006-0391",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-165399"
}
],
"trust": 0.6724206283333333
},
"last_update_date": "2026-04-10T22:22:02.011000Z",
"patch": {
"_id": null,
"data": [
{
"title": "RT-N11",
"trust": 0.8,
"url": "https://www.asus.com/us/Networking/RTN11/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.broadcom.com/"
},
{
"title": "Canon SELPHY CP1200",
"trust": 0.8,
"url": "https://en.canon-me.com/support/consumer_products/products/printers/compact_photo/cd__cp_series/selphy_cp1200.html?type=drivers\u0026language=\u0026os=windows%208.1%20(64-bit)"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.cisco.com/c/en/us/index.html"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "https://us.dlink.com/en/consumer"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.dell.com/en-us"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "https://community.ui.com/"
},
{
"title": "hostapd",
"trust": 0.8,
"url": "https://jvndb.jvn.jp/ja/contents/2019/JVNDB-2019-013311.html"
},
{
"title": "Debian CVElist Bug Report Logs: wpa: CVE-2020-12695",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=cdef40da4b3b6b2f4fcf08e447d20494"
},
{
"title": "Debian Security Advisories: DSA-4806-1 minidlna -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=5e0b1e00748aee507290bde9650370c7"
},
{
"title": "Arch Linux Advisories: [ASA-202012-16] hostapd: proxy injection",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202012-16"
},
{
"title": "Debian Security Advisories: DSA-4898-1 wpa -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=2832d7aeef980951ddf42089219be7b3"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2020-12695 log"
},
{
"title": "awesome-from-stars",
"trust": 0.1,
"url": "https://github.com/krzemienski/awesome-from-stars "
},
{
"title": "callstranger-detector",
"trust": 0.1,
"url": "https://github.com/corelight/callstranger-detector "
},
{
"title": "CallStranger",
"trust": 0.1,
"url": "https://github.com/yunuscadirci/CallStranger "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Xcod3bughunt3r/CallStranger "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/yunuscadirci/DIALStranger "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/aoeII/asuswrt-for-Tenda-AC9-Router "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-12695"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006708"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-276",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-165399"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006708"
},
{
"db": "NVD",
"id": "CVE-2020-12695"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.1,
"url": "https://www.kb.cert.org/vuls/id/339275"
},
{
"trust": 2.5,
"url": "https://github.com/yunuscadirci/callstranger"
},
{
"trust": 2.5,
"url": "https://www.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of"
},
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/158051/callstranger-upnp-vulnerability-checker.html"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2020/dsa-4806"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2021/dsa-4898"
},
{
"trust": 1.7,
"url": "https://corelight.blog/2020/06/10/detecting-the-new-callstranger-upnp-vulnerability-with-zeek/"
},
{
"trust": 1.7,
"url": "https://github.com/corelight/callstranger-detector"
},
{
"trust": 1.7,
"url": "https://www.callstranger.com"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00011.html"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00017.html"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2020/06/08/2"
},
{
"trust": 1.7,
"url": "https://usn.ubuntu.com/4494-1/"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12695"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/rqeyvy4d7lash6ai4wk3ik2qbfhhf3q2/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/mzdwhkgn3lmgsueoaavamod3iuipjvoj/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/l3shl4lofghj3dixsuiqelgvbdj7v7lb/"
},
{
"trust": 0.8,
"url": "https://callstranger.com"
},
{
"trust": 0.8,
"url": "https://openconnectivity.org/developer/specifications/upnp-resources/upnp/"
},
{
"trust": 0.8,
"url": "https://kb.cert.org/vuls/search/?q=upnp"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12695"
},
{
"trust": 0.8,
"url": "https://jvn.jp/ta/jvnta95827565/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/rqeyvy4d7lash6ai4wk3ik2qbfhhf3q2/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/mzdwhkgn3lmgsueoaavamod3iuipjvoj/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/l3shl4lofghj3dixsuiqelgvbdj7v7lb/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021052202"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4372/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1728"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162672/red-hat-security-advisory-2021-1789-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021122905"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0417"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3160/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2733/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1382"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159172/ubuntu-security-notice-usn-4494-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4315.2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0575"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2705/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4315/"
},
{
"trust": 0.6,
"url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200701-01-upnp-cn"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161288/ubuntu-security-notice-usn-4722-1.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/upnp-information-disclosure-via-subscribe-delivery-url-32701"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-0326"
},
{
"trust": 0.2,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.2,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28926"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27803"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/wpa"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/minidlna"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12695"
},
{
"trust": 0.1,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1789"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/gupnp/1.2.3-0ubuntu0.20.04.1"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4494-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/minidlna/1.2.1+dfsg-1ubuntu0.18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/minidlna/1.2.1+dfsg-1ubuntu0.20.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/minidlna/1.1.5+dfsg-2ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/minidlna/1.2.1+dfsg-2ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4722-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/wpa/2.4-0ubuntu6.7"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/wpa/2:2.9-1ubuntu8.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/wpa/2:2.6-15ubuntu2.7"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/wpa/2:2.9-1ubuntu4.2"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4734-1"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#339275"
},
{
"db": "VULHUB",
"id": "VHN-165399"
},
{
"db": "PACKETSTORM",
"id": "169049"
},
{
"db": "PACKETSTORM",
"id": "168951"
},
{
"db": "PACKETSTORM",
"id": "162672"
},
{
"db": "PACKETSTORM",
"id": "159172"
},
{
"db": "PACKETSTORM",
"id": "161288"
},
{
"db": "PACKETSTORM",
"id": "161397"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-597"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006708"
},
{
"db": "NVD",
"id": "CVE-2020-12695"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "CERT/CC",
"id": "VU#339275",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-165399",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2020-12695",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "169049",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "168951",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "162672",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "159172",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "161288",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "161397",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202006-597",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006708",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-12695",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2020-06-08T00:00:00",
"db": "CERT/CC",
"id": "VU#339275",
"ident": null
},
{
"date": "2020-06-08T00:00:00",
"db": "VULHUB",
"id": "VHN-165399",
"ident": null
},
{
"date": "2020-06-08T00:00:00",
"db": "VULMON",
"id": "CVE-2020-12695",
"ident": null
},
{
"date": "2021-04-28T19:12:00",
"db": "PACKETSTORM",
"id": "169049",
"ident": null
},
{
"date": "2020-12-28T20:12:00",
"db": "PACKETSTORM",
"id": "168951",
"ident": null
},
{
"date": "2021-05-19T14:10:26",
"db": "PACKETSTORM",
"id": "162672",
"ident": null
},
{
"date": "2020-09-15T17:05:32",
"db": "PACKETSTORM",
"id": "159172",
"ident": null
},
{
"date": "2021-02-04T21:34:49",
"db": "PACKETSTORM",
"id": "161288",
"ident": null
},
{
"date": "2021-02-12T17:29:06",
"db": "PACKETSTORM",
"id": "161397",
"ident": null
},
{
"date": "2020-06-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-597",
"ident": null
},
{
"date": "2020-07-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006708",
"ident": null
},
{
"date": "2020-06-08T17:15:09.973000",
"db": "NVD",
"id": "CVE-2020-12695",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2020-07-08T00:00:00",
"db": "CERT/CC",
"id": "VU#339275",
"ident": null
},
{
"date": "2021-04-23T00:00:00",
"db": "VULHUB",
"id": "VHN-165399",
"ident": null
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-12695",
"ident": null
},
{
"date": "2023-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-597",
"ident": null
},
{
"date": "2020-07-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006708",
"ident": null
},
{
"date": "2024-11-21T05:00:05.367000",
"db": "NVD",
"id": "CVE-2020-12695",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "159172"
},
{
"db": "PACKETSTORM",
"id": "161288"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-597"
}
],
"trust": 0.8
},
"title": {
"_id": null,
"data": "Universal Plug and Play (UPnP) SUBSCRIBE can be abused to send traffic to arbitrary destinations",
"sources": [
{
"db": "CERT/CC",
"id": "VU#339275"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-597"
}
],
"trust": 0.6
}
}
VAR-200604-0209
Vulnerability from variot - Updated: 2026-03-09 23:02Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via certain invalid HTML that causes memory corruption. This can cause a variety of impacts, such as causing IE to crash. Microsoft Internet Explorer (IE) fails to properly handle HTA files. This vulnerability occurs when the browser parses invalid HTML. Attackers can exploit this vulnerability through a malicious web page or HTML email. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA06-101A
Microsoft Windows and Internet Explorer Vulnerabilities
Original release date: April 11, 2006 Last revised: -- Source: US-CERT
Systems Affected
* Microsoft Windows
* Microsoft Internet Explorer
For more complete information, refer to the Microsoft Security Bulletin Summary for April 2006.
I. Description
Microsoft Security Bulletin Summary for April 2006 addresses vulnerabilities in Microsoft Windows and Internet Explorer. (CVE-2006-0012)
II. If the user is logged on with administrative privileges, the attacker could take complete control of an affected system. An attacker may also be able to cause a denial of service.
III. Solution
Apply Updates
Microsoft has provided updates for these vulnerabilities in the Security Bulletins and on the Microsoft Update site.
Workarounds
Please see the US-CERT Vulnerability Notes for workarounds. Many of these vulnerabilities can be mitigated by following the instructions listed in the Securing Your Web Browser document.
Appendix A. References
* Microsoft Security Bulletin Summary for April 2006 -
<http://www.microsoft.com/technet/security/bulletin/ms06-apr.mspx>
* US-CERT Vulnerability Note VU#876678 -
<http://www.kb.cert.org/vuls/id/876678>
* US-CERT Vulnerability Note VU#984473 -
<http://www.kb.cert.org/vuls/id/984473>
* US-CERT Vulnerability Note VU#434641 -
<http://www.kb.cert.org/vuls/id/434641>
* US-CERT Vulnerability Note VU#503124 -
<http://www.kb.cert.org/vuls/id/503124>
* US-CERT Vulnerability Note VU#959049 -
<http://www.kb.cert.org/vuls/id/959049>
* US-CERT Vulnerability Note VU#824324 -
<http://www.kb.cert.org/vuls/id/824324>
* US-CERT Vulnerability Note VU#341028 -
<http://www.kb.cert.org/vuls/id/341028>
* US-CERT Vulnerability Note VU#234812 -
<http://www.kb.cert.org/vuls/id/234812>
* US-CERT Vulnerability Note VU#641460 -
<http://www.kb.cert.org/vuls/id/641460>
* CVE-2006-1359 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1359>
* CVE-2006-1245 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1245>
* CVE-2006-1388 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1388>
* CVE-2006-1185 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1185>
* CVE-2006-1186 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1186>
* CVE-2006-1188 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1188>
* CVE-2006-1189 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1189>
* CVE-2006-0003 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0003>
* CVE-2006-0012 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0012>
* Microsoft Update - <https://update.microsoft.com/microsoftupdate>
* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/#Internet_Ex
plorer>
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA06-101A.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA06-101A Feedback VU#876678" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2006 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
Apr 11, 2006: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRDwj9n0pj593lg50AQInJggAoOBNa20SU8JukBoK5elr5vWOLcAjycHt Cg0+064ncCpQXoWiYPrLGVzg4/MCTVUygbYl85cePp5cHSHqpfuYXoBuZwSKu36+ olQdkbU1ejViA8A0XPsQ3EgtIRlDZSgL1ncYlRM8QxK8CF7QV616ta8q6H/3EDMM i+tXy6gzQMqJeUthopzGcfpf6U5Qu9PCk/+Pj66GfFhHpARanLef2H28WFRazC+I R+vLGLFLV0gp1Iy7t267l1BhN1w1z+fXD0WwYkiTwb0mzeize8Amdqlb5c4Vn4wh HAF/XGiCe5qkMhM7kRLA70JsNfSkI38JPHWSo9/a04wFBKENCAwNpA== =w6IC -----END PGP SIGNATURE----- .
Bist Du interessiert an einem neuen Job in IT-Sicherheit?
Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/
TITLE: Internet Explorer "javaprxy.dll" Memory Corruption Vulnerability
SECUNIA ADVISORY ID: SA15891
VERIFY ADVISORY: http://secunia.com/advisories/15891/
CRITICAL: Highly critical
IMPACT: DoS, System access
WHERE:
From remote
SOFTWARE: Microsoft Internet Explorer 6.x http://secunia.com/product/11/ Microsoft Internet Explorer 5.5 http://secunia.com/product/10/ Microsoft Internet Explorer 5.01 http://secunia.com/product/9/
DESCRIPTION: SEC Consult has reported a vulnerability in Microsoft Internet Explorer, which potentially can be exploited by malicious people to compromise a user's system. This can be exploited via a malicious web site to cause a memory corruption.
The vulnerability has been reported in versions 5.01, 5.5, and 6.0.
SOLUTION: The vendor recommends setting Internet and Local intranet security zone settings to "High".
PROVIDED AND/OR DISCOVERED BY: sk0L and Martin Eiszner, SEC Consult.
ORIGINAL ADVISORY: Microsoft: http://www.microsoft.com/technet/security/advisory/903144.mspx
SEC Consult: http://www.sec-consult.com/184.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": null,
"scope": null,
"trust": 7.2,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "ie",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "6"
},
{
"_id": null,
"model": "network camera server vb101",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": "*"
},
{
"_id": null,
"model": "internet explorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "6"
},
{
"_id": null,
"model": "ie",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "5.01"
},
{
"_id": null,
"model": "internet explorer",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "5.01"
},
{
"_id": null,
"model": "internet explorer",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "6 for windows server 2003"
},
{
"_id": null,
"model": "internet explorer",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "6 for windows server 2003 for itanium-based systems"
},
{
"_id": null,
"model": "internet explorer",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "6 for windows server 2003 x64 edition"
},
{
"_id": null,
"model": "internet explorer",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "6 for windows xp"
},
{
"_id": null,
"model": "internet explorer",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "6 for windows xp professional x64 edition"
},
{
"_id": null,
"model": "internet explorer sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "5.0.1"
},
{
"_id": null,
"model": "internet explorer sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "5.0.1"
},
{
"_id": null,
"model": "internet explorer sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "5.0.1"
},
{
"_id": null,
"model": "internet explorer sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "5.0.1"
},
{
"_id": null,
"model": "internet explorer for windows nt",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "5.0.14.0"
},
{
"_id": null,
"model": "internet explorer for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "5.0.198"
},
{
"_id": null,
"model": "internet explorer for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "5.0.195"
},
{
"_id": null,
"model": "internet explorer for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "5.0.12000"
},
{
"_id": null,
"model": "internet explorer",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "5.0.1"
},
{
"_id": null,
"model": "internet explorer",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "6.0"
},
{
"_id": null,
"model": "internet explorer for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "5.098"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#234812"
},
{
"db": "CERT/CC",
"id": "VU#876678"
},
{
"db": "CERT/CC",
"id": "VU#680526"
},
{
"db": "CERT/CC",
"id": "VU#641460"
},
{
"db": "CERT/CC",
"id": "VU#341028"
},
{
"db": "CERT/CC",
"id": "VU#503124"
},
{
"db": "CERT/CC",
"id": "VU#434641"
},
{
"db": "CERT/CC",
"id": "VU#740372"
},
{
"db": "CERT/CC",
"id": "VU#939605"
},
{
"db": "BID",
"id": "17450"
},
{
"db": "CNNVD",
"id": "CNNVD-200604-144"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000172"
},
{
"db": "NVD",
"id": "CVE-2006-1185"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microsoft:internet_explorer",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-000172"
}
]
},
"credits": {
"_id": null,
"data": "Jan P. Monsch jan.monsch@csnc.ch",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200604-144"
}
],
"trust": 0.6
},
"cve": "CVE-2006-1185",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2006-1185",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-17293",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2006-1185",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#876678",
"trust": 0.8,
"value": "35.63"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#680526",
"trust": 0.8,
"value": "28.35"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#984473",
"trust": 0.8,
"value": "23.01"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#641460",
"trust": 0.8,
"value": "27.00"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#341028",
"trust": 0.8,
"value": "32.40"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#503124",
"trust": 0.8,
"value": "29.70"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#434641",
"trust": 0.8,
"value": "25.50"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#740372",
"trust": 0.8,
"value": "10.13"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#939605",
"trust": 0.8,
"value": "44.55"
},
{
"author": "NVD",
"id": "CVE-2006-1185",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200604-144",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-17293",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#876678"
},
{
"db": "CERT/CC",
"id": "VU#680526"
},
{
"db": "CERT/CC",
"id": "VU#984473"
},
{
"db": "CERT/CC",
"id": "VU#641460"
},
{
"db": "CERT/CC",
"id": "VU#341028"
},
{
"db": "CERT/CC",
"id": "VU#503124"
},
{
"db": "CERT/CC",
"id": "VU#434641"
},
{
"db": "CERT/CC",
"id": "VU#740372"
},
{
"db": "CERT/CC",
"id": "VU#939605"
},
{
"db": "VULHUB",
"id": "VHN-17293"
},
{
"db": "CNNVD",
"id": "CNNVD-200604-144"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000172"
},
{
"db": "NVD",
"id": "CVE-2006-1185"
}
]
},
"description": {
"_id": null,
"data": "Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via certain invalid HTML that causes memory corruption. This can cause a variety of impacts, such as causing IE to crash. Microsoft Internet Explorer (IE) fails to properly handle HTA files. This vulnerability occurs when the browser parses invalid HTML. \nAttackers can exploit this vulnerability through a malicious web page or HTML email. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\n\n National Cyber Alert System\n\n Technical Cyber Security Alert TA06-101A\n\n\nMicrosoft Windows and Internet Explorer Vulnerabilities\n\n Original release date: April 11, 2006\n Last revised: --\n Source: US-CERT\n\n\nSystems Affected\n\n * Microsoft Windows\n * Microsoft Internet Explorer\n\n For more complete information, refer to the Microsoft Security\n Bulletin Summary for April 2006. \n\n\nI. Description\n\n Microsoft Security Bulletin Summary for April 2006 addresses\n vulnerabilities in Microsoft Windows and Internet Explorer. \n (CVE-2006-0012)\n\n\nII. If the user is logged on with\n administrative privileges, the attacker could take complete control of\n an affected system. An attacker may also be able to cause a denial of\n service. \n\n\nIII. Solution\n\nApply Updates\n\n Microsoft has provided updates for these vulnerabilities in the\n Security Bulletins and on the Microsoft Update site. \n\nWorkarounds\n\n Please see the US-CERT Vulnerability Notes for workarounds. Many of\n these vulnerabilities can be mitigated by following the instructions\n listed in the Securing Your Web Browser document. \n\nAppendix A. References\n\n * Microsoft Security Bulletin Summary for April 2006 -\n \u003chttp://www.microsoft.com/technet/security/bulletin/ms06-apr.mspx\u003e\n\n * US-CERT Vulnerability Note VU#876678 -\n \u003chttp://www.kb.cert.org/vuls/id/876678\u003e\n\n * US-CERT Vulnerability Note VU#984473 -\n \u003chttp://www.kb.cert.org/vuls/id/984473\u003e\n\n * US-CERT Vulnerability Note VU#434641 -\n \u003chttp://www.kb.cert.org/vuls/id/434641\u003e\n\n * US-CERT Vulnerability Note VU#503124 -\n \u003chttp://www.kb.cert.org/vuls/id/503124\u003e\n\n * US-CERT Vulnerability Note VU#959049 -\n \u003chttp://www.kb.cert.org/vuls/id/959049\u003e\n\n * US-CERT Vulnerability Note VU#824324 -\n \u003chttp://www.kb.cert.org/vuls/id/824324\u003e\n\n * US-CERT Vulnerability Note VU#341028 -\n \u003chttp://www.kb.cert.org/vuls/id/341028\u003e\n\n * US-CERT Vulnerability Note VU#234812 -\n \u003chttp://www.kb.cert.org/vuls/id/234812\u003e\n\n * US-CERT Vulnerability Note VU#641460 -\n \u003chttp://www.kb.cert.org/vuls/id/641460\u003e\n\n * CVE-2006-1359 -\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1359\u003e\n\n * CVE-2006-1245 -\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1245\u003e\n\n * CVE-2006-1388 -\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1388\u003e\n\n * CVE-2006-1185 -\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1185\u003e\n\n * CVE-2006-1186 -\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1186\u003e\n\n * CVE-2006-1188 -\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1188\u003e\n\n * CVE-2006-1189 -\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1189\u003e\n\n * CVE-2006-0003 -\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0003\u003e\n\n * CVE-2006-0012 -\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0012\u003e\n\n * Microsoft Update - \u003chttps://update.microsoft.com/microsoftupdate\u003e\n\n * Securing Your Web Browser -\n \u003chttp://www.us-cert.gov/reading_room/securing_browser/#Internet_Ex\n plorer\u003e\n\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA06-101A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA06-101A Feedback VU#876678\" in the\n subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2006 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\n\nRevision History\n\n Apr 11, 2006: Initial release\n\n\n\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBRDwj9n0pj593lg50AQInJggAoOBNa20SU8JukBoK5elr5vWOLcAjycHt\nCg0+064ncCpQXoWiYPrLGVzg4/MCTVUygbYl85cePp5cHSHqpfuYXoBuZwSKu36+\nolQdkbU1ejViA8A0XPsQ3EgtIRlDZSgL1ncYlRM8QxK8CF7QV616ta8q6H/3EDMM\ni+tXy6gzQMqJeUthopzGcfpf6U5Qu9PCk/+Pj66GfFhHpARanLef2H28WFRazC+I\nR+vLGLFLV0gp1Iy7t267l1BhN1w1z+fXD0WwYkiTwb0mzeize8Amdqlb5c4Vn4wh\nHAF/XGiCe5qkMhM7kRLA70JsNfSkI38JPHWSo9/a04wFBKENCAwNpA==\n=w6IC\n-----END PGP SIGNATURE-----\n. \n\n----------------------------------------------------------------------\n\nBist Du interessiert an einem neuen Job in IT-Sicherheit?\n\n\nSecunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-\nSicherheit:\nhttp://secunia.com/secunia_vacancies/\n\n----------------------------------------------------------------------\n\nTITLE:\nInternet Explorer \"javaprxy.dll\" Memory Corruption Vulnerability\n\nSECUNIA ADVISORY ID:\nSA15891\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/15891/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nDoS, System access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nMicrosoft Internet Explorer 6.x\nhttp://secunia.com/product/11/\nMicrosoft Internet Explorer 5.5\nhttp://secunia.com/product/10/\nMicrosoft Internet Explorer 5.01\nhttp://secunia.com/product/9/\n\nDESCRIPTION:\nSEC Consult has reported a vulnerability in Microsoft Internet\nExplorer, which potentially can be exploited by malicious people to\ncompromise a user\u0027s system. \nThis can be exploited via a malicious web site to cause a memory\ncorruption. \n\nThe vulnerability has been reported in versions 5.01, 5.5, and 6.0. \n\nSOLUTION:\nThe vendor recommends setting Internet and Local intranet security\nzone settings to \"High\". \n\nPROVIDED AND/OR DISCOVERED BY:\nsk0L and Martin Eiszner, SEC Consult. \n\nORIGINAL ADVISORY:\nMicrosoft:\nhttp://www.microsoft.com/technet/security/advisory/903144.mspx\n\nSEC Consult:\nhttp://www.sec-consult.com/184.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-1185"
},
{
"db": "CERT/CC",
"id": "VU#234812"
},
{
"db": "CERT/CC",
"id": "VU#876678"
},
{
"db": "CERT/CC",
"id": "VU#680526"
},
{
"db": "CERT/CC",
"id": "VU#984473"
},
{
"db": "CERT/CC",
"id": "VU#641460"
},
{
"db": "CERT/CC",
"id": "VU#341028"
},
{
"db": "CERT/CC",
"id": "VU#503124"
},
{
"db": "CERT/CC",
"id": "VU#434641"
},
{
"db": "CERT/CC",
"id": "VU#740372"
},
{
"db": "CERT/CC",
"id": "VU#939605"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000172"
},
{
"db": "BID",
"id": "17450"
},
{
"db": "VULHUB",
"id": "VHN-17293"
},
{
"db": "PACKETSTORM",
"id": "45345"
},
{
"db": "PACKETSTORM",
"id": "38386"
}
],
"trust": 9.36
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-17293",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-17293"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "CERT/CC",
"id": "VU#503124",
"trust": 3.4
},
{
"db": "NVD",
"id": "CVE-2006-1185",
"trust": 2.9
},
{
"db": "BID",
"id": "17450",
"trust": 2.8
},
{
"db": "USCERT",
"id": "TA06-101A",
"trust": 2.6
},
{
"db": "SECUNIA",
"id": "18957",
"trust": 2.5
},
{
"db": "CERT/CC",
"id": "VU#959049",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2006-1318",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1015900",
"trust": 1.7
},
{
"db": "CERT/CC",
"id": "VU#740372",
"trust": 1.6
},
{
"db": "CERT/CC",
"id": "VU#939605",
"trust": 1.6
},
{
"db": "CERT/CC",
"id": "VU#680526",
"trust": 1.6
},
{
"db": "CERT/CC",
"id": "VU#234812",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#876678",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#984473",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#641460",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#341028",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#434641",
"trust": 0.9
},
{
"db": "SECUNIA",
"id": "15891",
"trust": 0.9
},
{
"db": "SECUNIA",
"id": "19583",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "18680",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "16373",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "19269",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "19606",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "19378",
"trust": 0.8
},
{
"db": "BID",
"id": "17181",
"trust": 0.8
},
{
"db": "BID",
"id": "14594",
"trust": 0.8
},
{
"db": "XF",
"id": "21895",
"trust": 0.8
},
{
"db": "SECTRACK",
"id": "1014727",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "16480",
"trust": 0.8
},
{
"db": "XF",
"id": "21193",
"trust": 0.8
},
{
"db": "BID",
"id": "14087",
"trust": 0.8
},
{
"db": "OSVDB",
"id": "17680",
"trust": 0.8
},
{
"db": "SECTRACK",
"id": "1014329",
"trust": 0.8
},
{
"db": "USCERT",
"id": "SA06-101A",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000172",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200604-144",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "1838",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-17293",
"trust": 0.1
},
{
"db": "CERT/CC",
"id": "VU#824324",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "45345",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "38386",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#234812"
},
{
"db": "CERT/CC",
"id": "VU#876678"
},
{
"db": "CERT/CC",
"id": "VU#680526"
},
{
"db": "CERT/CC",
"id": "VU#984473"
},
{
"db": "CERT/CC",
"id": "VU#641460"
},
{
"db": "CERT/CC",
"id": "VU#341028"
},
{
"db": "CERT/CC",
"id": "VU#503124"
},
{
"db": "CERT/CC",
"id": "VU#434641"
},
{
"db": "CERT/CC",
"id": "VU#740372"
},
{
"db": "CERT/CC",
"id": "VU#939605"
},
{
"db": "VULHUB",
"id": "VHN-17293"
},
{
"db": "BID",
"id": "17450"
},
{
"db": "PACKETSTORM",
"id": "45345"
},
{
"db": "PACKETSTORM",
"id": "38386"
},
{
"db": "CNNVD",
"id": "CNNVD-200604-144"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000172"
},
{
"db": "NVD",
"id": "CVE-2006-1185"
}
]
},
"id": "VAR-200604-0209",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-17293"
}
],
"trust": 0.01
},
"last_update_date": "2026-03-09T23:02:36.176000Z",
"patch": {
"_id": null,
"data": [
{
"title": "MS06-013",
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/ms06-013.mspx"
},
{
"title": "MS06-013",
"trust": 0.8,
"url": "http://www.microsoft.com/japan/technet/security/bulletin/ms06-013.mspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-000172"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-1185"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.7,
"url": "http://www.microsoft.com/technet/security/bulletin/ms06-013.mspx"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/17450"
},
{
"trust": 2.5,
"url": "http://www.us-cert.gov/cas/techalerts/ta06-101a.html"
},
{
"trust": 2.5,
"url": "http://www.kb.cert.org/vuls/id/503124"
},
{
"trust": 1.7,
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a1677"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a1711"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a787"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1015900"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/18957"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2006/1318"
},
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25542"
},
{
"trust": 1.6,
"url": "http://www.kb.cert.org/vuls/id/959049"
},
{
"trust": 1.6,
"url": "http://www.microsoft.com/technet/security/bulletin/ms05-052.mspx"
},
{
"trust": 1.6,
"url": "http://www.microsoft.com/technet/security/bulletin/ms05-037.mspx"
},
{
"trust": 1.6,
"url": "about vulnerability notes"
},
{
"trust": 1.6,
"url": "contact us about this vulnerability"
},
{
"trust": 1.6,
"url": "provide a vendor statement"
},
{
"trust": 0.9,
"url": "http://www.microsoft.com/technet/security/advisory/903144.mspx"
},
{
"trust": 0.9,
"url": "http://www.sec-consult.com/184.html"
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/ms06-014.mspx"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/19583/"
},
{
"trust": 0.8,
"url": "http://msdn.microsoft.com/archive/default.asp?url=/archive/en-us/dnarmdac/html/msdn_remtdata.asp"
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/advisory/917077.mspx"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/18680/"
},
{
"trust": 0.8,
"url": "http://blogs.technet.com/msrc/archive/2006/03/22/422849.aspx"
},
{
"trust": 0.8,
"url": "http://msdn.microsoft.com/workshop/author/dhtml/reference/methods/createtextrange.asp"
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/com/default.mspx"
},
{
"trust": 0.8,
"url": "http://msdn.microsoft.com/library/default.asp?url=/workshop/components/activex/activex_node_entry.asp"
},
{
"trust": 0.8,
"url": "http://support.microsoft.com/kb/159621"
},
{
"trust": 0.8,
"url": "http://support.microsoft.com/kb/216434"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/archive/1/391803"
},
{
"trust": 0.8,
"url": "http://www.kb.cert.org/vuls/id/939605"
},
{
"trust": 0.8,
"url": "http://www.kb.cert.org/vuls/id/740372"
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/ms05-054.mspx"
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/ms05-038.mspx"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/16373/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/19269/"
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/ms06-015.mspx"
},
{
"trust": 0.8,
"url": "http://support.microsoft.com/kb/918165"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/19606/"
},
{
"trust": 0.8,
"url": "http://jeffrey.vanderstad.net/grasshopper/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/19378/"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/17181 "
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/advisory/906267.mspx"
},
{
"trust": 0.8,
"url": "http://www.kb.cert.org/vuls/id/680526"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/16480/"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/14594"
},
{
"trust": 0.8,
"url": "http://www.securitytracker.com/alerts/2005/aug/1014727.html"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/xfdb/21895"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15891/ "
},
{
"trust": 0.8,
"url": "http://www.securitytracker.com/alerts/2005/jun/1014329.html"
},
{
"trust": 0.8,
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=17680"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/14087"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/xfdb/21193"
},
{
"trust": 0.8,
"url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33120"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-1185"
},
{
"trust": 0.8,
"url": "http://www.frsirt.com/english/advisories/2006/1318"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta06-101a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/trta06-101a/"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2006-1185"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/18957/"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/cas/alerts/sa06-101a.html"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/alerts/id/217"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/alerts/id/220"
},
{
"trust": 0.3,
"url": "http://www.mozilla.com/"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/641460\u003e"
},
{
"trust": 0.1,
"url": "https://update.microsoft.com/microsoftupdate\u003e"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-1189\u003e"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-0003\u003e"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-1185\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/984473\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/341028\u003e"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-1388\u003e"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-0012\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/reading_room/securing_browser/#internet_ex"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-1188\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/234812\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/434641\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/824324\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta06-101a.html\u003e"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-1359\u003e"
},
{
"trust": 0.1,
"url": "http://www.microsoft.com/technet/security/bulletin/ms06-apr.mspx\u003e"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-1245\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/503124\u003e"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-1186\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/876678\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/959049\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/10/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/9/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/11/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_vacancies/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/15891/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#234812"
},
{
"db": "CERT/CC",
"id": "VU#876678"
},
{
"db": "CERT/CC",
"id": "VU#680526"
},
{
"db": "CERT/CC",
"id": "VU#984473"
},
{
"db": "CERT/CC",
"id": "VU#641460"
},
{
"db": "CERT/CC",
"id": "VU#341028"
},
{
"db": "CERT/CC",
"id": "VU#503124"
},
{
"db": "CERT/CC",
"id": "VU#434641"
},
{
"db": "CERT/CC",
"id": "VU#740372"
},
{
"db": "CERT/CC",
"id": "VU#939605"
},
{
"db": "VULHUB",
"id": "VHN-17293"
},
{
"db": "BID",
"id": "17450"
},
{
"db": "PACKETSTORM",
"id": "45345"
},
{
"db": "PACKETSTORM",
"id": "38386"
},
{
"db": "CNNVD",
"id": "CNNVD-200604-144"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000172"
},
{
"db": "NVD",
"id": "CVE-2006-1185"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "CERT/CC",
"id": "VU#234812",
"ident": null
},
{
"db": "CERT/CC",
"id": "VU#876678",
"ident": null
},
{
"db": "CERT/CC",
"id": "VU#680526",
"ident": null
},
{
"db": "CERT/CC",
"id": "VU#984473",
"ident": null
},
{
"db": "CERT/CC",
"id": "VU#641460",
"ident": null
},
{
"db": "CERT/CC",
"id": "VU#341028",
"ident": null
},
{
"db": "CERT/CC",
"id": "VU#503124",
"ident": null
},
{
"db": "CERT/CC",
"id": "VU#434641",
"ident": null
},
{
"db": "CERT/CC",
"id": "VU#740372",
"ident": null
},
{
"db": "CERT/CC",
"id": "VU#939605",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-17293",
"ident": null
},
{
"db": "BID",
"id": "17450",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "45345",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "38386",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-200604-144",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000172",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2006-1185",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2006-04-11T00:00:00",
"db": "CERT/CC",
"id": "VU#234812",
"ident": null
},
{
"date": "2006-03-23T00:00:00",
"db": "CERT/CC",
"id": "VU#876678",
"ident": null
},
{
"date": "2005-08-19T00:00:00",
"db": "CERT/CC",
"id": "VU#680526",
"ident": null
},
{
"date": "2006-04-11T00:00:00",
"db": "CERT/CC",
"id": "VU#984473",
"ident": null
},
{
"date": "2006-04-11T00:00:00",
"db": "CERT/CC",
"id": "VU#641460",
"ident": null
},
{
"date": "2006-04-11T00:00:00",
"db": "CERT/CC",
"id": "VU#341028",
"ident": null
},
{
"date": "2006-04-11T00:00:00",
"db": "CERT/CC",
"id": "VU#503124",
"ident": null
},
{
"date": "2006-04-11T00:00:00",
"db": "CERT/CC",
"id": "VU#434641",
"ident": null
},
{
"date": "2005-08-18T00:00:00",
"db": "CERT/CC",
"id": "VU#740372",
"ident": null
},
{
"date": "2005-07-02T00:00:00",
"db": "CERT/CC",
"id": "VU#939605",
"ident": null
},
{
"date": "2006-04-11T00:00:00",
"db": "VULHUB",
"id": "VHN-17293",
"ident": null
},
{
"date": "2006-04-11T00:00:00",
"db": "BID",
"id": "17450",
"ident": null
},
{
"date": "2006-04-12T04:12:55",
"db": "PACKETSTORM",
"id": "45345",
"ident": null
},
{
"date": "2005-07-01T23:31:00",
"db": "PACKETSTORM",
"id": "38386",
"ident": null
},
{
"date": "2006-04-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200604-144",
"ident": null
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-000172",
"ident": null
},
{
"date": "2006-04-11T23:02:00",
"db": "NVD",
"id": "CVE-2006-1185",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2006-11-02T00:00:00",
"db": "CERT/CC",
"id": "VU#234812",
"ident": null
},
{
"date": "2006-04-11T00:00:00",
"db": "CERT/CC",
"id": "VU#876678",
"ident": null
},
{
"date": "2007-10-11T00:00:00",
"db": "CERT/CC",
"id": "VU#680526",
"ident": null
},
{
"date": "2006-04-11T00:00:00",
"db": "CERT/CC",
"id": "VU#984473",
"ident": null
},
{
"date": "2006-05-15T00:00:00",
"db": "CERT/CC",
"id": "VU#641460",
"ident": null
},
{
"date": "2006-04-11T00:00:00",
"db": "CERT/CC",
"id": "VU#341028",
"ident": null
},
{
"date": "2006-04-11T00:00:00",
"db": "CERT/CC",
"id": "VU#503124",
"ident": null
},
{
"date": "2006-04-12T00:00:00",
"db": "CERT/CC",
"id": "VU#434641",
"ident": null
},
{
"date": "2005-10-13T00:00:00",
"db": "CERT/CC",
"id": "VU#740372",
"ident": null
},
{
"date": "2005-07-12T00:00:00",
"db": "CERT/CC",
"id": "VU#939605",
"ident": null
},
{
"date": "2018-10-12T00:00:00",
"db": "VULHUB",
"id": "VHN-17293",
"ident": null
},
{
"date": "2006-04-11T22:17:00",
"db": "BID",
"id": "17450",
"ident": null
},
{
"date": "2021-07-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200604-144",
"ident": null
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-000172",
"ident": null
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2006-1185",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200604-144"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "RDS.Dataspace ActiveX control bypasses ActiveX security model",
"sources": [
{
"db": "CERT/CC",
"id": "VU#234812"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200604-144"
}
],
"trust": 0.6
}
}
VAR-200604-0201
Vulnerability from variot - Updated: 2026-03-09 21:24Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via HTML elements with a certain crafted tag, which leads to memory corruption. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. Microsoft Windows fails to properly handle COM Objects. This vulnerability may allow a remote unauthenticated attacker to execute arbitrary code on a vulnerable system. Microsoft Internet Explorer (IE) will attempt to use COM objects that were not intended to be used in the web browser. This can cause a variety of impacts, such as causing IE to crash. This is related to the handling of certain HTML tags. They could also use HTML email for the attack. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA06-101A
Microsoft Windows and Internet Explorer Vulnerabilities
Original release date: April 11, 2006 Last revised: -- Source: US-CERT
Systems Affected
* Microsoft Windows
* Microsoft Internet Explorer
For more complete information, refer to the Microsoft Security Bulletin Summary for April 2006.
I. (CVE-2006-0012)
II. If the user is logged on with administrative privileges, the attacker could take complete control of an affected system. An attacker may also be able to cause a denial of service.
III. Solution
Apply Updates
Microsoft has provided updates for these vulnerabilities in the Security Bulletins and on the Microsoft Update site.
Workarounds
Please see the US-CERT Vulnerability Notes for workarounds. Many of these vulnerabilities can be mitigated by following the instructions listed in the Securing Your Web Browser document.
Appendix A. Please send email to cert@cert.org with "TA06-101A Feedback VU#876678" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2006 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
Apr 11, 2006: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRDwj9n0pj593lg50AQInJggAoOBNa20SU8JukBoK5elr5vWOLcAjycHt Cg0+064ncCpQXoWiYPrLGVzg4/MCTVUygbYl85cePp5cHSHqpfuYXoBuZwSKu36+ olQdkbU1ejViA8A0XPsQ3EgtIRlDZSgL1ncYlRM8QxK8CF7QV616ta8q6H/3EDMM i+tXy6gzQMqJeUthopzGcfpf6U5Qu9PCk/+Pj66GfFhHpARanLef2H28WFRazC+I R+vLGLFLV0gp1Iy7t267l1BhN1w1z+fXD0WwYkiTwb0mzeize8Amdqlb5c4Vn4wh HAF/XGiCe5qkMhM7kRLA70JsNfSkI38JPHWSo9/a04wFBKENCAwNpA== =w6IC -----END PGP SIGNATURE----- .
Bist Du interessiert an einem neuen Job in IT-Sicherheit?
Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/
TITLE: Internet Explorer "javaprxy.dll" Memory Corruption Vulnerability
SECUNIA ADVISORY ID: SA15891
VERIFY ADVISORY: http://secunia.com/advisories/15891/
CRITICAL: Highly critical
IMPACT: DoS, System access
WHERE:
From remote
SOFTWARE: Microsoft Internet Explorer 6.x http://secunia.com/product/11/ Microsoft Internet Explorer 5.5 http://secunia.com/product/10/ Microsoft Internet Explorer 5.01 http://secunia.com/product/9/
DESCRIPTION: SEC Consult has reported a vulnerability in Microsoft Internet Explorer, which potentially can be exploited by malicious people to compromise a user's system. This can be exploited via a malicious web site to cause a memory corruption.
The vulnerability has been reported in versions 5.01, 5.5, and 6.0.
SOLUTION: The vendor recommends setting Internet and Local intranet security zone settings to "High".
PROVIDED AND/OR DISCOVERED BY: sk0L and Martin Eiszner, SEC Consult.
ORIGINAL ADVISORY: Microsoft: http://www.microsoft.com/technet/security/advisory/903144.mspx
SEC Consult: http://www.sec-consult.com/184.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
.
Visit http://www.microsoft.com/windows/ie/default.mspx or http://en.wikipedia.org/wiki/Internet_Explorer for detailed information.
o Memory Corruption Vulnerability: #7d519030
Following HTML code forces IE 6 to crash:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
</h6 </ul
Online-demo: http://morph3us.org/security/pen-testing/msie/ie60-1135035582812-7d519030.html
These are the register values and the ASM dump at the time of the access violation:
eax=00000000 ebx=0012e88c ecx=00000000 edx=0012e7c0 esi=00000000 edi=00000004 eip=7d519030 esp=0012e780 ebp=0012e894
7d519012 55 push ebp 7d519013 8bec mov ebp,esp 7d519015 8b4104 mov eax,[ecx+0x4] 7d519018 394508 cmp [ebp+0x8],eax 7d51901b 7c09 jl mshtml+0x69026 (7d519026) 7d51901d 7edc jle mshtml+0x68ffb (7d518ffb) 7d51901f 33c0 xor eax,eax 7d519021 40 inc eax 7d519022 5d pop ebp 7d519023 c20800 ret 0x8 7d519026 83c8ff or eax,0xffffffff 7d519029 ebf7 jmp mshtml+0x69022 (7d519022) 7d51902b 90 nop 7d51902c 90 nop 7d51902d 90 nop 7d51902e 90 nop 7d51902f 90 nopFAULT ->7d519030 8b4108 mov eax,[ecx+0x8] ds:0023:00000008=???????? 7d519033 85c0 test eax,eax 7d519035 7425 jz mshtml+0x6905c (7d51905c) 7d519037 8b10 mov edx,[eax] 7d519039 f6c210 test dl,0x10 7d51903c 7408 jz mshtml+0x69046 (7d519046) 7d51903e f6c220 test dl,0x20 7d519041 7519 jnz mshtml+0x6905c (7d51905c) 7d519043 8b400c mov eax,[eax+0xc] 7d519046 8b4808 mov ecx,[eax+0x8] 7d519049 85c9 test ecx,ecx
o Memory Corruption Vulnerability: #7d529d35
Following HTML code forces IE 6 to crash:
Show details on source website<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
</code
</style </td </label </bdo </th </object
Online-demo: http://morph3us.org/security/pen-testing/msie/ie60-1135042070015-7d529d35.html
These are the register values and the ASM dump at the time of the access violation:
eax=00000000 ebx=0012e88c ecx=00000000 edx=00000012 esi=00e7dbb0 edi=00000002 eip=7d529d35 esp=0012e778 ebp=0012e778
7d529d0e e811170000 call mshtml+0x7b424 (7d52b424) 7d529d13 85c0 test eax,eax 7d529d15 0f85c5500800 jne mshtml!DllGetClassObject+0x10fa2 (7d5aede0) 7d529d1b 0fb65508 movzx edx,byte ptr [ebp+0x8] 7d529d1f 8d849680000000 lea eax,[esi+edx*4+0x80] 7d529d26 5e pop esi 7d529d27 5d pop ebp 7d529d28 c20c00 ret 0xc 7d529d2b 90 nop 7d529d2c 90 nop 7d529d2d 90 nop 7d529d2e 90 nop 7d529d2f 90 nop 7d529d30 8bff mov edi,edi 7d529d32 55 push ebp 7d529d33 8bec mov ebp,espFAULT ->7d529d35 0fbe4114 movsx eax,byte ptr [ecx+0x14] ds:0023:00000014=?? 7d529d39 c1e004 shl eax,0x4 7d529d3c 0578aa4b7d add eax,0x7d4baa78 7d529d41 7410 jz mshtml+0x79d53 (7d529d53) 7d529d43 8b400c mov eax,[eax+0xc] 7d529d46 234508 and eax,[ebp+0x8] 7d529d49 f7d8 neg eax 7d529d4b 1bc0 sbb eax,eax 7d529d4d f7d8 neg eax 7d529d4f 5d pop ebp 7d529d50 c20400 ret 0x4 7d529d53 33c0 xor eax,eax 7d529d55 ebf8 jmp mshtml+0x79d4f (7d529d4f)
o Vulnerable versions:
The DoS vulnerability was successfully tested on:
MS IE 6 SP2 - Win XP Pro SP2 MS IE 6 - Win 2k SP4
o Disclosure Timeline:
xx Feb 06 - Vulnerabilities discovered. 08 Mar 06 - Vendor contacted. 22 Mar 06 - Vendor confirmed vulnerabilities. 25 May 06 - Public release.
o Solution:
Install the latest security update (MS06-013) for Internet Explorer [2].
o Credits:
Thomas Waldegger bugtraq@morph3us.org BuHa-Security Community - http://buha.info/board/
If you have questions, suggestions or criticism about the advisory feel free to send me a mail. The address 'bugtraq@morph3us.org' is more a spam address than a regular mail address therefore it's possible that some mails get ignored. Please use the contact details at http://morph3us.org/ to contact me.
Greets fly out to cyrus-tc, destructor, nait, rhy, trappy and all members of BuHa
{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": null,
"scope": null,
"trust": 7.2,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "internet explorer",
"scope": "eq",
"trust": 1.3,
"vendor": "microsoft",
"version": "6.0"
},
{
"_id": null,
"model": "ie",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "5.1"
},
{
"_id": null,
"model": "ie",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "5.2.3"
},
{
"_id": null,
"model": "internet explorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "6"
},
{
"_id": null,
"model": "internet explorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0.2600"
},
{
"_id": null,
"model": "internet explorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0.2900.2180"
},
{
"_id": null,
"model": "ie",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "6"
},
{
"_id": null,
"model": "network camera server vb101",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": "*"
},
{
"_id": null,
"model": "internet explorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "5.5"
},
{
"_id": null,
"model": "internet explorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0.2800"
},
{
"_id": null,
"model": "internet explorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0.2800.1106"
},
{
"_id": null,
"model": "internet explorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "5.1"
},
{
"_id": null,
"model": "ie",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0"
},
{
"_id": null,
"model": "windows server 2003",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "none"
},
{
"_id": null,
"model": "windows server 2003",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "(itanium)"
},
{
"_id": null,
"model": "windows server 2003",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "(x64)"
},
{
"_id": null,
"model": "windows xp",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "(x64)"
},
{
"_id": null,
"model": "windows xp",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "sp3"
},
{
"_id": null,
"model": "ie",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "6.0.2800.1106"
},
{
"_id": null,
"model": "ie",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "6.0.2900.2180"
},
{
"_id": null,
"model": "ie",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "6.0.2800"
},
{
"_id": null,
"model": "internet explorer sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "6.0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#234812"
},
{
"db": "CERT/CC",
"id": "VU#876678"
},
{
"db": "CERT/CC",
"id": "VU#680526"
},
{
"db": "CERT/CC",
"id": "VU#824324"
},
{
"db": "CERT/CC",
"id": "VU#641460"
},
{
"db": "CERT/CC",
"id": "VU#341028"
},
{
"db": "CERT/CC",
"id": "VU#434641"
},
{
"db": "CERT/CC",
"id": "VU#740372"
},
{
"db": "CERT/CC",
"id": "VU#939605"
},
{
"db": "BID",
"id": "17468"
},
{
"db": "CNNVD",
"id": "CNNVD-200604-164"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000174"
},
{
"db": "NVD",
"id": "CVE-2006-1188"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:microsoft:windows_server_2003",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_xp",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-000174"
}
]
},
"credits": {
"_id": null,
"data": "Thomas Waldegger\u203b bugtraq@morph3us.org",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200604-164"
}
],
"trust": 0.6
},
"cve": "CVE-2006-1188",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2006-1188",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-17296",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2006-1188",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#876678",
"trust": 0.8,
"value": "35.63"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#680526",
"trust": 0.8,
"value": "28.35"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#984473",
"trust": 0.8,
"value": "23.01"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#824324",
"trust": 0.8,
"value": "13.77"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#641460",
"trust": 0.8,
"value": "27.00"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#341028",
"trust": 0.8,
"value": "32.40"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#434641",
"trust": 0.8,
"value": "25.50"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#740372",
"trust": 0.8,
"value": "10.13"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#939605",
"trust": 0.8,
"value": "44.55"
},
{
"author": "NVD",
"id": "CVE-2006-1188",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200604-164",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-17296",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#876678"
},
{
"db": "CERT/CC",
"id": "VU#680526"
},
{
"db": "CERT/CC",
"id": "VU#984473"
},
{
"db": "CERT/CC",
"id": "VU#824324"
},
{
"db": "CERT/CC",
"id": "VU#641460"
},
{
"db": "CERT/CC",
"id": "VU#341028"
},
{
"db": "CERT/CC",
"id": "VU#434641"
},
{
"db": "CERT/CC",
"id": "VU#740372"
},
{
"db": "CERT/CC",
"id": "VU#939605"
},
{
"db": "VULHUB",
"id": "VHN-17296"
},
{
"db": "CNNVD",
"id": "CNNVD-200604-164"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000174"
},
{
"db": "NVD",
"id": "CVE-2006-1188"
}
]
},
"description": {
"_id": null,
"data": "Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via HTML elements with a certain crafted tag, which leads to memory corruption. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. Microsoft Windows fails to properly handle COM Objects. This vulnerability may allow a remote unauthenticated attacker to execute arbitrary code on a vulnerable system. Microsoft Internet Explorer (IE) will attempt to use COM objects that were not intended to be used in the web browser. This can cause a variety of impacts, such as causing IE to crash. This is related to the handling of certain HTML tags. They could also use HTML email for the attack. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\n\n National Cyber Alert System\n\n Technical Cyber Security Alert TA06-101A\n\n\nMicrosoft Windows and Internet Explorer Vulnerabilities\n\n Original release date: April 11, 2006\n Last revised: --\n Source: US-CERT\n\n\nSystems Affected\n\n * Microsoft Windows\n * Microsoft Internet Explorer\n\n For more complete information, refer to the Microsoft Security\n Bulletin Summary for April 2006. \n\n\nI. \n (CVE-2006-0012)\n\n\nII. If the user is logged on with\n administrative privileges, the attacker could take complete control of\n an affected system. An attacker may also be able to cause a denial of\n service. \n\n\nIII. Solution\n\nApply Updates\n\n Microsoft has provided updates for these vulnerabilities in the\n Security Bulletins and on the Microsoft Update site. \n\nWorkarounds\n\n Please see the US-CERT Vulnerability Notes for workarounds. Many of\n these vulnerabilities can be mitigated by following the instructions\n listed in the Securing Your Web Browser document. \n\nAppendix A. Please send\n email to \u003ccert@cert.org\u003e with \"TA06-101A Feedback VU#876678\" in the\n subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2006 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\n\nRevision History\n\n Apr 11, 2006: Initial release\n\n\n\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBRDwj9n0pj593lg50AQInJggAoOBNa20SU8JukBoK5elr5vWOLcAjycHt\nCg0+064ncCpQXoWiYPrLGVzg4/MCTVUygbYl85cePp5cHSHqpfuYXoBuZwSKu36+\nolQdkbU1ejViA8A0XPsQ3EgtIRlDZSgL1ncYlRM8QxK8CF7QV616ta8q6H/3EDMM\ni+tXy6gzQMqJeUthopzGcfpf6U5Qu9PCk/+Pj66GfFhHpARanLef2H28WFRazC+I\nR+vLGLFLV0gp1Iy7t267l1BhN1w1z+fXD0WwYkiTwb0mzeize8Amdqlb5c4Vn4wh\nHAF/XGiCe5qkMhM7kRLA70JsNfSkI38JPHWSo9/a04wFBKENCAwNpA==\n=w6IC\n-----END PGP SIGNATURE-----\n. \n\n----------------------------------------------------------------------\n\nBist Du interessiert an einem neuen Job in IT-Sicherheit?\n\n\nSecunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-\nSicherheit:\nhttp://secunia.com/secunia_vacancies/\n\n----------------------------------------------------------------------\n\nTITLE:\nInternet Explorer \"javaprxy.dll\" Memory Corruption Vulnerability\n\nSECUNIA ADVISORY ID:\nSA15891\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/15891/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nDoS, System access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nMicrosoft Internet Explorer 6.x\nhttp://secunia.com/product/11/\nMicrosoft Internet Explorer 5.5\nhttp://secunia.com/product/10/\nMicrosoft Internet Explorer 5.01\nhttp://secunia.com/product/9/\n\nDESCRIPTION:\nSEC Consult has reported a vulnerability in Microsoft Internet\nExplorer, which potentially can be exploited by malicious people to\ncompromise a user\u0027s system. \nThis can be exploited via a malicious web site to cause a memory\ncorruption. \n\nThe vulnerability has been reported in versions 5.01, 5.5, and 6.0. \n\nSOLUTION:\nThe vendor recommends setting Internet and Local intranet security\nzone settings to \"High\". \n\nPROVIDED AND/OR DISCOVERED BY:\nsk0L and Martin Eiszner, SEC Consult. \n\nORIGINAL ADVISORY:\nMicrosoft:\nhttp://www.microsoft.com/technet/security/advisory/903144.mspx\n\nSEC Consult:\nhttp://www.sec-consult.com/184.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n\nVisit http://www.microsoft.com/windows/ie/default.mspx or\nhttp://en.wikipedia.org/wiki/Internet_Explorer for detailed information. \n\no Memory Corruption Vulnerability: \u003cmshtml.dll\u003e#7d519030\n=================================\n\nFollowing HTML code forces IE 6 to crash:\n\u003e \u003c!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\"\n\u003e \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\"\u003e\n\u003e \u003chtml\u003e \u003cfieldset\u003e \u003ch4\u003e\n\u003e \u003cpre\u003e\u003ctd\u003e\n\u003e \u003cmenu\u003e\n\u003e \u003clegend\u003e\n\u003e \u003ca\u003e\n\u003e \u003cul\u003e\n\u003e \u003csmall\u003e\n\u003e \u003cfieldset\u003e\n\u003e \u003ch6\u003e\n\u003e \u003c/h6\n\u003e \u003c/u\u003e\n\u003e \u003c/optgroup\u003e\n\u003e \u003c/tr\u003e\n\u003e \u003c/map\u003e\n\u003e \u003c/ul\n\u003e \u003c/dfn\u003e\n\u003e\n\u003e \u003c/del\u003e\n\u003e \u003c/h2\u003e\n\u003e \u003c/dir\u003e\n\u003e \u003c/ul\u003e\n\nOnline-demo:\nhttp://morph3us.org/security/pen-testing/msie/ie60-1135035582812-7d519030.html\n\nThese are the register values and the ASM dump at the time of the access\nviolation:\n\u003e eax=00000000 ebx=0012e88c ecx=00000000 edx=0012e7c0 esi=00000000\n\u003e edi=00000004 eip=7d519030 esp=0012e780 ebp=0012e894\n\u003e\n\u003e 7d519012 55 push ebp\n\u003e 7d519013 8bec mov ebp,esp\n\u003e 7d519015 8b4104 mov eax,[ecx+0x4]\n\u003e 7d519018 394508 cmp [ebp+0x8],eax\n\u003e 7d51901b 7c09 jl mshtml+0x69026 (7d519026)\n\u003e 7d51901d 7edc jle mshtml+0x68ffb (7d518ffb)\n\u003e 7d51901f 33c0 xor eax,eax\n\u003e 7d519021 40 inc eax\n\u003e 7d519022 5d pop ebp\n\u003e 7d519023 c20800 ret 0x8\n\u003e 7d519026 83c8ff or eax,0xffffffff\n\u003e 7d519029 ebf7 jmp mshtml+0x69022 (7d519022)\n\u003e 7d51902b 90 nop\n\u003e 7d51902c 90 nop\n\u003e 7d51902d 90 nop\n\u003e 7d51902e 90 nop\n\u003e 7d51902f 90 nop\n\u003e FAULT -\u003e7d519030 8b4108 mov eax,[ecx+0x8]\n\u003e ds:0023:00000008=????????\n\u003e 7d519033 85c0 test eax,eax\n\u003e 7d519035 7425 jz mshtml+0x6905c (7d51905c)\n\u003e 7d519037 8b10 mov edx,[eax]\n\u003e 7d519039 f6c210 test dl,0x10\n\u003e 7d51903c 7408 jz mshtml+0x69046 (7d519046)\n\u003e 7d51903e f6c220 test dl,0x20\n\u003e 7d519041 7519 jnz mshtml+0x6905c (7d51905c)\n\u003e 7d519043 8b400c mov eax,[eax+0xc]\n\u003e 7d519046 8b4808 mov ecx,[eax+0x8]\n\u003e 7d519049 85c9 test ecx,ecx\n\no Memory Corruption Vulnerability: \u003cmshtml.dll\u003e#7d529d35\n=================================\n\nFollowing HTML code forces IE 6 to crash:\n\u003e \u003c!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\"\n\u003e \"http://www.w3.org/TR/html4/loose.dtd\"\u003e\n\u003e \u003cbdo\u003e\n\u003e \u003c/span\u003e\n\u003e \u003cpre\u003e\n\u003e\n\u003e \u003cparam\u003e\n\u003e \u003cform\u003e\n\u003e \u003ccolgroup\u003e\n\u003e \u003csmall\u003e\n\u003e \u003c/small\u003e\n\u003e \u003c/colgroup\u003e\n\u003e \u003c/map\u003e\n\u003e \u003c/button\u003e\n\u003e \u003c/code\n\u003e\n\u003e \u003cblockquote\u003e\n\u003e \u003cth\u003e\n\u003e \u003csmall\u003e\n\u003e\n\u003e \u003c/tbody\u003e\n\u003e \u003c/tr\u003e\n\u003e \u003c/ol\u003e\n\u003e \u003c/tbody\u003e\n\u003e \u003c/ol\u003e\n\u003e \u003c/code\u003e\n\u003e \u003c/strong\u003e\n\u003e\n\u003e\n\u003e \u003chead\u003e\n\u003e \u003cfieldset\u003e\n\u003e \u003cstyle\u003e\n\u003e\n\u003e \u003c/style\n\u003e \u003c/dir\u003e\n\u003e \u003c/a\u003e\n\u003e \u003c/td\n\u003e \u003c/li\u003e\n\u003e \u003c/label\n\u003e \u003c/object\u003e\n\u003e \u003c/bdo\n\u003e \u003c/th\n\u003e \u003c/object\n\u003e \u003c/q\u003e\n\u003e\n\u003e \u003col\u003e\n\u003e \u003cobject\u003e\n\nOnline-demo:\nhttp://morph3us.org/security/pen-testing/msie/ie60-1135042070015-7d529d35.html\n\nThese are the register values and the ASM dump at the time of the access\nviolation:\n\u003e eax=00000000 ebx=0012e88c ecx=00000000 edx=00000012 esi=00e7dbb0\n\u003e edi=00000002 eip=7d529d35 esp=0012e778 ebp=0012e778\n\u003e\n\u003e 7d529d0e e811170000 call mshtml+0x7b424 (7d52b424)\n\u003e 7d529d13 85c0 test eax,eax\n\u003e 7d529d15 0f85c5500800 jne mshtml!DllGetClassObject+0x10fa2\n\u003e (7d5aede0)\n\u003e 7d529d1b 0fb65508 movzx edx,byte ptr [ebp+0x8]\n\u003e 7d529d1f 8d849680000000 lea eax,[esi+edx*4+0x80]\n\u003e 7d529d26 5e pop esi\n\u003e 7d529d27 5d pop ebp\n\u003e 7d529d28 c20c00 ret 0xc\n\u003e 7d529d2b 90 nop\n\u003e 7d529d2c 90 nop\n\u003e 7d529d2d 90 nop\n\u003e 7d529d2e 90 nop\n\u003e 7d529d2f 90 nop\n\u003e 7d529d30 8bff mov edi,edi\n\u003e 7d529d32 55 push ebp\n\u003e 7d529d33 8bec mov ebp,esp\n\u003e FAULT -\u003e7d529d35 0fbe4114 movsx eax,byte ptr [ecx+0x14]\n\u003e ds:0023:00000014=??\n\u003e 7d529d39 c1e004 shl eax,0x4\n\u003e 7d529d3c 0578aa4b7d add eax,0x7d4baa78\n\u003e 7d529d41 7410 jz mshtml+0x79d53 (7d529d53)\n\u003e 7d529d43 8b400c mov eax,[eax+0xc]\n\u003e 7d529d46 234508 and eax,[ebp+0x8]\n\u003e 7d529d49 f7d8 neg eax\n\u003e 7d529d4b 1bc0 sbb eax,eax\n\u003e 7d529d4d f7d8 neg eax\n\u003e 7d529d4f 5d pop ebp\n\u003e 7d529d50 c20400 ret 0x4\n\u003e 7d529d53 33c0 xor eax,eax\n\u003e 7d529d55 ebf8 jmp mshtml+0x79d4f (7d529d4f)\n\no Vulnerable versions:\n=====================\n\nThe DoS vulnerability was successfully tested on:\n\u003e MS IE 6 SP2 - Win XP Pro SP2\n\u003e MS IE 6 - Win 2k SP4\n\no Disclosure Timeline:\n=====================\n\nxx Feb 06 - Vulnerabilities discovered. \n08 Mar 06 - Vendor contacted. \n22 Mar 06 - Vendor confirmed vulnerabilities. \n25 May 06 - Public release. \n\no Solution:\n==========\n\nInstall the latest security update (MS06-013) for Internet Explorer [2]. \n\no Credits:\n=========\n\nThomas Waldegger \u003cbugtraq@morph3us.org\u003e\nBuHa-Security Community - http://buha.info/board/\n\nIf you have questions, suggestions or criticism about the advisory feel\nfree to send me a mail. The address \u0027bugtraq@morph3us.org\u0027 is more a\nspam address than a regular mail address therefore it\u0027s possible that\nsome mails get ignored. Please use the contact details at\nhttp://morph3us.org/ to contact me. \n\nGreets fly out to cyrus-tc, destructor, nait, rhy, trappy and all\nmembers of BuHa",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-1188"
},
{
"db": "CERT/CC",
"id": "VU#341028"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000174"
},
{
"db": "CERT/CC",
"id": "VU#939605"
},
{
"db": "CERT/CC",
"id": "VU#876678"
},
{
"db": "CERT/CC",
"id": "VU#434641"
},
{
"db": "CERT/CC",
"id": "VU#234812"
},
{
"db": "CERT/CC",
"id": "VU#641460"
},
{
"db": "CERT/CC",
"id": "VU#824324"
},
{
"db": "CERT/CC",
"id": "VU#984473"
},
{
"db": "CERT/CC",
"id": "VU#680526"
},
{
"db": "CERT/CC",
"id": "VU#740372"
},
{
"db": "BID",
"id": "17468"
},
{
"db": "VULHUB",
"id": "VHN-17296"
},
{
"db": "PACKETSTORM",
"id": "45345"
},
{
"db": "PACKETSTORM",
"id": "38386"
},
{
"db": "PACKETSTORM",
"id": "46765"
}
],
"trust": 9.45
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-17296",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-17296"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "CERT/CC",
"id": "VU#824324",
"trust": 3.4
},
{
"db": "NVD",
"id": "CVE-2006-1188",
"trust": 3.0
},
{
"db": "USCERT",
"id": "TA06-101A",
"trust": 2.6
},
{
"db": "SECUNIA",
"id": "18957",
"trust": 2.5
},
{
"db": "CERT/CC",
"id": "VU#959049",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2006-1318",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1015900",
"trust": 1.7
},
{
"db": "CERT/CC",
"id": "VU#740372",
"trust": 1.6
},
{
"db": "CERT/CC",
"id": "VU#939605",
"trust": 1.6
},
{
"db": "CERT/CC",
"id": "VU#680526",
"trust": 1.6
},
{
"db": "BID",
"id": "17468",
"trust": 1.2
},
{
"db": "CERT/CC",
"id": "VU#234812",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#876678",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#984473",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#641460",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#341028",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#434641",
"trust": 0.9
},
{
"db": "SECUNIA",
"id": "15891",
"trust": 0.9
},
{
"db": "SECUNIA",
"id": "19583",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "18680",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "16373",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "19269",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "19606",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "19378",
"trust": 0.8
},
{
"db": "BID",
"id": "17181",
"trust": 0.8
},
{
"db": "BID",
"id": "14594",
"trust": 0.8
},
{
"db": "XF",
"id": "21895",
"trust": 0.8
},
{
"db": "SECTRACK",
"id": "1014727",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "16480",
"trust": 0.8
},
{
"db": "XF",
"id": "21193",
"trust": 0.8
},
{
"db": "BID",
"id": "14087",
"trust": 0.8
},
{
"db": "OSVDB",
"id": "17680",
"trust": 0.8
},
{
"db": "SECTRACK",
"id": "1014329",
"trust": 0.8
},
{
"db": "USCERT",
"id": "SA06-101A",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000174",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200604-164",
"trust": 0.7
},
{
"db": "EXPLOIT-DB",
"id": "1838",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-17296",
"trust": 0.1
},
{
"db": "CERT/CC",
"id": "VU#503124",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "45345",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "38386",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "46765",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#234812"
},
{
"db": "CERT/CC",
"id": "VU#876678"
},
{
"db": "CERT/CC",
"id": "VU#680526"
},
{
"db": "CERT/CC",
"id": "VU#984473"
},
{
"db": "CERT/CC",
"id": "VU#824324"
},
{
"db": "CERT/CC",
"id": "VU#641460"
},
{
"db": "CERT/CC",
"id": "VU#341028"
},
{
"db": "CERT/CC",
"id": "VU#434641"
},
{
"db": "CERT/CC",
"id": "VU#740372"
},
{
"db": "CERT/CC",
"id": "VU#939605"
},
{
"db": "VULHUB",
"id": "VHN-17296"
},
{
"db": "BID",
"id": "17468"
},
{
"db": "PACKETSTORM",
"id": "45345"
},
{
"db": "PACKETSTORM",
"id": "38386"
},
{
"db": "PACKETSTORM",
"id": "46765"
},
{
"db": "CNNVD",
"id": "CNNVD-200604-164"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000174"
},
{
"db": "NVD",
"id": "CVE-2006-1188"
}
]
},
"id": "VAR-200604-0201",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-17296"
}
],
"trust": 0.01
},
"last_update_date": "2026-03-09T21:24:38.153000Z",
"patch": {
"_id": null,
"data": [
{
"title": "MS06-013",
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/MS06-013.mspx"
},
{
"title": "MS06-013",
"trust": 0.8,
"url": "http://www.microsoft.com/japan/technet/security/bulletin/MS06-013.mspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-000174"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-1188"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.8,
"url": "http://www.microsoft.com/technet/security/bulletin/ms06-013.mspx"
},
{
"trust": 2.5,
"url": "http://www.us-cert.gov/cas/techalerts/ta06-101a.html"
},
{
"trust": 2.5,
"url": "http://www.kb.cert.org/vuls/id/824324"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/435096/30/4710/threaded"
},
{
"trust": 1.7,
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a1144"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a1290"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a1296"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a1773"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1015900"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/18957"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2006/1318"
},
{
"trust": 1.6,
"url": "http://www.kb.cert.org/vuls/id/959049"
},
{
"trust": 1.6,
"url": "http://www.microsoft.com/technet/security/bulletin/ms05-052.mspx"
},
{
"trust": 1.6,
"url": "http://www.microsoft.com/technet/security/bulletin/ms05-037.mspx"
},
{
"trust": 1.6,
"url": "about vulnerability notes"
},
{
"trust": 1.6,
"url": "contact us about this vulnerability"
},
{
"trust": 1.6,
"url": "provide a vendor statement"
},
{
"trust": 0.9,
"url": "http://www.microsoft.com/technet/security/advisory/903144.mspx"
},
{
"trust": 0.9,
"url": "http://www.sec-consult.com/184.html"
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/ms06-014.mspx"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/19583/"
},
{
"trust": 0.8,
"url": "http://msdn.microsoft.com/archive/default.asp?url=/archive/en-us/dnarmdac/html/msdn_remtdata.asp"
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/advisory/917077.mspx"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/18680/"
},
{
"trust": 0.8,
"url": "http://blogs.technet.com/msrc/archive/2006/03/22/422849.aspx"
},
{
"trust": 0.8,
"url": "http://msdn.microsoft.com/workshop/author/dhtml/reference/methods/createtextrange.asp"
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/com/default.mspx"
},
{
"trust": 0.8,
"url": "http://msdn.microsoft.com/library/default.asp?url=/workshop/components/activex/activex_node_entry.asp"
},
{
"trust": 0.8,
"url": "http://support.microsoft.com/kb/159621"
},
{
"trust": 0.8,
"url": "http://support.microsoft.com/kb/216434"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/archive/1/391803"
},
{
"trust": 0.8,
"url": "http://www.kb.cert.org/vuls/id/939605"
},
{
"trust": 0.8,
"url": "http://www.kb.cert.org/vuls/id/740372"
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/ms05-054.mspx"
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/ms05-038.mspx"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/16373/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/19269/"
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/ms06-015.mspx"
},
{
"trust": 0.8,
"url": "http://support.microsoft.com/kb/918165"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/19606/"
},
{
"trust": 0.8,
"url": "http://jeffrey.vanderstad.net/grasshopper/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/19378/"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/17181 "
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/advisory/906267.mspx"
},
{
"trust": 0.8,
"url": "http://www.kb.cert.org/vuls/id/680526"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/16480/"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/14594"
},
{
"trust": 0.8,
"url": "http://www.securitytracker.com/alerts/2005/aug/1014727.html"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/xfdb/21895"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15891/ "
},
{
"trust": 0.8,
"url": "http://www.securitytracker.com/alerts/2005/jun/1014329.html"
},
{
"trust": 0.8,
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=17680"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/14087"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/xfdb/21193"
},
{
"trust": 0.8,
"url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33120"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-1188"
},
{
"trust": 0.8,
"url": "http://www.frsirt.com/english/advisories/2006/1318"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta06-101a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/trta06-101a/"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2006-1188"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/18957/"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/17468"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/cas/alerts/sa06-101a.html"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/alerts/id/220"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/alerts/id/217"
},
{
"trust": 0.3,
"url": "http://www.mozilla.com/"
},
{
"trust": 0.3,
"url": "/archive/1/435096"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/641460\u003e"
},
{
"trust": 0.1,
"url": "https://update.microsoft.com/microsoftupdate\u003e"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-1189\u003e"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-0003\u003e"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-1185\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/984473\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/341028\u003e"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-1388\u003e"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-0012\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/reading_room/securing_browser/#internet_ex"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-1188\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/234812\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/434641\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/824324\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta06-101a.html\u003e"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-1359\u003e"
},
{
"trust": 0.1,
"url": "http://www.microsoft.com/technet/security/bulletin/ms06-apr.mspx\u003e"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-1245\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/503124\u003e"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-1186\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/876678\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/959049\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/10/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/9/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/11/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_vacancies/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/15891/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://morph3us.org/security/pen-testing/msie/ie60-1135035582812-7d519030.html"
},
{
"trust": 0.1,
"url": "http://en.wikipedia.org/wiki/internet_explorer"
},
{
"trust": 0.1,
"url": "http://www.microsoft.com/windows/ie/default.mspx"
},
{
"trust": 0.1,
"url": "http://morph3us.org/advisories/20060525-msie6-sp2-2.txt"
},
{
"trust": 0.1,
"url": "http://www.w3.org/tr/html4/loose.dtd\"\u003e"
},
{
"trust": 0.1,
"url": "http://buha.info/board/"
},
{
"trust": 0.1,
"url": "http://www.microsoft.com/windows/ie/"
},
{
"trust": 0.1,
"url": "http://morph3us.org/"
},
{
"trust": 0.1,
"url": "http://www.w3.org/tr/xhtml1/dtd/xhtml1-transitional.dtd\"\u003e"
},
{
"trust": 0.1,
"url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-1188"
},
{
"trust": 0.1,
"url": "http://morph3us.org/security/pen-testing/msie/ie60-1135042070015-7d529d35.html"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#234812"
},
{
"db": "CERT/CC",
"id": "VU#876678"
},
{
"db": "CERT/CC",
"id": "VU#680526"
},
{
"db": "CERT/CC",
"id": "VU#984473"
},
{
"db": "CERT/CC",
"id": "VU#824324"
},
{
"db": "CERT/CC",
"id": "VU#641460"
},
{
"db": "CERT/CC",
"id": "VU#341028"
},
{
"db": "CERT/CC",
"id": "VU#434641"
},
{
"db": "CERT/CC",
"id": "VU#740372"
},
{
"db": "CERT/CC",
"id": "VU#939605"
},
{
"db": "VULHUB",
"id": "VHN-17296"
},
{
"db": "BID",
"id": "17468"
},
{
"db": "PACKETSTORM",
"id": "45345"
},
{
"db": "PACKETSTORM",
"id": "38386"
},
{
"db": "PACKETSTORM",
"id": "46765"
},
{
"db": "CNNVD",
"id": "CNNVD-200604-164"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000174"
},
{
"db": "NVD",
"id": "CVE-2006-1188"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "CERT/CC",
"id": "VU#234812",
"ident": null
},
{
"db": "CERT/CC",
"id": "VU#876678",
"ident": null
},
{
"db": "CERT/CC",
"id": "VU#680526",
"ident": null
},
{
"db": "CERT/CC",
"id": "VU#984473",
"ident": null
},
{
"db": "CERT/CC",
"id": "VU#824324",
"ident": null
},
{
"db": "CERT/CC",
"id": "VU#641460",
"ident": null
},
{
"db": "CERT/CC",
"id": "VU#341028",
"ident": null
},
{
"db": "CERT/CC",
"id": "VU#434641",
"ident": null
},
{
"db": "CERT/CC",
"id": "VU#740372",
"ident": null
},
{
"db": "CERT/CC",
"id": "VU#939605",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-17296",
"ident": null
},
{
"db": "BID",
"id": "17468",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "45345",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "38386",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "46765",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-200604-164",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000174",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2006-1188",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2006-04-11T00:00:00",
"db": "CERT/CC",
"id": "VU#234812",
"ident": null
},
{
"date": "2006-03-23T00:00:00",
"db": "CERT/CC",
"id": "VU#876678",
"ident": null
},
{
"date": "2005-08-19T00:00:00",
"db": "CERT/CC",
"id": "VU#680526",
"ident": null
},
{
"date": "2006-04-11T00:00:00",
"db": "CERT/CC",
"id": "VU#984473",
"ident": null
},
{
"date": "2006-04-11T00:00:00",
"db": "CERT/CC",
"id": "VU#824324",
"ident": null
},
{
"date": "2006-04-11T00:00:00",
"db": "CERT/CC",
"id": "VU#641460",
"ident": null
},
{
"date": "2006-04-11T00:00:00",
"db": "CERT/CC",
"id": "VU#341028",
"ident": null
},
{
"date": "2006-04-11T00:00:00",
"db": "CERT/CC",
"id": "VU#434641",
"ident": null
},
{
"date": "2005-08-18T00:00:00",
"db": "CERT/CC",
"id": "VU#740372",
"ident": null
},
{
"date": "2005-07-02T00:00:00",
"db": "CERT/CC",
"id": "VU#939605",
"ident": null
},
{
"date": "2006-04-11T00:00:00",
"db": "VULHUB",
"id": "VHN-17296",
"ident": null
},
{
"date": "2006-04-11T00:00:00",
"db": "BID",
"id": "17468",
"ident": null
},
{
"date": "2006-04-12T04:12:55",
"db": "PACKETSTORM",
"id": "45345",
"ident": null
},
{
"date": "2005-07-01T23:31:00",
"db": "PACKETSTORM",
"id": "38386",
"ident": null
},
{
"date": "2006-05-29T07:36:29",
"db": "PACKETSTORM",
"id": "46765",
"ident": null
},
{
"date": "2006-04-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200604-164",
"ident": null
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-000174",
"ident": null
},
{
"date": "2006-04-11T23:02:00",
"db": "NVD",
"id": "CVE-2006-1188",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2006-11-02T00:00:00",
"db": "CERT/CC",
"id": "VU#234812",
"ident": null
},
{
"date": "2006-04-11T00:00:00",
"db": "CERT/CC",
"id": "VU#876678",
"ident": null
},
{
"date": "2007-10-11T00:00:00",
"db": "CERT/CC",
"id": "VU#680526",
"ident": null
},
{
"date": "2006-04-11T00:00:00",
"db": "CERT/CC",
"id": "VU#984473",
"ident": null
},
{
"date": "2006-04-11T00:00:00",
"db": "CERT/CC",
"id": "VU#824324",
"ident": null
},
{
"date": "2006-05-15T00:00:00",
"db": "CERT/CC",
"id": "VU#641460",
"ident": null
},
{
"date": "2006-04-11T00:00:00",
"db": "CERT/CC",
"id": "VU#341028",
"ident": null
},
{
"date": "2006-04-12T00:00:00",
"db": "CERT/CC",
"id": "VU#434641",
"ident": null
},
{
"date": "2005-10-13T00:00:00",
"db": "CERT/CC",
"id": "VU#740372",
"ident": null
},
{
"date": "2005-07-12T00:00:00",
"db": "CERT/CC",
"id": "VU#939605",
"ident": null
},
{
"date": "2018-10-18T00:00:00",
"db": "VULHUB",
"id": "VHN-17296",
"ident": null
},
{
"date": "2006-05-26T19:48:00",
"db": "BID",
"id": "17468",
"ident": null
},
{
"date": "2021-07-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200604-164",
"ident": null
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-000174",
"ident": null
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2006-1188",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200604-164"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "RDS.Dataspace ActiveX control bypasses ActiveX security model",
"sources": [
{
"db": "CERT/CC",
"id": "VU#234812"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200604-164"
}
],
"trust": 0.6
}
}
VAR-202510-4302
Vulnerability from variot - Updated: 2025-11-20 23:21The Canon MF745C/746C is a color laser multifunction printer that supports printing, copying, scanning, and faxing.
Canon (China) Co., Ltd.'s Canon MF745C/746C printers contain a weak password vulnerability that attackers could exploit to obtain sensitive information.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202510-4302",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mf745c/746c",
"scope": null,
"trust": 0.6,
"vendor": "canon",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-27963"
}
]
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2025-27963",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2025-27963",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-27963"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Canon MF745C/746C is a color laser multifunction printer that supports printing, copying, scanning, and faxing.\n\nCanon (China) Co., Ltd.\u0027s Canon MF745C/746C printers contain a weak password vulnerability that attackers could exploit to obtain sensitive information.",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-27963"
}
],
"trust": 0.6
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-27963",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-27963"
}
]
},
"id": "VAR-202510-4302",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-27963"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-27963"
}
]
},
"last_update_date": "2025-11-20T23:21:50.564000Z",
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-27963"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-10-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-27963"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-11-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-27963"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Canon (China) Co., Ltd.\u0027s Canon MF745C/746C has a weak password vulnerability.",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-27963"
}
],
"trust": 0.6
}
}
VAR-202509-4508
Vulnerability from variot - Updated: 2025-11-19 23:24The Canon MF220 Series is a 4-in-1 multifunction laser printer.
Canon (China) Co., Ltd.'s Canon MF220 Series printer has a weak password vulnerability that attackers could exploit to obtain sensitive information.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202509-4508",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mf220 series",
"scope": null,
"trust": 0.6,
"vendor": "canon",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-26032"
}
]
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2025-26032",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2025-26032",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-26032"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Canon MF220 Series is a 4-in-1 multifunction laser printer.\n\nCanon (China) Co., Ltd.\u0027s Canon MF220 Series printer has a weak password vulnerability that attackers could exploit to obtain sensitive information.",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-26032"
}
],
"trust": 0.6
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-26032",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-26032"
}
]
},
"id": "VAR-202509-4508",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-26032"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-26032"
}
]
},
"last_update_date": "2025-11-19T23:24:56.565000Z",
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-26032"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-09-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-26032"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-10-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-26032"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Canon MF220 Series from Canon (China) Co., Ltd. has a weak password vulnerability.",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-26032"
}
],
"trust": 0.6
}
}
VAR-202506-2995
Vulnerability from variot - Updated: 2025-06-27 23:14Canon iR-ADV C5535 is a high-performance color digital multifunction machine with multiple functions such as copying, printing, scanning and faxing.
Canon iR-ADV C5535 of Canon (China) Co., Ltd. has a weak password vulnerability. Attackers can use the vulnerability to log in to the system and obtain sensitive information.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202506-2995",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ir-adv c5535",
"scope": null,
"trust": 0.6,
"vendor": "canon",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-13154"
}
]
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2025-13154",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2025-13154",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-13154"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Canon iR-ADV C5535 is a high-performance color digital multifunction machine with multiple functions such as copying, printing, scanning and faxing.\n\nCanon iR-ADV C5535 of Canon (China) Co., Ltd. has a weak password vulnerability. Attackers can use the vulnerability to log in to the system and obtain sensitive information.",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-13154"
}
],
"trust": 0.6
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-13154",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-13154"
}
]
},
"id": "VAR-202506-2995",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-13154"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-13154"
}
]
},
"last_update_date": "2025-06-27T23:14:18.054000Z",
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-13154"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-13154"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-13154"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Canon (China) Co., Ltd. Canon iR-ADV C5535 has a weak password vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-13154"
}
],
"trust": 0.6
}
}
VAR-201509-0494
Vulnerability from variot - Updated: 2025-04-13 23:29Cross-site request forgery (CSRF) vulnerability in the Remote UI on Canon PIXMA MG7500 printers allows remote attackers to hijack the authentication of administrators. PIXMA MG7500 Series provided by Canon Inc. contain a cross-site request forgery vulnerability. TOMITA Ryo of Fukuoka Junior High School attached to the Fukuoka University of Education (FUE) reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user views a malicious page while logged into the Remote UI, unintended operations may be performed. The Canon PIXMA MG7500 is an inkjet MFP from Canon. The Remote UI is one of the remote user interfaces. An attacker can exploit this issue to perform unauthorized actions in the context of a logged-in user of the affected device. This may aid in other attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201509-0494",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pixma mg7500 series inkjet printer",
"scope": "eq",
"trust": 1.6,
"vendor": "canon",
"version": null
},
{
"model": "pixma mg7500 series",
"scope": "eq",
"trust": 0.8,
"vendor": "canon",
"version": "inkjet printer"
},
{
"model": "pixma mg7500 printers",
"scope": null,
"trust": 0.6,
"vendor": "canon",
"version": null
},
{
"model": "inkjet printer pixma mg7500 series",
"scope": "eq",
"trust": 0.3,
"vendor": "canon",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06019"
},
{
"db": "BID",
"id": "76711"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000129"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-143"
},
{
"db": "NVD",
"id": "CVE-2015-5631"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:canon:pixma_mg7500_series_inkjet_printer",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-000129"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TOMITA Ryo",
"sources": [
{
"db": "BID",
"id": "76711"
}
],
"trust": 0.3
},
"cve": "CVE-2015-5631",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2015-5631",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2015-000129",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "CNVD-2015-06019",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-83592",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-5631",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2015-000129",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-06019",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201509-143",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-83592",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06019"
},
{
"db": "VULHUB",
"id": "VHN-83592"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000129"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-143"
},
{
"db": "NVD",
"id": "CVE-2015-5631"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site request forgery (CSRF) vulnerability in the Remote UI on Canon PIXMA MG7500 printers allows remote attackers to hijack the authentication of administrators. PIXMA MG7500 Series provided by Canon Inc. contain a cross-site request forgery vulnerability. TOMITA Ryo of Fukuoka Junior High School attached to the Fukuoka University of Education (FUE) reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user views a malicious page while logged into the Remote UI, unintended operations may be performed. The Canon PIXMA MG7500 is an inkjet MFP from Canon. The Remote UI is one of the remote user interfaces. \nAn attacker can exploit this issue to perform unauthorized actions in the context of a logged-in user of the affected device. This may aid in other attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-5631"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000129"
},
{
"db": "CNVD",
"id": "CNVD-2015-06019"
},
{
"db": "BID",
"id": "76711"
},
{
"db": "VULHUB",
"id": "VHN-83592"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-5631",
"trust": 3.4
},
{
"db": "JVN",
"id": "JVN07427376",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000129",
"trust": 3.1
},
{
"db": "CNNVD",
"id": "CNNVD-201509-143",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-06019",
"trust": 0.6
},
{
"db": "BID",
"id": "76711",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-83592",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06019"
},
{
"db": "VULHUB",
"id": "VHN-83592"
},
{
"db": "BID",
"id": "76711"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000129"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-143"
},
{
"db": "NVD",
"id": "CVE-2015-5631"
}
]
},
"id": "VAR-201509-0494",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06019"
},
{
"db": "VULHUB",
"id": "VHN-83592"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06019"
}
]
},
"last_update_date": "2025-04-13T23:29:32.063000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Useful Tips for Reducing the Risk of Unauthorized Access for Inkjet Printer (PIXMA series)/Business Inkjet Printer (MAXIFY series)",
"trust": 0.8,
"url": "http://www.canon.com/support/pdf/inkjet-printer.pdf"
},
{
"title": "Canon PIXMA MG7500 Printer Cross-Site Request Forgery Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/63986"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06019"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000129"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-83592"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000129"
},
{
"db": "NVD",
"id": "CVE-2015-5631"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://jvn.jp/en/jp/jvn07427376/index.html"
},
{
"trust": 1.7,
"url": "http://www.canon.com/support/pdf/inkjet-printer.pdf"
},
{
"trust": 1.7,
"url": "http://jvndb.jvn.jp/jvndb/jvndb-2015-000129"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5631"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5631"
},
{
"trust": 0.6,
"url": "http://jvndb.jvn.jp/en/contents/2015/jvndb-2015-000129.html"
},
{
"trust": 0.3,
"url": "http://www.canon.com/"
},
{
"trust": 0.3,
"url": " http://jvn.jp/en/jp/jvn07427376/index.html jvn#07427376 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06019"
},
{
"db": "VULHUB",
"id": "VHN-83592"
},
{
"db": "BID",
"id": "76711"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000129"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-143"
},
{
"db": "NVD",
"id": "CVE-2015-5631"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-06019"
},
{
"db": "VULHUB",
"id": "VHN-83592"
},
{
"db": "BID",
"id": "76711"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000129"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-143"
},
{
"db": "NVD",
"id": "CVE-2015-5631"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-06019"
},
{
"date": "2015-09-11T00:00:00",
"db": "VULHUB",
"id": "VHN-83592"
},
{
"date": "2015-09-11T00:00:00",
"db": "BID",
"id": "76711"
},
{
"date": "2015-09-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-000129"
},
{
"date": "2015-09-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-143"
},
{
"date": "2015-09-11T16:59:04.907000",
"db": "NVD",
"id": "CVE-2015-5631"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-06019"
},
{
"date": "2015-09-14T00:00:00",
"db": "VULHUB",
"id": "VHN-83592"
},
{
"date": "2015-09-11T00:00:00",
"db": "BID",
"id": "76711"
},
{
"date": "2015-09-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-000129"
},
{
"date": "2015-09-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-143"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-5631"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-143"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Canon PIXMA MG7500 Printer Cross-Site Request Forgery Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06019"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-143"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-143"
}
],
"trust": 0.6
}
}
VAR-201504-0248
Vulnerability from variot - Updated: 2025-04-13 23:18The Multicast DNS (mDNS) responder in Synology DiskStation Manager (DSM) before 3.1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets to the Avahi component. Multicast DNS implementations may respond to unicast queries that originate from sources outside of the local link network. Such responses may disclose information about network devices or be used in denial-of-service (DoS) amplification attacks. Multiple products are prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information or crash the system, resulting in a denial-of-service condition. Other attacks are also possible. Synology DiskStation Manager (DSM) is an operating system developed by Synology for network storage servers (NAS). The operating system can manage data, documents, photos, music and other information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201504-0248",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "diskstation manager",
"scope": "lte",
"trust": 1.0,
"vendor": "synology",
"version": "3.0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "avahi mdns",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "canon",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "synology",
"version": null
},
{
"model": "diskstation manager",
"scope": "lt",
"trust": 0.8,
"vendor": "synology",
"version": "3.1"
},
{
"model": "diskstation manager",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "3.0"
},
{
"model": "color laserjet",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "47000"
},
{
"model": "avahi",
"scope": "eq",
"trust": 0.3,
"vendor": "avahi",
"version": "0.6.26"
},
{
"model": "avahi",
"scope": "eq",
"trust": 0.3,
"vendor": "avahi",
"version": "0.6.25"
},
{
"model": "avahi",
"scope": "eq",
"trust": 0.3,
"vendor": "avahi",
"version": "0.6.24"
},
{
"model": "avahi",
"scope": "eq",
"trust": 0.3,
"vendor": "avahi",
"version": "0.6.23"
},
{
"model": "avahi",
"scope": "eq",
"trust": 0.3,
"vendor": "avahi",
"version": "0.6.20"
},
{
"model": "avahi",
"scope": "eq",
"trust": 0.3,
"vendor": "avahi",
"version": "0.6.16"
},
{
"model": "avahi",
"scope": "eq",
"trust": 0.3,
"vendor": "avahi",
"version": "0.6.15"
},
{
"model": "avahi",
"scope": "eq",
"trust": 0.3,
"vendor": "avahi",
"version": "0.6.13"
},
{
"model": "avahi",
"scope": "eq",
"trust": 0.3,
"vendor": "avahi",
"version": "0.6.11"
},
{
"model": "avahi",
"scope": "eq",
"trust": 0.3,
"vendor": "avahi",
"version": "0.6.10"
},
{
"model": "avahi",
"scope": "eq",
"trust": 0.3,
"vendor": "avahi",
"version": "0.6.9"
},
{
"model": "avahi",
"scope": "eq",
"trust": 0.3,
"vendor": "avahi",
"version": "0.6.8"
},
{
"model": "avahi",
"scope": "eq",
"trust": 0.3,
"vendor": "avahi",
"version": "0.6.7"
},
{
"model": "avahi",
"scope": "eq",
"trust": 0.3,
"vendor": "avahi",
"version": "0.5.2"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#550620"
},
{
"db": "BID",
"id": "73683"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002046"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-655"
},
{
"db": "NVD",
"id": "CVE-2015-2809"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:synology:diskstation_manager",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002046"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Chad Seaman",
"sources": [
{
"db": "BID",
"id": "73683"
}
],
"trust": 0.3
},
"cve": "CVE-2015-2809",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2015-2809",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-80770",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-2809",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-2809",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201503-655",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-80770",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80770"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002046"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-655"
},
{
"db": "NVD",
"id": "CVE-2015-2809"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Multicast DNS (mDNS) responder in Synology DiskStation Manager (DSM) before 3.1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets to the Avahi component. Multicast DNS implementations may respond to unicast queries that originate from sources outside of the local link network. Such responses may disclose information about network devices or be used in denial-of-service (DoS) amplification attacks. Multiple products are prone to an information-disclosure vulnerability. \nAttackers can exploit this issue to obtain sensitive information or crash the system, resulting in a denial-of-service condition. Other attacks are also possible. Synology DiskStation Manager (DSM) is an operating system developed by Synology for network storage servers (NAS). The operating system can manage data, documents, photos, music and other information",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2809"
},
{
"db": "CERT/CC",
"id": "VU#550620"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002046"
},
{
"db": "BID",
"id": "73683"
},
{
"db": "VULHUB",
"id": "VHN-80770"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#550620",
"trust": 3.3
},
{
"db": "NVD",
"id": "CVE-2015-2809",
"trust": 2.8
},
{
"db": "BID",
"id": "73683",
"trust": 1.4
},
{
"db": "JVN",
"id": "JVNVU98589419",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002046",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201503-655",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-80770",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#550620"
},
{
"db": "VULHUB",
"id": "VHN-80770"
},
{
"db": "BID",
"id": "73683"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002046"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-655"
},
{
"db": "NVD",
"id": "CVE-2015-2809"
}
]
},
"id": "VAR-201504-0248",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-80770"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:18:10.736000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DiskStation Manager 5.1",
"trust": 0.8,
"url": "https://www.synology.com/en-global/dsm/"
},
{
"title": "DSM_RS3411xs_1760",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54792"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002046"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-655"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80770"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002046"
},
{
"db": "NVD",
"id": "CVE-2015-2809"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.kb.cert.org/vuls/id/550620"
},
{
"trust": 2.5,
"url": "http://www.kb.cert.org/vuls/id/bluu-9tlshd"
},
{
"trust": 1.6,
"url": "https://github.com/chadillac/mdns_recon"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/73683"
},
{
"trust": 0.8,
"url": "http://www.ietf.org/rfc/rfc6762.txt"
},
{
"trust": 0.8,
"url": "https://www.usa.canon.com/cusa/support/consumer?pagekeycode=prdadvdetail\u0026docid=0901e02480ea9d5d"
},
{
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699497"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2809"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu98589419/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2809"
},
{
"trust": 0.8,
"url": "https://tools.ietf.org/html/rfc6762#section-5.5"
},
{
"trust": 0.8,
"url": "http://lists.freedesktop.org/archives/avahi/2010-november/001952.html"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#550620"
},
{
"db": "VULHUB",
"id": "VHN-80770"
},
{
"db": "BID",
"id": "73683"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002046"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-655"
},
{
"db": "NVD",
"id": "CVE-2015-2809"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#550620"
},
{
"db": "VULHUB",
"id": "VHN-80770"
},
{
"db": "BID",
"id": "73683"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002046"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-655"
},
{
"db": "NVD",
"id": "CVE-2015-2809"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-03-31T00:00:00",
"db": "CERT/CC",
"id": "VU#550620"
},
{
"date": "2015-04-01T00:00:00",
"db": "VULHUB",
"id": "VHN-80770"
},
{
"date": "2015-03-31T00:00:00",
"db": "BID",
"id": "73683"
},
{
"date": "2015-04-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002046"
},
{
"date": "2015-03-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201503-655"
},
{
"date": "2015-04-01T02:00:35.970000",
"db": "NVD",
"id": "CVE-2015-2809"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-05-15T00:00:00",
"db": "CERT/CC",
"id": "VU#550620"
},
{
"date": "2016-07-29T00:00:00",
"db": "VULHUB",
"id": "VHN-80770"
},
{
"date": "2015-05-15T00:14:00",
"db": "BID",
"id": "73683"
},
{
"date": "2015-04-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002046"
},
{
"date": "2015-04-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201503-655"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-2809"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201503-655"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multicast DNS (mDNS) implementations may respond to unicast queries originating outside the local link",
"sources": [
{
"db": "CERT/CC",
"id": "VU#550620"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201503-655"
}
],
"trust": 0.6
}
}
VAR-201504-0377
Vulnerability from variot - Updated: 2025-04-13 23:18The Multicast DNS (mDNS) responder in IBM Security Access Manager for Web 7.x before 7.0.0 FP12 and 8.x before 8.0.1 FP1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets. Multicast DNS implementations may respond to unicast queries that originate from sources outside of the local link network. Such responses may disclose information about network devices or be used in denial-of-service (DoS) amplification attacks. Multiple products are prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information or crash the system, resulting in a denial-of-service condition. Other attacks are also possible. IBM Security Access Manager (ISAM) for Web (formerly known as IBM Tivoli Access Manager for e-business) is a set of products used in user authentication, authorization and Web single sign-on solutions of IBM Corporation in the United States. It provides user access management and Web application protection function. The following versions are affected: ISAM for Web 7.0 with firmware 7.0.0.11 and earlier, and ISAM for Web 8.0 with firmware 8.0.0.1 through 8.0.0.5 and 8.0.1.0
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201504-0377",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "security access manager for web 8.0",
"scope": "eq",
"trust": 1.6,
"vendor": "ibm",
"version": "8.0.0.3"
},
{
"model": "security access manager for web 8.0",
"scope": "eq",
"trust": 1.6,
"vendor": "ibm",
"version": "8.0.0.2"
},
{
"model": "security access manager for web 8.0",
"scope": "eq",
"trust": 1.6,
"vendor": "ibm",
"version": "8.0.0.5"
},
{
"model": "security access manager for web 8.0",
"scope": "eq",
"trust": 1.6,
"vendor": "ibm",
"version": "8.0.1.0"
},
{
"model": "security access manager for web 8.0",
"scope": "eq",
"trust": 1.6,
"vendor": "ibm",
"version": "8.0.0.4"
},
{
"model": "security access manager for web 8.0",
"scope": "eq",
"trust": 1.6,
"vendor": "ibm",
"version": "8.0.0.1"
},
{
"model": "security access manager for web 7.0",
"scope": "lte",
"trust": 1.0,
"vendor": "ibm",
"version": "7.0.0.11"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "avahi mdns",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "canon",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "synology",
"version": null
},
{
"model": "security access manager for web software",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "7.0.0 fp12"
},
{
"model": "security access manager for web software",
"scope": "lt",
"trust": 0.8,
"vendor": "ibm",
"version": "8.x"
},
{
"model": "security access manager for web software",
"scope": "lt",
"trust": 0.8,
"vendor": "ibm",
"version": "7.x"
},
{
"model": "security access manager for web software",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "8.0.1 fp1"
},
{
"model": "security access manager for web 7.0",
"scope": "eq",
"trust": 0.6,
"vendor": "ibm",
"version": "7.0.0.11"
},
{
"model": "color laserjet",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "47000"
},
{
"model": "avahi",
"scope": "eq",
"trust": 0.3,
"vendor": "avahi",
"version": "0.6.26"
},
{
"model": "avahi",
"scope": "eq",
"trust": 0.3,
"vendor": "avahi",
"version": "0.6.25"
},
{
"model": "avahi",
"scope": "eq",
"trust": 0.3,
"vendor": "avahi",
"version": "0.6.24"
},
{
"model": "avahi",
"scope": "eq",
"trust": 0.3,
"vendor": "avahi",
"version": "0.6.23"
},
{
"model": "avahi",
"scope": "eq",
"trust": 0.3,
"vendor": "avahi",
"version": "0.6.20"
},
{
"model": "avahi",
"scope": "eq",
"trust": 0.3,
"vendor": "avahi",
"version": "0.6.16"
},
{
"model": "avahi",
"scope": "eq",
"trust": 0.3,
"vendor": "avahi",
"version": "0.6.15"
},
{
"model": "avahi",
"scope": "eq",
"trust": 0.3,
"vendor": "avahi",
"version": "0.6.13"
},
{
"model": "avahi",
"scope": "eq",
"trust": 0.3,
"vendor": "avahi",
"version": "0.6.11"
},
{
"model": "avahi",
"scope": "eq",
"trust": 0.3,
"vendor": "avahi",
"version": "0.6.10"
},
{
"model": "avahi",
"scope": "eq",
"trust": 0.3,
"vendor": "avahi",
"version": "0.6.9"
},
{
"model": "avahi",
"scope": "eq",
"trust": 0.3,
"vendor": "avahi",
"version": "0.6.8"
},
{
"model": "avahi",
"scope": "eq",
"trust": 0.3,
"vendor": "avahi",
"version": "0.6.7"
},
{
"model": "avahi",
"scope": "eq",
"trust": 0.3,
"vendor": "avahi",
"version": "0.5.2"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#550620"
},
{
"db": "BID",
"id": "73683"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002048"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-653"
},
{
"db": "NVD",
"id": "CVE-2015-1892"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:ibm:security_access_manager_for_web_software",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002048"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Chad Seaman",
"sources": [
{
"db": "BID",
"id": "73683"
}
],
"trust": 0.3
},
"cve": "CVE-2015-1892",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2015-1892",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-79853",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-1892",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-1892",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201503-653",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-79853",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-79853"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002048"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-653"
},
{
"db": "NVD",
"id": "CVE-2015-1892"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Multicast DNS (mDNS) responder in IBM Security Access Manager for Web 7.x before 7.0.0 FP12 and 8.x before 8.0.1 FP1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets. Multicast DNS implementations may respond to unicast queries that originate from sources outside of the local link network. Such responses may disclose information about network devices or be used in denial-of-service (DoS) amplification attacks. Multiple products are prone to an information-disclosure vulnerability. \nAttackers can exploit this issue to obtain sensitive information or crash the system, resulting in a denial-of-service condition. Other attacks are also possible. IBM Security Access Manager (ISAM) for Web (formerly known as IBM Tivoli Access Manager for e-business) is a set of products used in user authentication, authorization and Web single sign-on solutions of IBM Corporation in the United States. It provides user access management and Web application protection function. The following versions are affected: ISAM for Web 7.0 with firmware 7.0.0.11 and earlier, and ISAM for Web 8.0 with firmware 8.0.0.1 through 8.0.0.5 and 8.0.1.0",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-1892"
},
{
"db": "CERT/CC",
"id": "VU#550620"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002048"
},
{
"db": "BID",
"id": "73683"
},
{
"db": "VULHUB",
"id": "VHN-79853"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#550620",
"trust": 3.3
},
{
"db": "NVD",
"id": "CVE-2015-1892",
"trust": 2.8
},
{
"db": "BID",
"id": "73683",
"trust": 1.4
},
{
"db": "JVN",
"id": "JVNVU98589419",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002048",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201503-653",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-79853",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#550620"
},
{
"db": "VULHUB",
"id": "VHN-79853"
},
{
"db": "BID",
"id": "73683"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002048"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-653"
},
{
"db": "NVD",
"id": "CVE-2015-1892"
}
]
},
"id": "VAR-201504-0377",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-79853"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:18:10.703000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "1699497",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699497"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002048"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-79853"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002048"
},
{
"db": "NVD",
"id": "CVE-2015-1892"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699497"
},
{
"trust": 2.5,
"url": "http://www.kb.cert.org/vuls/id/550620"
},
{
"trust": 1.7,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1iv70911"
},
{
"trust": 1.7,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1iv70913"
},
{
"trust": 1.6,
"url": "https://github.com/chadillac/mdns_recon"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/73683"
},
{
"trust": 0.8,
"url": "http://www.ietf.org/rfc/rfc6762.txt"
},
{
"trust": 0.8,
"url": "https://www.usa.canon.com/cusa/support/consumer?pagekeycode=prdadvdetail\u0026docid=0901e02480ea9d5d"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1892"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu98589419/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1892"
},
{
"trust": 0.8,
"url": "https://tools.ietf.org/html/rfc6762#section-5.5"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#550620"
},
{
"db": "VULHUB",
"id": "VHN-79853"
},
{
"db": "BID",
"id": "73683"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002048"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-653"
},
{
"db": "NVD",
"id": "CVE-2015-1892"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#550620"
},
{
"db": "VULHUB",
"id": "VHN-79853"
},
{
"db": "BID",
"id": "73683"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002048"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-653"
},
{
"db": "NVD",
"id": "CVE-2015-1892"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-03-31T00:00:00",
"db": "CERT/CC",
"id": "VU#550620"
},
{
"date": "2015-04-01T00:00:00",
"db": "VULHUB",
"id": "VHN-79853"
},
{
"date": "2015-03-31T00:00:00",
"db": "BID",
"id": "73683"
},
{
"date": "2015-04-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002048"
},
{
"date": "2015-03-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201503-653"
},
{
"date": "2015-04-01T02:00:32.220000",
"db": "NVD",
"id": "CVE-2015-1892"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-05-15T00:00:00",
"db": "CERT/CC",
"id": "VU#550620"
},
{
"date": "2016-08-04T00:00:00",
"db": "VULHUB",
"id": "VHN-79853"
},
{
"date": "2015-05-15T00:14:00",
"db": "BID",
"id": "73683"
},
{
"date": "2015-04-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002048"
},
{
"date": "2015-04-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201503-653"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-1892"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201503-653"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multicast DNS (mDNS) implementations may respond to unicast queries originating outside the local link",
"sources": [
{
"db": "CERT/CC",
"id": "VU#550620"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201503-653"
}
],
"trust": 0.6
}
}
VAR-201306-0344
Vulnerability from variot - Updated: 2025-04-11 22:48The Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers allow remote attackers to cause a denial of service (device hang) via a crafted LAN_TXT24 parameter to English/pages_MacUS/cgi_lan.cgi followed by a direct request to English/pages_MacUS/lan_set_content.html. NOTE: the vendor has apparently responded by stating "Canon believes that its printers will not have to deal with unauthorized access to the network from an external location as long as the printers are used in a secured environment.". Canon Printer is a printer developed by Canon. Many models of Canon Printer do not correctly handle user-submitted requests, allowing remote attackers to submit special HTTP requests, causing the printer to stop responding and need to be restarted for normal functionality. An attacker can exploit this issue to cause an affected device to stop responding and require a reboot, denying service to legitimate users. Vulnerabilities exist in the following models: MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, MX922. The below 3 issues have been tested and verified working on the following Canon Printer models (May affect more, but this is all I was able to test against): MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920
1 (CVE-2013-4613): Canon printers do not require a password for the
administrative interfaces by default. Unauthorized users on the network may configure the printer. If the printer is exposed to the public internet, anonymous users may make configuration changes as well. This should be corrected by requiring a password, even if only a default, but should recommend users to change it upon initial setup of the device.
2 (CVE-2013-4614): The administrative interface on these printers allow a
user to enter a WEP/WPA/WPA2 pre-shared key. Once a key is entered, when a user browses the configuration page again, they can view the current password in clear-text. Once a password is configured, it should not allow the user to read it again. If the user wants to change the password, they should be required to enter a new one, which then overwrites the old one.
3 (CVE-2013-4615): There is a denial of service condition in the
administrative interface on the devices. Using specially crafted HTTP requests, it is possible to cause the device to no longer respond. This requires the device to be turned off, and then back on again, to which the printer will display a message about not being properly turned off, on the display (if model has a display).
I have disclosed all 3 of these issues to Canon, and unfortunately they do not feel it is necessary to fix them (In all fairness, they're not super high severity). More details, along with PoC and Metasploit modules are available here: * http://www.mattandreko.com/2013/06/canon-y-u-no-security.html*
Timeline: May 27, 2013: Initial Email to vendor's support May 28, 2013: Vendor support emailed for additional details May 28, 2013: Sent a proof-of-concept exploit for the DoS vulnerability to vendor May 30, 2013: Vendor escalated issue internally June 4, 2013: Vendor notification that issue has been escalated to manufacturer June 14, 2013: Vendor notification that they will not fix issues June 18, 2013: Public Disclosure
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201306-0344",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mg3100 printer",
"scope": "eq",
"trust": 1.6,
"vendor": "canon",
"version": null
},
{
"model": "mx870 printer",
"scope": "eq",
"trust": 1.6,
"vendor": "canon",
"version": null
},
{
"model": "mp495 printer",
"scope": "eq",
"trust": 1.6,
"vendor": "canon",
"version": null
},
{
"model": "mg6100 printer",
"scope": "eq",
"trust": 1.6,
"vendor": "canon",
"version": null
},
{
"model": "mx922 printer",
"scope": "eq",
"trust": 1.6,
"vendor": "canon",
"version": null
},
{
"model": "mp340 printer",
"scope": "eq",
"trust": 1.6,
"vendor": "canon",
"version": null
},
{
"model": "mx890 printer",
"scope": "eq",
"trust": 1.6,
"vendor": "canon",
"version": null
},
{
"model": "mx920 printer",
"scope": "eq",
"trust": 1.6,
"vendor": "canon",
"version": null
},
{
"model": "mg5300 printer",
"scope": "eq",
"trust": 1.6,
"vendor": "canon",
"version": null
},
{
"model": "pixma mp495",
"scope": null,
"trust": 0.8,
"vendor": "canon",
"version": null
},
{
"model": "pixma mx340",
"scope": null,
"trust": 0.8,
"vendor": "canon",
"version": null
},
{
"model": "pixma mx920",
"scope": null,
"trust": 0.8,
"vendor": "canon",
"version": null
},
{
"model": "pixma mx922",
"scope": null,
"trust": 0.8,
"vendor": "canon",
"version": null
},
{
"model": "pixus mg3130",
"scope": null,
"trust": 0.8,
"vendor": "canon",
"version": null
},
{
"model": "pixus mg5330",
"scope": null,
"trust": 0.8,
"vendor": "canon",
"version": null
},
{
"model": "pixus mg6130",
"scope": null,
"trust": 0.8,
"vendor": "canon",
"version": null
},
{
"model": "pixus mx870",
"scope": null,
"trust": 0.8,
"vendor": "canon",
"version": null
},
{
"model": "pixus mx893",
"scope": null,
"trust": 0.8,
"vendor": "canon",
"version": null
},
{
"model": "printer mg3100",
"scope": null,
"trust": 0.6,
"vendor": "canon",
"version": null
},
{
"model": "printer mg5300",
"scope": null,
"trust": 0.6,
"vendor": "canon",
"version": null
},
{
"model": "printer mg6100",
"scope": null,
"trust": 0.6,
"vendor": "canon",
"version": null
},
{
"model": "printer mp495",
"scope": null,
"trust": 0.6,
"vendor": "canon",
"version": null
},
{
"model": "printer mx340",
"scope": null,
"trust": 0.6,
"vendor": "canon",
"version": null
},
{
"model": "printer mx870",
"scope": null,
"trust": 0.6,
"vendor": "canon",
"version": null
},
{
"model": "printer mx890",
"scope": null,
"trust": 0.6,
"vendor": "canon",
"version": null
},
{
"model": "printer mx920",
"scope": null,
"trust": 0.6,
"vendor": "canon",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-07718"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003113"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-390"
},
{
"db": "NVD",
"id": "CVE-2013-4615"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:canon:mp495_printer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:canon:mp340_printer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:canon:mx920_printer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:canon:mx922_printer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:canon:mg3100_printer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:canon:mg5300_printer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:canon:mg6100_printer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:canon:mx870_printer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:canon:mx890_printer",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003113"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Matt Andreko",
"sources": [
{
"db": "BID",
"id": "60598"
},
{
"db": "PACKETSTORM",
"id": "122073"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-390"
}
],
"trust": 1.0
},
"cve": "CVE-2013-4615",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2013-4615",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-07718",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-64617",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-4615",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2013-4615",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2013-07718",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201306-390",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-64617",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-07718"
},
{
"db": "VULHUB",
"id": "VHN-64617"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003113"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-390"
},
{
"db": "NVD",
"id": "CVE-2013-4615"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers allow remote attackers to cause a denial of service (device hang) via a crafted LAN_TXT24 parameter to English/pages_MacUS/cgi_lan.cgi followed by a direct request to English/pages_MacUS/lan_set_content.html. NOTE: the vendor has apparently responded by stating \"Canon believes that its printers will not have to deal with unauthorized access to the network from an external location as long as the printers are used in a secured environment.\". Canon Printer is a printer developed by Canon. Many models of Canon Printer do not correctly handle user-submitted requests, allowing remote attackers to submit special HTTP requests, causing the printer to stop responding and need to be restarted for normal functionality. \nAn attacker can exploit this issue to cause an affected device to stop responding and require a reboot, denying service to legitimate users. Vulnerabilities exist in the following models: MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, MX922. The below 3 issues have been tested and verified working on the following\nCanon Printer models (May affect more, but this is all I was able to test\nagainst):\nMG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920\n\n#1 (CVE-2013-4613): Canon printers do not require a password for the\nadministrative interfaces by default. Unauthorized users on the network may\nconfigure the printer. If the printer is exposed to the public internet,\nanonymous users may make configuration changes as well. This should be\ncorrected by requiring a password, even if only a default, but should\nrecommend users to change it upon initial setup of the device. \n\n#2 (CVE-2013-4614): The administrative interface on these printers allow a\nuser to enter a WEP/WPA/WPA2 pre-shared key. Once a key is entered, when a\nuser browses the configuration page again, they can view the current\npassword in clear-text. Once a password is configured, it should not allow\nthe user to read it again. If the user wants to change the password, they\nshould be required to enter a new one, which then overwrites the old one. \n\n#3 (CVE-2013-4615): There is a denial of service condition in the\nadministrative interface on the devices. Using specially crafted HTTP\nrequests, it is possible to cause the device to no longer respond. This\nrequires the device to be turned off, and then back on again, to which the\nprinter will display a message about not being properly turned off, on the\ndisplay (if model has a display). \n\nI have disclosed all 3 of these issues to Canon, and unfortunately they do\nnot feel it is necessary to fix them (In all fairness, they\u0027re not super\nhigh severity). More details, along with PoC and Metasploit modules are\navailable here: *\nhttp://www.mattandreko.com/2013/06/canon-y-u-no-security.html*\n\nTimeline:\nMay 27, 2013: Initial Email to vendor\u0027s support\nMay 28, 2013: Vendor support emailed for additional details\nMay 28, 2013: Sent a proof-of-concept exploit for the DoS vulnerability to\nvendor\nMay 30, 2013: Vendor escalated issue internally\nJune 4, 2013: Vendor notification that issue has been escalated to\nmanufacturer\nJune 14, 2013: Vendor notification that they will not fix issues\nJune 18, 2013: Public Disclosure\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-4615"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003113"
},
{
"db": "CNVD",
"id": "CNVD-2013-07718"
},
{
"db": "BID",
"id": "60598"
},
{
"db": "VULHUB",
"id": "VHN-64617"
},
{
"db": "PACKETSTORM",
"id": "122073"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-4615",
"trust": 3.5
},
{
"db": "BID",
"id": "60598",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003113",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201306-390",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2013-07718",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20130618 CANON WIRELESS PRINTER DISCLOSURE \u0026 DOS",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-64617",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "122073",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-07718"
},
{
"db": "VULHUB",
"id": "VHN-64617"
},
{
"db": "BID",
"id": "60598"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003113"
},
{
"db": "PACKETSTORM",
"id": "122073"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-390"
},
{
"db": "NVD",
"id": "CVE-2013-4615"
}
]
},
"id": "VAR-201306-0344",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-07718"
},
{
"db": "VULHUB",
"id": "VHN-64617"
}
],
"trust": 1.4083333625
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-07718"
}
]
},
"last_update_date": "2025-04-11T22:48:46.240000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "PIXUS \u5546\u54c1\u4e00\u89a7",
"trust": 0.8,
"url": "http://cweb.canon.jp/pixus/lineup/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003113"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-64617"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003113"
},
{
"db": "NVD",
"id": "CVE-2013-4615"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.mattandreko.com/2013/06/canon-y-u-no-security.html"
},
{
"trust": 2.5,
"url": "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/http/canon_wireless_printer.rb"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0146.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4615"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4615"
},
{
"trust": 0.6,
"url": "http://seclists.org/fulldisclosure/2013/jun/145"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/60598"
},
{
"trust": 0.3,
"url": "http://www.canon.com/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4614"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4615"
},
{
"trust": 0.1,
"url": "http://www.mattandreko.com/2013/06/canon-y-u-no-security.html*"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4613"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-07718"
},
{
"db": "VULHUB",
"id": "VHN-64617"
},
{
"db": "BID",
"id": "60598"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003113"
},
{
"db": "PACKETSTORM",
"id": "122073"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-390"
},
{
"db": "NVD",
"id": "CVE-2013-4615"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-07718"
},
{
"db": "VULHUB",
"id": "VHN-64617"
},
{
"db": "BID",
"id": "60598"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003113"
},
{
"db": "PACKETSTORM",
"id": "122073"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-390"
},
{
"db": "NVD",
"id": "CVE-2013-4615"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-06-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-07718"
},
{
"date": "2013-06-21T00:00:00",
"db": "VULHUB",
"id": "VHN-64617"
},
{
"date": "2013-06-18T00:00:00",
"db": "BID",
"id": "60598"
},
{
"date": "2013-06-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003113"
},
{
"date": "2013-06-18T14:23:23",
"db": "PACKETSTORM",
"id": "122073"
},
{
"date": "2013-06-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201306-390"
},
{
"date": "2013-06-21T21:55:01.057000",
"db": "NVD",
"id": "CVE-2013-4615"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-06-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-07718"
},
{
"date": "2013-06-24T00:00:00",
"db": "VULHUB",
"id": "VHN-64617"
},
{
"date": "2013-06-18T00:00:00",
"db": "BID",
"id": "60598"
},
{
"date": "2013-06-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003113"
},
{
"date": "2013-06-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201306-390"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2013-4615"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201306-390"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Canon Service disruption in printers (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003113"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201306-390"
}
],
"trust": 0.6
}
}
VAR-201306-0342
Vulnerability from variot - Updated: 2025-04-11 22:48The default configuration of the administrative interface on the Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers does not require authentication, which allows remote attackers to modify the configuration by visiting the Advanced page. NOTE: the vendor has apparently responded by stating "for user convenience, the default setting does not require a password. However, if a user has a particular concern about third parties accessing the user's home printer, the default setting can be changed to add a password.". Canon Printer is a printer developed by Canon. If the printer is connected to a public Internet network, anonymous users are allowed to modify the configuration. Exploiting this issue can allow a remote attacker to gain access and perform unauthorized configuration changes on the affected device. This may aid in further attacks. Vulnerabilities exist in the following models: MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, MX922. This should be corrected by requiring a password, even if only a default, but should recommend users to change it upon initial setup of the device.
2 (CVE-2013-4614): The administrative interface on these printers allow a
user to enter a WEP/WPA/WPA2 pre-shared key. Once a key is entered, when a user browses the configuration page again, they can view the current password in clear-text. Once a password is configured, it should not allow the user to read it again. If the user wants to change the password, they should be required to enter a new one, which then overwrites the old one.
3 (CVE-2013-4615): There is a denial of service condition in the
administrative interface on the devices. Using specially crafted HTTP requests, it is possible to cause the device to no longer respond. This requires the device to be turned off, and then back on again, to which the printer will display a message about not being properly turned off, on the display (if model has a display).
I have disclosed all 3 of these issues to Canon, and unfortunately they do not feel it is necessary to fix them (In all fairness, they're not super high severity). More details, along with PoC and Metasploit modules are available here: * http://www.mattandreko.com/2013/06/canon-y-u-no-security.html*
Timeline: May 27, 2013: Initial Email to vendor's support May 28, 2013: Vendor support emailed for additional details May 28, 2013: Sent a proof-of-concept exploit for the DoS vulnerability to vendor May 30, 2013: Vendor escalated issue internally June 4, 2013: Vendor notification that issue has been escalated to manufacturer June 14, 2013: Vendor notification that they will not fix issues June 18, 2013: Public Disclosure
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201306-0342",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mg3100 printer",
"scope": "eq",
"trust": 1.6,
"vendor": "canon",
"version": null
},
{
"model": "mx870 printer",
"scope": "eq",
"trust": 1.6,
"vendor": "canon",
"version": null
},
{
"model": "mp495 printer",
"scope": "eq",
"trust": 1.6,
"vendor": "canon",
"version": null
},
{
"model": "mx922 printer",
"scope": "eq",
"trust": 1.6,
"vendor": "canon",
"version": null
},
{
"model": "mp340 printer",
"scope": "eq",
"trust": 1.6,
"vendor": "canon",
"version": null
},
{
"model": "mx890 printer",
"scope": "eq",
"trust": 1.6,
"vendor": "canon",
"version": null
},
{
"model": "mg6100 printer",
"scope": "eq",
"trust": 1.6,
"vendor": "canon",
"version": null
},
{
"model": "mx920 printer",
"scope": "eq",
"trust": 1.6,
"vendor": "canon",
"version": null
},
{
"model": "mg5300 printer",
"scope": "eq",
"trust": 1.6,
"vendor": "canon",
"version": null
},
{
"model": "pixma mp495",
"scope": null,
"trust": 0.8,
"vendor": "canon",
"version": null
},
{
"model": "pixma mx340",
"scope": null,
"trust": 0.8,
"vendor": "canon",
"version": null
},
{
"model": "pixma mx920",
"scope": null,
"trust": 0.8,
"vendor": "canon",
"version": null
},
{
"model": "pixma mx922",
"scope": null,
"trust": 0.8,
"vendor": "canon",
"version": null
},
{
"model": "pixus mg3130",
"scope": null,
"trust": 0.8,
"vendor": "canon",
"version": null
},
{
"model": "pixus mg5330",
"scope": null,
"trust": 0.8,
"vendor": "canon",
"version": null
},
{
"model": "pixus mg6130",
"scope": null,
"trust": 0.8,
"vendor": "canon",
"version": null
},
{
"model": "pixus mx870",
"scope": null,
"trust": 0.8,
"vendor": "canon",
"version": null
},
{
"model": "pixus mx893",
"scope": null,
"trust": 0.8,
"vendor": "canon",
"version": null
},
{
"model": "printer mg3100",
"scope": null,
"trust": 0.6,
"vendor": "canon",
"version": null
},
{
"model": "printer mg5300",
"scope": null,
"trust": 0.6,
"vendor": "canon",
"version": null
},
{
"model": "printer mg6100",
"scope": null,
"trust": 0.6,
"vendor": "canon",
"version": null
},
{
"model": "printer mp495",
"scope": null,
"trust": 0.6,
"vendor": "canon",
"version": null
},
{
"model": "printer mx340",
"scope": null,
"trust": 0.6,
"vendor": "canon",
"version": null
},
{
"model": "printer mx870",
"scope": null,
"trust": 0.6,
"vendor": "canon",
"version": null
},
{
"model": "printer mx890",
"scope": null,
"trust": 0.6,
"vendor": "canon",
"version": null
},
{
"model": "printer mx920",
"scope": null,
"trust": 0.6,
"vendor": "canon",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-07716"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003111"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-388"
},
{
"db": "NVD",
"id": "CVE-2013-4613"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:canon:mp495_printer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:canon:mp340_printer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:canon:mx920_printer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:canon:mx922_printer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:canon:mg3100_printer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:canon:mg5300_printer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:canon:mg6100_printer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:canon:mx870_printer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:canon:mx890_printer",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003111"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Matt Andreko",
"sources": [
{
"db": "BID",
"id": "60612"
},
{
"db": "PACKETSTORM",
"id": "122073"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-388"
}
],
"trust": 1.0
},
"cve": "CVE-2013-4613",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2013-4613",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2013-07716",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-64615",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-4613",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2013-4613",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2013-07716",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201306-388",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-64615",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-07716"
},
{
"db": "VULHUB",
"id": "VHN-64615"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003111"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-388"
},
{
"db": "NVD",
"id": "CVE-2013-4613"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The default configuration of the administrative interface on the Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers does not require authentication, which allows remote attackers to modify the configuration by visiting the Advanced page. NOTE: the vendor has apparently responded by stating \"for user convenience, the default setting does not require a password. However, if a user has a particular concern about third parties accessing the user\u0027s home printer, the default setting can be changed to add a password.\". Canon Printer is a printer developed by Canon. If the printer is connected to a public Internet network, anonymous users are allowed to modify the configuration. \nExploiting this issue can allow a remote attacker to gain access and perform unauthorized configuration changes on the affected device. This may aid in further attacks. Vulnerabilities exist in the following models: MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, MX922. This should be\ncorrected by requiring a password, even if only a default, but should\nrecommend users to change it upon initial setup of the device. \n\n#2 (CVE-2013-4614): The administrative interface on these printers allow a\nuser to enter a WEP/WPA/WPA2 pre-shared key. Once a key is entered, when a\nuser browses the configuration page again, they can view the current\npassword in clear-text. Once a password is configured, it should not allow\nthe user to read it again. If the user wants to change the password, they\nshould be required to enter a new one, which then overwrites the old one. \n\n#3 (CVE-2013-4615): There is a denial of service condition in the\nadministrative interface on the devices. Using specially crafted HTTP\nrequests, it is possible to cause the device to no longer respond. This\nrequires the device to be turned off, and then back on again, to which the\nprinter will display a message about not being properly turned off, on the\ndisplay (if model has a display). \n\nI have disclosed all 3 of these issues to Canon, and unfortunately they do\nnot feel it is necessary to fix them (In all fairness, they\u0027re not super\nhigh severity). More details, along with PoC and Metasploit modules are\navailable here: *\nhttp://www.mattandreko.com/2013/06/canon-y-u-no-security.html*\n\nTimeline:\nMay 27, 2013: Initial Email to vendor\u0027s support\nMay 28, 2013: Vendor support emailed for additional details\nMay 28, 2013: Sent a proof-of-concept exploit for the DoS vulnerability to\nvendor\nMay 30, 2013: Vendor escalated issue internally\nJune 4, 2013: Vendor notification that issue has been escalated to\nmanufacturer\nJune 14, 2013: Vendor notification that they will not fix issues\nJune 18, 2013: Public Disclosure\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-4613"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003111"
},
{
"db": "CNVD",
"id": "CNVD-2013-07716"
},
{
"db": "BID",
"id": "60612"
},
{
"db": "VULHUB",
"id": "VHN-64615"
},
{
"db": "PACKETSTORM",
"id": "122073"
}
],
"trust": 2.61
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-64615",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-64615"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-4613",
"trust": 3.5
},
{
"db": "BID",
"id": "60612",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003111",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201306-388",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2013-07716",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20130618 CANON WIRELESS PRINTER DISCLOSURE \u0026 DOS",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "122073",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-64615",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-07716"
},
{
"db": "VULHUB",
"id": "VHN-64615"
},
{
"db": "BID",
"id": "60612"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003111"
},
{
"db": "PACKETSTORM",
"id": "122073"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-388"
},
{
"db": "NVD",
"id": "CVE-2013-4613"
}
]
},
"id": "VAR-201306-0342",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-07716"
},
{
"db": "VULHUB",
"id": "VHN-64615"
}
],
"trust": 1.4083333625
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-07716"
}
]
},
"last_update_date": "2025-04-11T22:48:46.202000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "PIXUS \u5546\u54c1\u4e00\u89a7",
"trust": 0.8,
"url": "http://cweb.canon.jp/pixus/lineup/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003111"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-64615"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003111"
},
{
"db": "NVD",
"id": "CVE-2013-4613"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.mattandreko.com/2013/06/canon-y-u-no-security.html"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0146.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4613"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4613"
},
{
"trust": 0.8,
"url": "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/http/canon_wireless_printer.rb"
},
{
"trust": 0.6,
"url": "http://seclists.org/fulldisclosure/2013/jun/145"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/60612"
},
{
"trust": 0.3,
"url": "http://www.canon.com/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4614"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4615"
},
{
"trust": 0.1,
"url": "http://www.mattandreko.com/2013/06/canon-y-u-no-security.html*"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4613"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-07716"
},
{
"db": "VULHUB",
"id": "VHN-64615"
},
{
"db": "BID",
"id": "60612"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003111"
},
{
"db": "PACKETSTORM",
"id": "122073"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-388"
},
{
"db": "NVD",
"id": "CVE-2013-4613"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-07716"
},
{
"db": "VULHUB",
"id": "VHN-64615"
},
{
"db": "BID",
"id": "60612"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003111"
},
{
"db": "PACKETSTORM",
"id": "122073"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-388"
},
{
"db": "NVD",
"id": "CVE-2013-4613"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-06-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-07716"
},
{
"date": "2013-06-21T00:00:00",
"db": "VULHUB",
"id": "VHN-64615"
},
{
"date": "2013-06-18T00:00:00",
"db": "BID",
"id": "60612"
},
{
"date": "2013-06-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003111"
},
{
"date": "2013-06-18T14:23:23",
"db": "PACKETSTORM",
"id": "122073"
},
{
"date": "2013-06-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201306-388"
},
{
"date": "2013-06-21T21:55:01.007000",
"db": "NVD",
"id": "CVE-2013-4613"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-06-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-07716"
},
{
"date": "2013-06-24T00:00:00",
"db": "VULHUB",
"id": "VHN-64615"
},
{
"date": "2013-06-18T00:00:00",
"db": "BID",
"id": "60612"
},
{
"date": "2013-06-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003111"
},
{
"date": "2013-06-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201306-388"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2013-4613"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201306-388"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Canon Vulnerability to change settings in printer management interface",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003111"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201306-388"
}
],
"trust": 0.6
}
}
VAR-201306-0343
Vulnerability from variot - Updated: 2025-04-11 22:48English/pages_MacUS/wls_set_content.html on the Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers shows the Wi-Fi PSK passphrase in cleartext, which allows physically proximate attackers to obtain sensitive information by reading the screen of an unattended workstation. Canon Printer is a printer developed by Canon. Multiple Canon Printers are prone to an information-disclosure vulnerability. A vulnerability exists in English/pages_MacUS/wls_set_content.html in Canon printers due to the program displaying Wi-Fi PSK passwords in clear text. Vulnerabilities exist in the following models: MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, MX922. The below 3 issues have been tested and verified working on the following Canon Printer models (May affect more, but this is all I was able to test against): MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920
1 (CVE-2013-4613): Canon printers do not require a password for the
administrative interfaces by default. Unauthorized users on the network may configure the printer. If the printer is exposed to the public internet, anonymous users may make configuration changes as well. This should be corrected by requiring a password, even if only a default, but should recommend users to change it upon initial setup of the device.
2 (CVE-2013-4614): The administrative interface on these printers allow a
user to enter a WEP/WPA/WPA2 pre-shared key. Once a key is entered, when a user browses the configuration page again, they can view the current password in clear-text. Once a password is configured, it should not allow the user to read it again. If the user wants to change the password, they should be required to enter a new one, which then overwrites the old one.
3 (CVE-2013-4615): There is a denial of service condition in the
administrative interface on the devices. Using specially crafted HTTP requests, it is possible to cause the device to no longer respond. This requires the device to be turned off, and then back on again, to which the printer will display a message about not being properly turned off, on the display (if model has a display).
I have disclosed all 3 of these issues to Canon, and unfortunately they do not feel it is necessary to fix them (In all fairness, they're not super high severity). More details, along with PoC and Metasploit modules are available here: * http://www.mattandreko.com/2013/06/canon-y-u-no-security.html*
Timeline: May 27, 2013: Initial Email to vendor's support May 28, 2013: Vendor support emailed for additional details May 28, 2013: Sent a proof-of-concept exploit for the DoS vulnerability to vendor May 30, 2013: Vendor escalated issue internally June 4, 2013: Vendor notification that issue has been escalated to manufacturer June 14, 2013: Vendor notification that they will not fix issues June 18, 2013: Public Disclosure
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201306-0343",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mx870 printer",
"scope": "eq",
"trust": 1.6,
"vendor": "canon",
"version": null
},
{
"model": "mp495 printer",
"scope": "eq",
"trust": 1.6,
"vendor": "canon",
"version": null
},
{
"model": "mg6100 printer",
"scope": "eq",
"trust": 1.6,
"vendor": "canon",
"version": null
},
{
"model": "mx922 printer",
"scope": "eq",
"trust": 1.6,
"vendor": "canon",
"version": null
},
{
"model": "mp340 printer",
"scope": "eq",
"trust": 1.6,
"vendor": "canon",
"version": null
},
{
"model": "mx890 printer",
"scope": "eq",
"trust": 1.6,
"vendor": "canon",
"version": null
},
{
"model": "mg3100 printer",
"scope": "eq",
"trust": 1.6,
"vendor": "canon",
"version": null
},
{
"model": "mx920 printer",
"scope": "eq",
"trust": 1.6,
"vendor": "canon",
"version": null
},
{
"model": "mg5300 printer",
"scope": "eq",
"trust": 1.6,
"vendor": "canon",
"version": null
},
{
"model": "pixma mp495",
"scope": null,
"trust": 0.8,
"vendor": "canon",
"version": null
},
{
"model": "pixma mx340",
"scope": null,
"trust": 0.8,
"vendor": "canon",
"version": null
},
{
"model": "pixma mx920",
"scope": null,
"trust": 0.8,
"vendor": "canon",
"version": null
},
{
"model": "pixma mx922",
"scope": null,
"trust": 0.8,
"vendor": "canon",
"version": null
},
{
"model": "pixus mg3130",
"scope": null,
"trust": 0.8,
"vendor": "canon",
"version": null
},
{
"model": "pixus mg5330",
"scope": null,
"trust": 0.8,
"vendor": "canon",
"version": null
},
{
"model": "pixus mg6130",
"scope": null,
"trust": 0.8,
"vendor": "canon",
"version": null
},
{
"model": "pixus mx870",
"scope": null,
"trust": 0.8,
"vendor": "canon",
"version": null
},
{
"model": "pixus mx893",
"scope": null,
"trust": 0.8,
"vendor": "canon",
"version": null
},
{
"model": "printer mg3100",
"scope": null,
"trust": 0.6,
"vendor": "canon",
"version": null
},
{
"model": "printer mg5300",
"scope": null,
"trust": 0.6,
"vendor": "canon",
"version": null
},
{
"model": "printer mg6100",
"scope": null,
"trust": 0.6,
"vendor": "canon",
"version": null
},
{
"model": "printer mp495",
"scope": null,
"trust": 0.6,
"vendor": "canon",
"version": null
},
{
"model": "printer mx340",
"scope": null,
"trust": 0.6,
"vendor": "canon",
"version": null
},
{
"model": "printer mx870",
"scope": null,
"trust": 0.6,
"vendor": "canon",
"version": null
},
{
"model": "printer mx890",
"scope": null,
"trust": 0.6,
"vendor": "canon",
"version": null
},
{
"model": "printer mx920",
"scope": null,
"trust": 0.6,
"vendor": "canon",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-07717"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003112"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-389"
},
{
"db": "NVD",
"id": "CVE-2013-4614"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:canon:mp495_printer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:canon:mp340_printer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:canon:mx920_printer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:canon:mx922_printer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:canon:mg3100_printer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:canon:mg5300_printer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:canon:mg6100_printer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:canon:mx870_printer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:canon:mx890_printer",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003112"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Matt Andreko",
"sources": [
{
"db": "BID",
"id": "60601"
},
{
"db": "PACKETSTORM",
"id": "122073"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-389"
}
],
"trust": 1.0
},
"cve": "CVE-2013-4614",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2013-4614",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-07717",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-64616",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-4614",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2013-4614",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNVD",
"id": "CNVD-2013-07717",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201306-389",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-64616",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-07717"
},
{
"db": "VULHUB",
"id": "VHN-64616"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003112"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-389"
},
{
"db": "NVD",
"id": "CVE-2013-4614"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "English/pages_MacUS/wls_set_content.html on the Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers shows the Wi-Fi PSK passphrase in cleartext, which allows physically proximate attackers to obtain sensitive information by reading the screen of an unattended workstation. Canon Printer is a printer developed by Canon. Multiple Canon Printers are prone to an information-disclosure vulnerability. A vulnerability exists in English/pages_MacUS/wls_set_content.html in Canon printers due to the program displaying Wi-Fi PSK passwords in clear text. Vulnerabilities exist in the following models: MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, MX922. The below 3 issues have been tested and verified working on the following\nCanon Printer models (May affect more, but this is all I was able to test\nagainst):\nMG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920\n\n#1 (CVE-2013-4613): Canon printers do not require a password for the\nadministrative interfaces by default. Unauthorized users on the network may\nconfigure the printer. If the printer is exposed to the public internet,\nanonymous users may make configuration changes as well. This should be\ncorrected by requiring a password, even if only a default, but should\nrecommend users to change it upon initial setup of the device. \n\n#2 (CVE-2013-4614): The administrative interface on these printers allow a\nuser to enter a WEP/WPA/WPA2 pre-shared key. Once a key is entered, when a\nuser browses the configuration page again, they can view the current\npassword in clear-text. Once a password is configured, it should not allow\nthe user to read it again. If the user wants to change the password, they\nshould be required to enter a new one, which then overwrites the old one. \n\n#3 (CVE-2013-4615): There is a denial of service condition in the\nadministrative interface on the devices. Using specially crafted HTTP\nrequests, it is possible to cause the device to no longer respond. This\nrequires the device to be turned off, and then back on again, to which the\nprinter will display a message about not being properly turned off, on the\ndisplay (if model has a display). \n\nI have disclosed all 3 of these issues to Canon, and unfortunately they do\nnot feel it is necessary to fix them (In all fairness, they\u0027re not super\nhigh severity). More details, along with PoC and Metasploit modules are\navailable here: *\nhttp://www.mattandreko.com/2013/06/canon-y-u-no-security.html*\n\nTimeline:\nMay 27, 2013: Initial Email to vendor\u0027s support\nMay 28, 2013: Vendor support emailed for additional details\nMay 28, 2013: Sent a proof-of-concept exploit for the DoS vulnerability to\nvendor\nMay 30, 2013: Vendor escalated issue internally\nJune 4, 2013: Vendor notification that issue has been escalated to\nmanufacturer\nJune 14, 2013: Vendor notification that they will not fix issues\nJune 18, 2013: Public Disclosure\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-4614"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003112"
},
{
"db": "CNVD",
"id": "CNVD-2013-07717"
},
{
"db": "BID",
"id": "60601"
},
{
"db": "VULHUB",
"id": "VHN-64616"
},
{
"db": "PACKETSTORM",
"id": "122073"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-4614",
"trust": 3.5
},
{
"db": "BID",
"id": "60601",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003112",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201306-389",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2013-07717",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20130618 CANON WIRELESS PRINTER DISCLOSURE \u0026 DOS",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-64616",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "122073",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-07717"
},
{
"db": "VULHUB",
"id": "VHN-64616"
},
{
"db": "BID",
"id": "60601"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003112"
},
{
"db": "PACKETSTORM",
"id": "122073"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-389"
},
{
"db": "NVD",
"id": "CVE-2013-4614"
}
]
},
"id": "VAR-201306-0343",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-07717"
},
{
"db": "VULHUB",
"id": "VHN-64616"
}
],
"trust": 1.4083333625
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-07717"
}
]
},
"last_update_date": "2025-04-11T22:48:46.164000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "PIXUS \u5546\u54c1\u4e00\u89a7",
"trust": 0.8,
"url": "http://cweb.canon.jp/pixus/lineup/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003112"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-64616"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003112"
},
{
"db": "NVD",
"id": "CVE-2013-4614"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.mattandreko.com/2013/06/canon-y-u-no-security.html"
},
{
"trust": 2.5,
"url": "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/canon_wireless.rb"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0146.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4614"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4614"
},
{
"trust": 0.6,
"url": "http://seclists.org/fulldisclosure/2013/jun/145"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/60601"
},
{
"trust": 0.3,
"url": "http://www.canon.com/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4614"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4615"
},
{
"trust": 0.1,
"url": "http://www.mattandreko.com/2013/06/canon-y-u-no-security.html*"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4613"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-07717"
},
{
"db": "VULHUB",
"id": "VHN-64616"
},
{
"db": "BID",
"id": "60601"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003112"
},
{
"db": "PACKETSTORM",
"id": "122073"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-389"
},
{
"db": "NVD",
"id": "CVE-2013-4614"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-07717"
},
{
"db": "VULHUB",
"id": "VHN-64616"
},
{
"db": "BID",
"id": "60601"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003112"
},
{
"db": "PACKETSTORM",
"id": "122073"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-389"
},
{
"db": "NVD",
"id": "CVE-2013-4614"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-06-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-07717"
},
{
"date": "2013-06-21T00:00:00",
"db": "VULHUB",
"id": "VHN-64616"
},
{
"date": "2013-06-18T00:00:00",
"db": "BID",
"id": "60601"
},
{
"date": "2013-06-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003112"
},
{
"date": "2013-06-18T14:23:23",
"db": "PACKETSTORM",
"id": "122073"
},
{
"date": "2013-06-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201306-389"
},
{
"date": "2013-06-21T21:55:01.033000",
"db": "NVD",
"id": "CVE-2013-4614"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-08-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-07717"
},
{
"date": "2013-06-24T00:00:00",
"db": "VULHUB",
"id": "VHN-64616"
},
{
"date": "2013-06-18T00:00:00",
"db": "BID",
"id": "60601"
},
{
"date": "2013-06-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003112"
},
{
"date": "2013-09-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201306-389"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2013-4614"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201306-389"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Canon Vulnerability in collecting important information in printers",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003112"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201306-389"
}
],
"trust": 0.6
}
}
VAR-200703-0270
Vulnerability from variot - Updated: 2025-04-10 23:14Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via an IFRAME with a certain XML file and XSL stylesheet that triggers a crash in mshtml.dll when a refresh is called, probably a null pointer dereference. Microsoft Internet Explorer is prone to a denial-of-service vulnerability when handling malicious HTML files. Successfully exploiting this issue allows attackers to consume excessive CPU resources in the affected browser and eventually cause Internet Explorer to crash, causing a denial-of-service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200703-0270",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "network camera server vb101",
"scope": null,
"trust": 1.4,
"vendor": "canon",
"version": null
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 1.3,
"vendor": "microsoft",
"version": "6.0"
},
{
"model": "ie",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0.2900.2180"
},
{
"model": "ie",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.0"
},
{
"model": "network camera server vb101",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": "*"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0.2600"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0.2800.1106"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0.2900"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "6"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0.2800"
},
{
"model": "ie",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "7"
},
{
"model": "ie",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "6"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.0"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "6.0 and 7.0"
},
{
"model": "internet explorer beta3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "7.0"
},
{
"model": "internet explorer beta2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "7.0"
},
{
"model": "internet explorer beta1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "7.0"
},
{
"model": "internet explorer sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "6.0"
}
],
"sources": [
{
"db": "BID",
"id": "19364"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003110"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-042"
},
{
"db": "NVD",
"id": "CVE-2006-7065"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:canon:network_camera_server_vb101",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:microsoft:internet_explorer",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-003110"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Thomas Pollet is credited with the discovery of this issue.",
"sources": [
{
"db": "BID",
"id": "19364"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-042"
}
],
"trust": 0.9
},
"cve": "CVE-2006-7065",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2006-7065",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-23173",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2006-7065",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2006-7065",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200703-042",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-23173",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-23173"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003110"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-042"
},
{
"db": "NVD",
"id": "CVE-2006-7065"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via an IFRAME with a certain XML file and XSL stylesheet that triggers a crash in mshtml.dll when a refresh is called, probably a null pointer dereference. Microsoft Internet Explorer is prone to a denial-of-service vulnerability when handling malicious HTML files. \nSuccessfully exploiting this issue allows attackers to consume excessive CPU resources in the affected browser and eventually cause Internet Explorer to crash, causing a denial-of-service",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-7065"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003110"
},
{
"db": "BID",
"id": "19364"
},
{
"db": "VULHUB",
"id": "VHN-23173"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-23173",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-23173"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2006-7065",
"trust": 2.8
},
{
"db": "BID",
"id": "19364",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003110",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200703-042",
"trust": 0.7
},
{
"db": "EXPLOIT-DB",
"id": "28343",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-81914",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-23173",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-23173"
},
{
"db": "BID",
"id": "19364"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003110"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-042"
},
{
"db": "NVD",
"id": "CVE-2006-7065"
}
]
},
"id": "VAR-200703-0270",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-23173"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-10T23:14:19.887000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://canon.jp/"
},
{
"title": "Internet Explorer",
"trust": 0.8,
"url": "http://windows.microsoft.com/en-US/internet-explorer/downloads/ie"
},
{
"title": "Microsoft Internet Explorer Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=157784"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-003110"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-042"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-7065"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/19364"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0163.html"
},
{
"trust": 1.7,
"url": "http://www3.ca.com/be/securityadvisor/vulninfo/vuln.aspx?id=34511"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-7065"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-7065"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/windows/ie/default.mspx"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-23173"
},
{
"db": "BID",
"id": "19364"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003110"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-042"
},
{
"db": "NVD",
"id": "CVE-2006-7065"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-23173"
},
{
"db": "BID",
"id": "19364"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003110"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-042"
},
{
"db": "NVD",
"id": "CVE-2006-7065"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-03-02T00:00:00",
"db": "VULHUB",
"id": "VHN-23173"
},
{
"date": "2006-08-06T00:00:00",
"db": "BID",
"id": "19364"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-003110"
},
{
"date": "2007-03-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200703-042"
},
{
"date": "2007-03-02T21:18:00",
"db": "NVD",
"id": "CVE-2006-7065"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-23173"
},
{
"date": "2016-07-06T14:40:00",
"db": "BID",
"id": "19364"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-003110"
},
{
"date": "2021-07-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200703-042"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2006-7065"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200703-042"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft Internet Explorer 6 and 7 Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-003110"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200703-042"
}
],
"trust": 0.6
}
}
VAR-200705-0404
Vulnerability from variot - Updated: 2025-04-10 23:03Cross-site scripting (XSS) vulnerability in the management interface in Canon Network Camera Server VB100 and VB101 with firmware 3.0 R69 and earlier, and VB150 with firmware 1.1 R39 and earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Exploiting this issue may help the attacker steal cookie-based authentication credentials and launch other attacks.
Secunia customers receive relevant and filtered advisories. Delivery is done via different channels including SMS, Email, Web, and https based XML feed.
Input passed to certain parameters is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
SOLUTION: Update to the latest firmware versions.
VB100 V3.0 R71: http://cweb.canon.jp/drv-upd/webview/vb100farm.html
VB101 V3.0 R71: http://cweb.canon.jp/drv-upd/webview/vb101farm.html
VB150 V1.1 R41: http://cweb.canon.jp/drv-upd/webview/vb150farm.html
PROVIDED AND/OR DISCOVERED BY: Reported in a JVN repository.
ORIGINAL ADVISORY: Canon: http://cweb.canon.jp/drv-upd/webview/notification.html
OTHER REFERENCES: JVN#06735665: http://jvn.jp/jp/JVN%2306735665/
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200705-0404",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "network camera server vb150",
"scope": "eq",
"trust": 1.6,
"vendor": "canon",
"version": "1.1"
},
{
"model": "network camera server vb100",
"scope": "eq",
"trust": 1.6,
"vendor": "canon",
"version": "3.0"
},
{
"model": "network camera server vb101",
"scope": "eq",
"trust": 1.6,
"vendor": "canon",
"version": "3.0"
},
{
"model": "network camera server",
"scope": "lte",
"trust": 0.8,
"vendor": "canon",
"version": "vb100 and vb101 firmware ver. 3.0 rev.69"
},
{
"model": "network camera server",
"scope": "lte",
"trust": 0.8,
"vendor": "canon",
"version": "vb150 firmware ver. 1.1 rev.39"
},
{
"model": "network camera server vb150 firm r39",
"scope": "eq",
"trust": 0.3,
"vendor": "canon",
"version": "v1.1"
},
{
"model": "network camera server vb101 firm r69",
"scope": "eq",
"trust": 0.3,
"vendor": "canon",
"version": "v3.0"
},
{
"model": "network camera server vb100 firm r69",
"scope": "eq",
"trust": 0.3,
"vendor": "canon",
"version": "v3.0"
},
{
"model": "network camera server vb150 firm r41",
"scope": "ne",
"trust": 0.3,
"vendor": "canon",
"version": "v1.1"
},
{
"model": "network camera server vb101 firm r71",
"scope": "ne",
"trust": 0.3,
"vendor": "canon",
"version": "v3.0"
},
{
"model": "network camera server vb100 firm r71",
"scope": "ne",
"trust": 0.3,
"vendor": "canon",
"version": "v3.0"
}
],
"sources": [
{
"db": "BID",
"id": "23560"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000301"
},
{
"db": "CNNVD",
"id": "CNNVD-200705-282"
},
{
"db": "NVD",
"id": "CVE-2007-2680"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:canon:network_camera_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-000301"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "JVN is credited with the discovery of this vulnerability.",
"sources": [
{
"db": "BID",
"id": "23560"
},
{
"db": "CNNVD",
"id": "CNNVD-200705-282"
}
],
"trust": 0.9
},
"cve": "CVE-2007-2680",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2007-2680",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 2.6,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2007-000301",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-26042",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2007-2680",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2007-000301",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNNVD",
"id": "CNNVD-200705-282",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-26042",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26042"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000301"
},
{
"db": "CNNVD",
"id": "CNNVD-200705-282"
},
{
"db": "NVD",
"id": "CVE-2007-2680"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in the management interface in Canon Network Camera Server VB100 and VB101 with firmware 3.0 R69 and earlier, and VB150 with firmware 1.1 R39 and earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. \nExploiting this issue may help the attacker steal cookie-based authentication credentials and launch other attacks. \n\n----------------------------------------------------------------------\n\nSecunia customers receive relevant and filtered advisories. \nDelivery is done via different channels including SMS, Email, Web,\nand https based XML feed. \n\nInput passed to certain parameters is not properly sanitised before\nbeing returned to the user. This can be exploited to execute\narbitrary HTML and script code in a user\u0027s browser session in context\nof an affected site. \n\nSOLUTION:\nUpdate to the latest firmware versions. \n\nVB100 V3.0 R71:\nhttp://cweb.canon.jp/drv-upd/webview/vb100farm.html\n\nVB101 V3.0 R71:\nhttp://cweb.canon.jp/drv-upd/webview/vb101farm.html\n\nVB150 V1.1 R41:\nhttp://cweb.canon.jp/drv-upd/webview/vb150farm.html\n\nPROVIDED AND/OR DISCOVERED BY:\nReported in a JVN repository. \n\nORIGINAL ADVISORY:\nCanon:\nhttp://cweb.canon.jp/drv-upd/webview/notification.html\n\nOTHER REFERENCES:\nJVN#06735665:\nhttp://jvn.jp/jp/JVN%2306735665/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-2680"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000301"
},
{
"db": "BID",
"id": "23560"
},
{
"db": "VULHUB",
"id": "VHN-26042"
},
{
"db": "PACKETSTORM",
"id": "56086"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "SECUNIA",
"id": "24940",
"trust": 2.6
},
{
"db": "NVD",
"id": "CVE-2007-2680",
"trust": 2.5
},
{
"db": "BID",
"id": "23560",
"trust": 2.0
},
{
"db": "OSVDB",
"id": "35019",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2007-1461",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVN06735665",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000301",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200705-282",
"trust": 0.7
},
{
"db": "JVN",
"id": "JVN#06735665",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-26042",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "56086",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26042"
},
{
"db": "BID",
"id": "23560"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000301"
},
{
"db": "PACKETSTORM",
"id": "56086"
},
{
"db": "CNNVD",
"id": "CNNVD-200705-282"
},
{
"db": "NVD",
"id": "CVE-2007-2680"
}
]
},
"id": "VAR-200705-0404",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-26042"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-10T23:03:42.479000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "2007/4/19",
"trust": 0.8,
"url": "http://cweb.canon.jp/drv-upd/webview/notification.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-000301"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-2680"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://cweb.canon.jp/drv-upd/webview/notification.html"
},
{
"trust": 2.1,
"url": "http://jvn.jp/jp/jvn%2306735665/"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/23560"
},
{
"trust": 1.7,
"url": "http://osvdb.org/35019"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/24940"
},
{
"trust": 1.4,
"url": "http://www.frsirt.com/english/advisories/2007/1461"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2007/1461"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/24940/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2680"
},
{
"trust": 0.8,
"url": "http://jvn.jp/en/jp/jvn06735665/index.html"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-2680"
},
{
"trust": 0.4,
"url": "http://cweb.canon.jp/drv-upd/webview/vb100farm.html"
},
{
"trust": 0.4,
"url": "http://cweb.canon.jp/drv-upd/webview/vb101farm.html"
},
{
"trust": 0.4,
"url": "http://cweb.canon.jp/drv-upd/webview/vb150farm.html"
},
{
"trust": 0.3,
"url": "http://www.canon.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://corporate.secunia.com/trial/38/request/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14000/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14002/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14001/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26042"
},
{
"db": "BID",
"id": "23560"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000301"
},
{
"db": "PACKETSTORM",
"id": "56086"
},
{
"db": "CNNVD",
"id": "CNNVD-200705-282"
},
{
"db": "NVD",
"id": "CVE-2007-2680"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-26042"
},
{
"db": "BID",
"id": "23560"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000301"
},
{
"db": "PACKETSTORM",
"id": "56086"
},
{
"db": "CNNVD",
"id": "CNNVD-200705-282"
},
{
"db": "NVD",
"id": "CVE-2007-2680"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-05-15T00:00:00",
"db": "VULHUB",
"id": "VHN-26042"
},
{
"date": "2007-04-18T00:00:00",
"db": "BID",
"id": "23560"
},
{
"date": "2008-05-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-000301"
},
{
"date": "2007-04-20T06:48:40",
"db": "PACKETSTORM",
"id": "56086"
},
{
"date": "2007-05-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200705-282"
},
{
"date": "2007-05-15T00:19:00",
"db": "NVD",
"id": "CVE-2007-2680"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-03-08T00:00:00",
"db": "VULHUB",
"id": "VHN-26042"
},
{
"date": "2007-04-19T20:51:00",
"db": "BID",
"id": "23560"
},
{
"date": "2008-05-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-000301"
},
{
"date": "2007-06-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200705-282"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2007-2680"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200705-282"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Canon Network Camera Server VB100 Series vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-000301"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "56086"
},
{
"db": "CNNVD",
"id": "CNNVD-200705-282"
}
],
"trust": 0.7
}
}
VAR-200512-0322
Vulnerability from variot - Updated: 2025-04-03 22:39Internet Explorer 6.0, and possibly other versions, allows remote attackers to bypass the same origin security policy and make requests outside of the intended domain by calling open on an XMLHttpRequest object (Microsoft.XMLHTTP) and using tab, newline, and carriage return characters within the first argument (method name), which is supported by some proxy servers that convert tabs to spaces. NOTE: this issue can be leveraged to conduct referer spoofing, HTTP Request Smuggling, and other attacks. Microsoft Internet Explorer is prone to a weakness that permits the injection of arbitrary HTTP requests due to improper verification of parameters passed to XmlHttpRequest. An attacker may craft a website that instantiates the affected control and forces the browser to request a site on the same host (or another host in case a forwarding proxy is employed). The attacker would then intercept the response and steal sensitive data to aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200512-0322",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ie",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "6.0"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 1.3,
"vendor": "microsoft",
"version": "6.0"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "6"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0.2600"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0.2900.2180"
},
{
"model": "ie",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "6"
},
{
"model": "network camera server vb101",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": "*"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0.2800"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0.2800.1106"
},
{
"model": "ie",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "6.0.2800"
},
{
"model": "ie",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "6.0.2600"
},
{
"model": "ie",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "6.0.2800.1106"
},
{
"model": "ie",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "6.0.2900.2180"
},
{
"model": "internet explorer sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "6.0"
}
],
"sources": [
{
"db": "BID",
"id": "14969"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-877"
},
{
"db": "NVD",
"id": "CVE-2005-4827"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovery is credited to Amit Klein.",
"sources": [
{
"db": "BID",
"id": "14969"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-877"
}
],
"trust": 0.9
},
"cve": "CVE-2005-4827",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2005-4827",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-16035",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2005-4827",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200512-877",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-16035",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-16035"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-877"
},
{
"db": "NVD",
"id": "CVE-2005-4827"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Internet Explorer 6.0, and possibly other versions, allows remote attackers to bypass the same origin security policy and make requests outside of the intended domain by calling open on an XMLHttpRequest object (Microsoft.XMLHTTP) and using tab, newline, and carriage return characters within the first argument (method name), which is supported by some proxy servers that convert tabs to spaces. NOTE: this issue can be leveraged to conduct referer spoofing, HTTP Request Smuggling, and other attacks. Microsoft Internet Explorer is prone to a weakness that permits the injection of arbitrary HTTP requests due to improper verification of parameters passed to XmlHttpRequest. \nAn attacker may craft a website that instantiates the affected control and forces the browser to request a site on the same host (or another host in case a forwarding proxy is employed). The attacker would then intercept the response and steal sensitive data to aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-4827"
},
{
"db": "BID",
"id": "14969"
},
{
"db": "VULHUB",
"id": "VHN-16035"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2005-4827",
"trust": 2.0
},
{
"db": "BID",
"id": "14969",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-200512-877",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-16035",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-16035"
},
{
"db": "BID",
"id": "14969"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-877"
},
{
"db": "NVD",
"id": "CVE-2005-4827"
}
]
},
"id": "VAR-200512-0322",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-16035"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:39:49.364000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-4827"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/14969"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/411585"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/459172/100/0/threaded"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2007/feb/0081.html"
},
{
"trust": 0.3,
"url": "/archive/1/411585"
},
{
"trust": 0.3,
"url": "/archive/1/459172"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-16035"
},
{
"db": "BID",
"id": "14969"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-877"
},
{
"db": "NVD",
"id": "CVE-2005-4827"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-16035"
},
{
"db": "BID",
"id": "14969"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-877"
},
{
"db": "NVD",
"id": "CVE-2005-4827"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-16035"
},
{
"date": "2005-09-24T00:00:00",
"db": "BID",
"id": "14969"
},
{
"date": "2005-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200512-877"
},
{
"date": "2005-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2005-4827"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-16035"
},
{
"date": "2015-05-12T19:52:00",
"db": "BID",
"id": "14969"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200512-877"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2005-4827"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-877"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft Internet Explorer XmlHttpRequest Parameter validation vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-877"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-877"
}
],
"trust": 0.6
}
}
VAR-200607-0093
Vulnerability from variot - Updated: 2025-04-03 22:36Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Filter property of an ADODB.Recordset ActiveX object to certain values multiple times, which triggers a null dereference. Microsoft Internet Explorer is prone to a denial-of-service condition when processing the 'ADODB.Recordset Filter Property' COM object. A successful attack may cause the browser to fail due to a null-pointer dereference. Microsoft Internet Explorer is a very popular WEB browser released by Microsoft. When the properties of the ADODB.Recordset ActiveX object are assigned different values three times, the null pointer reference problem will be triggered. If the user is tricked into accessing a malicious WEB page containing malformed ActiveX reference code, it will cause IE to deny service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200607-0093",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ie",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "6"
},
{
"model": "ie",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "6.0"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 1.3,
"vendor": "microsoft",
"version": "6.0"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "6"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0.2600"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0.2900.2180"
},
{
"model": "network camera server vb101",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": "*"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0.2800"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0.2800.1106"
},
{
"model": "ie",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "6.0.2900.2180"
},
{
"model": "ie",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "6.0.2800"
},
{
"model": "ie",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "6.0.2600"
},
{
"model": "ie",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "6.0.2800.1106"
},
{
"model": "internet explorer sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "6.0"
}
],
"sources": [
{
"db": "BID",
"id": "18773"
},
{
"db": "CNNVD",
"id": "CNNVD-200607-017"
},
{
"db": "NVD",
"id": "CVE-2006-3354"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "H D Moore hdm@metasploit.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200607-017"
}
],
"trust": 0.6
},
"cve": "CVE-2006-3354",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2006-3354",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-19462",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2006-3354",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200607-017",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-19462",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-19462"
},
{
"db": "CNNVD",
"id": "CNNVD-200607-017"
},
{
"db": "NVD",
"id": "CVE-2006-3354"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Filter property of an ADODB.Recordset ActiveX object to certain values multiple times, which triggers a null dereference. Microsoft Internet Explorer is prone to a denial-of-service condition when processing the \u0027ADODB.Recordset Filter Property\u0027 COM object. \nA successful attack may cause the browser to fail due to a null-pointer dereference. Microsoft Internet Explorer is a very popular WEB browser released by Microsoft. When the properties of the ADODB.Recordset ActiveX object are assigned different values \u200b\u200bthree times, the null pointer reference problem will be triggered. If the user is tricked into accessing a malicious WEB page containing malformed ActiveX reference code, it will cause IE to deny service",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-3354"
},
{
"db": "BID",
"id": "18773"
},
{
"db": "VULHUB",
"id": "VHN-19462"
}
],
"trust": 1.26
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-19462",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-19462"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "18773",
"trust": 2.0
},
{
"db": "OSVDB",
"id": "26834",
"trust": 1.7
},
{
"db": "NVD",
"id": "CVE-2006-3354",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200607-017",
"trust": 0.7
},
{
"db": "EXPLOIT-DB",
"id": "28145",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-19462",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-19462"
},
{
"db": "BID",
"id": "18773"
},
{
"db": "CNNVD",
"id": "CNNVD-200607-017"
},
{
"db": "NVD",
"id": "CVE-2006-3354"
}
]
},
"id": "VAR-200607-0093",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-19462"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:36:08.827000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-3354"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://browserfun.blogspot.com/2006/07/mobb-1-adodbrecordset-filter-property.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/18773"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/26834"
},
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27596"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/windows/ie/default.mspx"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-19462"
},
{
"db": "BID",
"id": "18773"
},
{
"db": "CNNVD",
"id": "CNNVD-200607-017"
},
{
"db": "NVD",
"id": "CVE-2006-3354"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-19462"
},
{
"db": "BID",
"id": "18773"
},
{
"db": "CNNVD",
"id": "CNNVD-200607-017"
},
{
"db": "NVD",
"id": "CVE-2006-3354"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-07-06T00:00:00",
"db": "VULHUB",
"id": "VHN-19462"
},
{
"date": "2006-07-03T00:00:00",
"db": "BID",
"id": "18773"
},
{
"date": "2006-07-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200607-017"
},
{
"date": "2006-07-06T01:05:00",
"db": "NVD",
"id": "CVE-2006-3354"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-20T00:00:00",
"db": "VULHUB",
"id": "VHN-19462"
},
{
"date": "2006-07-04T20:54:00",
"db": "BID",
"id": "18773"
},
{
"date": "2021-07-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200607-017"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2006-3354"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200607-017"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft Internet Explorer ADODB.Recordset Null pointer reference denial of service vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200607-017"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200607-017"
}
],
"trust": 0.6
}
}
VAR-200604-0205
Vulnerability from variot - Updated: 2025-04-03 21:50Microsoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts of the trust UI via unknown methods that allow "window content to persist" after the user has navigated to another site, aka the "Address Bar Spoofing Vulnerability." NOTE: this is a different vulnerability than CVE-2006-1626. Microsoft Internet Explorer is prone to address-bar spoofing. Attackers may exploit this via a malicious web page to spoof the contents of a page that the victim may trust. This vulnerability may be useful in phishing or other attacks that rely on content spoofing.
TITLE: Internet Explorer Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA18957
VERIFY ADVISORY: http://secunia.com/advisories/18957/
CRITICAL: Highly critical
IMPACT: Spoofing, System access, Cross Site Scripting
WHERE:
From remote
SOFTWARE: Microsoft Internet Explorer 5.5 http://secunia.com/product/10/ Microsoft Internet Explorer 5.01 http://secunia.com/product/9/ Microsoft Internet Explorer 6.x http://secunia.com/product/11/
DESCRIPTION: Multiple vulnerabilities have been reported in Internet Explorer, which can be exploited by malicious people to conduct cross-site scripting attacks, conduct phishing attacks, or compromise a user's system.
1) An error in the cross-domain restriction when accessing properties of certain dynamically created objects can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an arbitrary site via a JavaScript URI handler applied on a dynamically created "object" tag.
2) An error within the handling of multiple event handlers (e.g. onLoad) in an HTML element can be exploited to corrupt memory in a way that may allow execution of arbitrary code.
3) An error within the parsing of specially crafted, non-valid HTML can be exploited to corrupt memory in a way that allows execution of arbitrary code when a malicious HTML document is viewed.
4) An error within the instantiation of COM objects that are not intended to be instantiated in Internet Explorer can be exploited to corrupt memory in a way that allows execution of arbitrary code.
5) An error within the handling of HTML elements containing a specially crafted tag can be exploited to corrupt memory in a way that allows execution of arbitrary code.
6) An error within the handling of double-byte characters in specially crafted URLs can be exploited to corrupt memory in a way that allows execution of arbitrary code.
Successful exploitation requires that the system uses double-byte character sets.
7) An error in the way IOleClientSite information is returned when an embedded object is dynamically created can be exploited to execute arbitrary code in context of another site or security zone.
8) An unspecified error can be exploited to spoof information displayed in the address bar and other parts of the trust UI.
9) Some unspecified vulnerabilities exist in the two ActiveX controls included with Danim.dll and Dxtmsft.dll.
SOLUTION: Apply patches.
Internet Explorer 5.01 SP4 on Windows 2000 SP4: http://www.microsoft.com/downloa...7B87-AF8F-4346-9164-596E3E5C22B1
Internet Explorer 6 SP1 on Windows 2000 SP4 or Windows XP SP1: http://www.microsoft.com/downloa...41E1-2B36-4696-987A-099FC57E0129
Internet Explorer 6 for Windows XP SP2: http://www.microsoft.com/downloa...FB31-E6B4-4771-81F1-4ACCEBF72133
Internet Explorer 6 for Windows Server 2003 and Windows Server 2003 SP1: http://www.microsoft.com/downloa...6871-D217-41D3-BECC-B27FAFA00054
Internet Explorer 6 for Windows Server 2003 for Itanium-based systems and Windows Server 2003 with SP1 for Itanium-based systems: http://www.microsoft.com/downloa...957C-0ABE-4129-ABAF-AA2852AD62A3
Internet Explorer 6 for Windows Server 2003 x64 Edition: http://www.microsoft.com/downloa...8BE3-39EE-4937-9BD1-280FC35125C6
Internet Explorer 6 for Windows XP Professional x64 Edition: http://www.microsoft.com/downloa...FE3E-620A-4BBC-868B-CA2D9EFF7AC3
Internet Explorer 6 SP1 on Windows 98, Windows 98 SE, or Windows ME: Patches are available via the Microsoft Update Web site or the Windows Update Web site.
PROVIDED AND/OR DISCOVERED BY: 1) Discovered by anonymous person. 2) Michal Zalewski 3) The vendor credits Jan P. Monsch, Compass Security Network Computing. 4) The vendor credits Richard M. Smith, Boston Software Forensics. 5) The vendor credits Thomas Waldegger. 6) The vendor credits Sowhat, Nevis Labs. 7) The vendor credits Heiko Schultze, SAP. 9) The vendor credits Will Dormann, CERT/CC.
ORIGINAL ADVISORY: MS06-013 (KB912812): http://www.microsoft.com/technet/security/Bulletin/MS06-013.mspx
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200604-0205",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "internet explorer",
"scope": "eq",
"trust": 1.8,
"vendor": "microsoft",
"version": "6"
},
{
"model": "ie",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "6"
},
{
"model": "ie",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "5.01"
},
{
"model": "network camera server vb101",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": "*"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "5.01"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "6 for windows server 2003"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "6 for windows server 2003 for itanium-based systems"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "6 for windows server 2003 x64 edition"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "6 for windows xp"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "6 for windows xp professional x64 edition"
},
{
"model": "internet explorer sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "5.0.1"
},
{
"model": "internet explorer sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "5.0.1"
},
{
"model": "internet explorer sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "5.0.1"
},
{
"model": "internet explorer sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "5.0.1"
},
{
"model": "internet explorer for windows nt",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "5.0.14.0"
},
{
"model": "internet explorer for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "5.0.198"
},
{
"model": "internet explorer for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "5.0.195"
},
{
"model": "internet explorer for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "5.0.12000"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "5.0.1"
},
{
"model": "internet explorer sp2 do not use",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "6.0-"
},
{
"model": "internet explorer sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "6.0"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "6.0"
}
],
"sources": [
{
"db": "BID",
"id": "17460"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000178"
},
{
"db": "CNNVD",
"id": "CNNVD-200604-160"
},
{
"db": "NVD",
"id": "CVE-2006-1192"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microsoft:internet_explorer",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-000178"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200604-160"
}
],
"trust": 0.6
},
"cve": "CVE-2006-1192",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "CVE-2006-1192",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "VHN-17300",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2006-1192",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2006-1192",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNNVD",
"id": "CNNVD-200604-160",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-17300",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-17300"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000178"
},
{
"db": "CNNVD",
"id": "CNNVD-200604-160"
},
{
"db": "NVD",
"id": "CVE-2006-1192"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts of the trust UI via unknown methods that allow \"window content to persist\" after the user has navigated to another site, aka the \"Address Bar Spoofing Vulnerability.\" NOTE: this is a different vulnerability than CVE-2006-1626. Microsoft Internet Explorer is prone to address-bar spoofing. Attackers may exploit this via a malicious web page to spoof the contents of a page that the victim may trust. This vulnerability may be useful in phishing or other attacks that rely on content spoofing. \n\nTITLE:\nInternet Explorer Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA18957\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/18957/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nSpoofing, System access, Cross Site Scripting\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nMicrosoft Internet Explorer 5.5\nhttp://secunia.com/product/10/\nMicrosoft Internet Explorer 5.01\nhttp://secunia.com/product/9/\nMicrosoft Internet Explorer 6.x\nhttp://secunia.com/product/11/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Internet Explorer,\nwhich can be exploited by malicious people to conduct cross-site\nscripting attacks, conduct phishing attacks, or compromise a user\u0027s\nsystem. \n\n1) An error in the cross-domain restriction when accessing properties\nof certain dynamically created objects can be exploited to execute\narbitrary HTML and script code in a user\u0027s browser session in context\nof an arbitrary site via a JavaScript URI handler applied on a\ndynamically created \"object\" tag. \n\n2) An error within the handling of multiple event handlers (e.g. \nonLoad) in an HTML element can be exploited to corrupt memory in a\nway that may allow execution of arbitrary code. \n\n3) An error within the parsing of specially crafted, non-valid HTML\ncan be exploited to corrupt memory in a way that allows execution of\narbitrary code when a malicious HTML document is viewed. \n\n4) An error within the instantiation of COM objects that are not\nintended to be instantiated in Internet Explorer can be exploited to\ncorrupt memory in a way that allows execution of arbitrary code. \n\n5) An error within the handling of HTML elements containing a\nspecially crafted tag can be exploited to corrupt memory in a way\nthat allows execution of arbitrary code. \n\n6) An error within the handling of double-byte characters in\nspecially crafted URLs can be exploited to corrupt memory in a way\nthat allows execution of arbitrary code. \n\nSuccessful exploitation requires that the system uses double-byte\ncharacter sets. \n\n7) An error in the way IOleClientSite information is returned when an\nembedded object is dynamically created can be exploited to execute\narbitrary code in context of another site or security zone. \n\n8) An unspecified error can be exploited to spoof information\ndisplayed in the address bar and other parts of the trust UI. \n\n9) Some unspecified vulnerabilities exist in the two ActiveX controls\nincluded with Danim.dll and Dxtmsft.dll. \n\nSOLUTION:\nApply patches. \n\nInternet Explorer 5.01 SP4 on Windows 2000 SP4:\nhttp://www.microsoft.com/downloa...7B87-AF8F-4346-9164-596E3E5C22B1\n\nInternet Explorer 6 SP1 on Windows 2000 SP4 or Windows XP SP1:\nhttp://www.microsoft.com/downloa...41E1-2B36-4696-987A-099FC57E0129\n\nInternet Explorer 6 for Windows XP SP2:\nhttp://www.microsoft.com/downloa...FB31-E6B4-4771-81F1-4ACCEBF72133\n\nInternet Explorer 6 for Windows Server 2003 and Windows Server 2003\nSP1:\nhttp://www.microsoft.com/downloa...6871-D217-41D3-BECC-B27FAFA00054\n\nInternet Explorer 6 for Windows Server 2003 for Itanium-based systems\nand Windows Server 2003 with SP1 for Itanium-based systems:\nhttp://www.microsoft.com/downloa...957C-0ABE-4129-ABAF-AA2852AD62A3\n\nInternet Explorer 6 for Windows Server 2003 x64 Edition:\nhttp://www.microsoft.com/downloa...8BE3-39EE-4937-9BD1-280FC35125C6\n\nInternet Explorer 6 for Windows XP Professional x64 Edition:\nhttp://www.microsoft.com/downloa...FE3E-620A-4BBC-868B-CA2D9EFF7AC3\n\nInternet Explorer 6 SP1 on Windows 98, Windows 98 SE, or Windows ME:\nPatches are available via the Microsoft Update Web site or the\nWindows Update Web site. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Discovered by anonymous person. \n2) Michal Zalewski\n3) The vendor credits Jan P. Monsch, Compass Security Network\nComputing. \n4) The vendor credits Richard M. Smith, Boston Software Forensics. \n5) The vendor credits Thomas Waldegger. \n6) The vendor credits Sowhat, Nevis Labs. \n7) The vendor credits Heiko Schultze, SAP. \n9) The vendor credits Will Dormann, CERT/CC. \n\nORIGINAL ADVISORY:\nMS06-013 (KB912812):\nhttp://www.microsoft.com/technet/security/Bulletin/MS06-013.mspx\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-1192"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000178"
},
{
"db": "BID",
"id": "17460"
},
{
"db": "VULHUB",
"id": "VHN-17300"
},
{
"db": "PACKETSTORM",
"id": "45341"
}
],
"trust": 2.07
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-17300",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-17300"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "17460",
"trust": 2.8
},
{
"db": "NVD",
"id": "CVE-2006-1192",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "18957",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1015899",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2006-1318",
"trust": 1.7
},
{
"db": "SREASON",
"id": "670",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000178",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200604-160",
"trust": 0.7
},
{
"db": "EXPLOIT-DB",
"id": "1838",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-17300",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "45341",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-17300"
},
{
"db": "BID",
"id": "17460"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000178"
},
{
"db": "PACKETSTORM",
"id": "45341"
},
{
"db": "CNNVD",
"id": "CNNVD-200604-160"
},
{
"db": "NVD",
"id": "CVE-2006-1192"
}
]
},
"id": "VAR-200604-0205",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-17300"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T21:50:33.657000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MS06-013",
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/ms06-013.mspx"
},
{
"title": "MS06-013",
"trust": 0.8,
"url": "http://www.microsoft.com/japan/technet/security/bulletin/ms06-013.mspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-000178"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-17300"
},
{
"db": "NVD",
"id": "CVE-2006-1192"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/17460"
},
{
"trust": 1.7,
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a1336"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a1498"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a1645"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a1725"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a1740"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1015899"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/18957"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/670"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2006/1318"
},
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25557"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/18957/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-1192"
},
{
"trust": 0.8,
"url": "http://www.frsirt.com/english/advisories/2006/1318"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2006-1192"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/alerts/id/217"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/alerts/id/220"
},
{
"trust": 0.4,
"url": "http://www.microsoft.com/technet/security/bulletin/ms06-013.mspx"
},
{
"trust": 0.3,
"url": "http://www.mozilla.com/"
},
{
"trust": 0.1,
"url": "http://www.microsoft.com/downloa...fe3e-620a-4bbc-868b-ca2d9eff7ac3"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/10/"
},
{
"trust": 0.1,
"url": "http://www.microsoft.com/downloa...8be3-39ee-4937-9bd1-280fc35125c6"
},
{
"trust": 0.1,
"url": "http://www.microsoft.com/downloa...fb31-e6b4-4771-81f1-4accebf72133"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/9/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/11/"
},
{
"trust": 0.1,
"url": "http://www.microsoft.com/downloa...957c-0abe-4129-abaf-aa2852ad62a3"
},
{
"trust": 0.1,
"url": "http://www.microsoft.com/downloa...7b87-af8f-4346-9164-596e3e5c22b1"
},
{
"trust": 0.1,
"url": "http://www.microsoft.com/downloa...41e1-2b36-4696-987a-099fc57e0129"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://www.microsoft.com/downloa...6871-d217-41d3-becc-b27fafa00054"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-17300"
},
{
"db": "BID",
"id": "17460"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000178"
},
{
"db": "PACKETSTORM",
"id": "45341"
},
{
"db": "CNNVD",
"id": "CNNVD-200604-160"
},
{
"db": "NVD",
"id": "CVE-2006-1192"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-17300"
},
{
"db": "BID",
"id": "17460"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000178"
},
{
"db": "PACKETSTORM",
"id": "45341"
},
{
"db": "CNNVD",
"id": "CNNVD-200604-160"
},
{
"db": "NVD",
"id": "CVE-2006-1192"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-04-11T00:00:00",
"db": "VULHUB",
"id": "VHN-17300"
},
{
"date": "2006-04-11T00:00:00",
"db": "BID",
"id": "17460"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-000178"
},
{
"date": "2006-04-12T04:04:04",
"db": "PACKETSTORM",
"id": "45341"
},
{
"date": "2006-04-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200604-160"
},
{
"date": "2006-04-11T23:02:00",
"db": "NVD",
"id": "CVE-2006-1192"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-12T00:00:00",
"db": "VULHUB",
"id": "VHN-17300"
},
{
"date": "2006-04-17T17:12:00",
"db": "BID",
"id": "17460"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-000178"
},
{
"date": "2021-07-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200604-160"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2006-1192"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200604-160"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft Internet Explorer Vulnerable to address bar spoofing",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-000178"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200604-160"
}
],
"trust": 0.6
}
}
VAR-200606-0464
Vulnerability from variot - Updated: 2025-04-03 20:58Internet Explorer 6 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form. Mozilla Firefox allows cross-domain access to an iframe. This vulnerability could allow an attacker to interact with a web site in a different domain. The attacker could read content and cookies, capture keystrokes, and modify content. Mozilla Firefox does not filter input when sending certain URIs to registered protocol handlers. This may allow a remote, authenticated attacker to use Firefox as a vector for executing commands on a vulnerable system.
Want to join the Secunia Security Team?
Secunia offers a position as a security specialist, where your daily work involves reverse engineering of software and exploit code, auditing of source code, and analysis of vulnerability reports.
SOLUTION: Disable Active Scripting support.
Do not enter suspicious text when visiting untrusted web sites.
Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure.
The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/
The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications.
TITLE: Mozilla Firefox Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA26095
VERIFY ADVISORY: http://secunia.com/advisories/26095/
CRITICAL: Highly critical
IMPACT: Cross Site Scripting, Spoofing, DoS, System access
WHERE:
From remote
SOFTWARE: Mozilla Firefox 2.0.x http://secunia.com/product/12434/
DESCRIPTION: Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks and potentially to compromise a user's system.
1) Various errors in the browser engine can be exploited to cause memory corruption and potentially to execute arbitrary code.
2) Various errors in the Javascript engine can be exploited to cause memory corruption and potentially to execute arbitrary code.
3) An error in the "addEventListener" and "setTimeout" methods can be exploited to inject script into another site's context, circumventing the browser's same-origin policy.
4) An error in the cross-domain handling can be exploited to inject arbitrary HTML and script code in a sub-frame of another web site.
This is related to vulnerability #5 in: SA21906
5) An unspecified error in the handling of elements outside of documents allows an attacker to call an event handler and execute arbitrary code with chrome privileges.
6) An unspecified error in the handling of "XPCNativeWrapper" can lead to execution of user-supplied code.
SOLUTION: Update to version 2.0.0.5.
PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Bernd Mielke, Boris Zbarsky, David Baron, Daniel Veditz, Jesse Ruderman, Lukas Loehrer, Martijn Wargers, Mats Palmgren, Olli Pettay, Paul Nickerson, and Vladimir Sukhoy. 2) The vendor credits Asaf Romano, Jesse Ruderman, and Igor Bukanov. 3, 5) The vendor credits moz_bug_r_a4 4) Ronen Zilberman and Michal Zalewski 6) The vendor credits shutdown and moz_bug_r_a4.
ORIGINAL ADVISORY: http://www.mozilla.org/security/announce/2007/mfsa2007-18.html http://www.mozilla.org/security/announce/2007/mfsa2007-19.html http://www.mozilla.org/security/announce/2007/mfsa2007-20.html http://www.mozilla.org/security/announce/2007/mfsa2007-21.html http://www.mozilla.org/security/announce/2007/mfsa2007-25.html
OTHER REFERENCES: SA21906: http://secunia.com/advisories/21906/
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
.
BETA test the new Secunia Personal Software Inspector!
The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors.
The vulnerability is caused due to an error within the handling of "about:blank" pages loaded by chrome in an addon. This can be exploited to execute script code under chrome privileges by e.g. clicking on a link opened in an "about:blank" window created and populated in a certain ways by an addon.
Successful exploitation requires that certain addons are installed. http://www.mozilla.com/en-US/firefox/
Thunderbird: Fixed in the upcoming version 2.0.0.6. http://www.mozilla.com/en-US/thunderbird/
SeaMonkey: Fixed in the upcoming version 1.1.4.
For more information: SA26201
PROVIDED AND/OR DISCOVERED BY: moz_bug_r_a4
CHANGELOG: 2007-07-31: Updated "Description". Added link to vendor advisory. "mailto", "news", "nntp", "snews", "telnet"). using Firefox visits a malicious website with a specially crafted "mailto" URI containing a "%" character and ends in a certain extension (e.g.
The vulnerability is confirmed on a fully patched Windows XP SP2 and Windows Server 2003 SP2 system using Firefox version 2.0.0.5 and Netscape Navigator version 9.0b2. Other versions and browsers may also be affected.
SOLUTION: Do not browse untrusted websites or follow untrusted links.
PROVIDED AND/OR DISCOVERED BY: Vulnerability discovered by: * Billy (BK) Rios
Firefox not escaping quotes originally discussed by: * Jesper Johansson
Additional research by Secunia Research. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA07-297B
Adobe Updates for Microsoft Windows URI Vulnerability
Original release date: October 24, 2007 Last revised: -- Source: US-CERT
Systems Affected
Microsoft Windows XP and Windows Server 2003 systems with Internet Explorer 7 and any of the following Adobe products: * Adobe Reader 8.1 and earlier * Adobe Acrobat Professional, 3D, and Standard 8.1 and earlier * Adobe Reader 7.0.9 and earlier * Adobe Acrobat Professional, 3D, Standard, and Elements 7.0.9 and earlier
Overview
Adobe has released updates for the Adobe Reader and Adobe Acrobat product families. The update addresses a URI handling vulnerability in Microsoft Windows XP and Server 2003 systems with Internet Explorer 7.
I. Description
Installing Microsoft Internet Explorer (IE) 7 on Windows XP or Server 2003 changes the way Windows handles Uniform Resource Identifiers (URIs). This change has introduced a flaw that can cause Windows to incorrectly determine the appropriate handler for the protocol specified in a URI. More information about this vulnerability is available in US-CERT Vulnerability Note VU#403150.
Public reports indicate that this vulnerability is being actively exploited with malicious PDF files. Adobe has released Adobe Reader 8.1.1 and Adobe Acrobat 8.1.1, which mitigate this vulnerability.
II.
III. Solution
Apply an update
Adobe has released Adobe Reader 8.1.1 and Adobe Acrobat 8.1.1 to address this issue. These Adobe products handle URIs in a way that mitigates the vulnerability in Microsoft Windows.
Disable the mailto: URI in Adobe Reader and Adobe Acrobat
If you are unable to install an updated version of the software, this vulnerability can be mitigated by disabling the mailto: URI handler in Adobe Reader and Adobe Acrobat. Please see Adobe Security Bulletin APSB07-18 for details.
Appendix A. Vendor Information
Adobe
For information about updating affected Adobe products, see Adobe Security Bulletin APSB07-18.
Appendix B. References
* Adobe Security Bulletin APSB07-18 -
<http://www.adobe.com/support/security/bulletins/apsb07-18.htm>
* Microsoft Security Advisory (943521) -
<http://www.microsoft.com/technet/security/advisory/943521.mspx>
* US-CERT Vulnerability Note VU#403150 -
<http://www.kb.cert.org/vuls/id/403150>
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA07-297B.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA07-297B Feedback VU#403150" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2007 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
October 24, 2007: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRx+8WPRFkHkM87XOAQIrOQf/USsBbfDmKZ4GCi8W2466mI+kZoEHoe/H 3l3p4/1cuFGoPHFfeDLbG+alXiHSAdXoX7Db34InEUKMs7kRUVPEdW9LggI9VaTJ lKnZJxM3dXL+zPCWcDkNqrmmzyJuXwN5FmSXhlcnN4+FRzNrZYwDe1UcOk3q6m1s VNPIBTrqfSuFRllNt+chV1vQ876LLweS+Xh1DIQ/VIyduqvTogoYZO4p2A0YJD57 4y0obNuk+IhgzyhZHtSsR0ql7rGrFr4S97XUQGbKOAZWcDzNGiXJ5FkrMTaP25OI LazBVDofVz8ydUcEkb4belgv5REpfYUJc9hRbRZ+IpbAay2j42m8NQ== =PgB9 -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200606-0464",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 2.4,
"vendor": "mozilla",
"version": null
},
{
"model": "ie",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "6"
},
{
"model": "network camera server vb101",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": "*"
},
{
"model": "ie",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "5.01"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "adobe",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "network camera server vb101",
"scope": null,
"trust": 0.6,
"vendor": "canon",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#143297"
},
{
"db": "CERT/CC",
"id": "VU#403150"
},
{
"db": "CERT/CC",
"id": "VU#783400"
},
{
"db": "CNNVD",
"id": "CNNVD-200606-183"
},
{
"db": "NVD",
"id": "CVE-2006-2900"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Secunia",
"sources": [
{
"db": "PACKETSTORM",
"id": "47071"
},
{
"db": "PACKETSTORM",
"id": "57832"
},
{
"db": "PACKETSTORM",
"id": "58191"
},
{
"db": "PACKETSTORM",
"id": "58068"
}
],
"trust": 0.4
},
"cve": "CVE-2006-2900",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "CVE-2006-2900",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "VHN-19008",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2006-2900",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#143297",
"trust": 0.8,
"value": "8.51"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#403150",
"trust": 0.8,
"value": "18.43"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#783400",
"trust": 0.8,
"value": "25.52"
},
{
"author": "CNNVD",
"id": "CNNVD-200606-183",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-19008",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#143297"
},
{
"db": "CERT/CC",
"id": "VU#403150"
},
{
"db": "CERT/CC",
"id": "VU#783400"
},
{
"db": "VULHUB",
"id": "VHN-19008"
},
{
"db": "CNNVD",
"id": "CNNVD-200606-183"
},
{
"db": "NVD",
"id": "CVE-2006-2900"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Internet Explorer 6 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form. Mozilla Firefox allows cross-domain access to an iframe. This vulnerability could allow an attacker to interact with a web site in a different domain. The attacker could read content and cookies, capture keystrokes, and modify content. Mozilla Firefox does not filter input when sending certain URIs to registered protocol handlers. This may allow a remote, authenticated attacker to use Firefox as a vector for executing commands on a vulnerable system. \n\n----------------------------------------------------------------------\n\nWant to join the Secunia Security Team?\n\nSecunia offers a position as a security specialist, where your daily\nwork involves reverse engineering of software and exploit code,\nauditing of source code, and analysis of vulnerability reports. \n\nSOLUTION:\nDisable Active Scripting support. \n\nDo not enter suspicious text when visiting untrusted web sites. \n\n----------------------------------------------------------------------\n\nTry a new way to discover vulnerabilities that ALREADY EXIST in your\nIT infrastructure. \n\nThe Full Featured Secunia Network Software Inspector (NSI) is now\navailable:\nhttp://secunia.com/network_software_inspector/\n\nThe Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT\nvulnerabilities in more than 4,000 different Windows applications. \n\n----------------------------------------------------------------------\n\nTITLE:\nMozilla Firefox Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA26095\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/26095/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nCross Site Scripting, Spoofing, DoS, System access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nMozilla Firefox 2.0.x\nhttp://secunia.com/product/12434/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in Mozilla Firefox, which can\nbe exploited by malicious people to conduct spoofing and cross-site\nscripting attacks and potentially to compromise a user\u0027s system. \n\n1) Various errors in the browser engine can be exploited to cause\nmemory corruption and potentially to execute arbitrary code. \n\n2) Various errors in the Javascript engine can be exploited to cause\nmemory corruption and potentially to execute arbitrary code. \n\n3) An error in the \"addEventListener\" and \"setTimeout\" methods can be\nexploited to inject script into another site\u0027s context, circumventing\nthe browser\u0027s same-origin policy. \n\n4) An error in the cross-domain handling can be exploited to inject\narbitrary HTML and script code in a sub-frame of another web site. \n\nThis is related to vulnerability #5 in:\nSA21906\n\n5) An unspecified error in the handling of elements outside of\ndocuments allows an attacker to call an event handler and execute\narbitrary code with chrome privileges. \n\n6) An unspecified error in the handling of \"XPCNativeWrapper\" can\nlead to execution of user-supplied code. \n\nSOLUTION:\nUpdate to version 2.0.0.5. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) The vendor credits Bernd Mielke, Boris Zbarsky, David Baron,\nDaniel Veditz, Jesse Ruderman, Lukas Loehrer, Martijn Wargers, Mats\nPalmgren, Olli Pettay, Paul Nickerson, and Vladimir Sukhoy. \n2) The vendor credits Asaf Romano, Jesse Ruderman, and Igor Bukanov. \n3, 5) The vendor credits moz_bug_r_a4\n4) Ronen Zilberman and Michal Zalewski\n6) The vendor credits shutdown and moz_bug_r_a4. \n\nORIGINAL ADVISORY:\nhttp://www.mozilla.org/security/announce/2007/mfsa2007-18.html\nhttp://www.mozilla.org/security/announce/2007/mfsa2007-19.html\nhttp://www.mozilla.org/security/announce/2007/mfsa2007-20.html\nhttp://www.mozilla.org/security/announce/2007/mfsa2007-21.html\nhttp://www.mozilla.org/security/announce/2007/mfsa2007-25.html\n\nOTHER REFERENCES:\nSA21906:\nhttp://secunia.com/advisories/21906/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n\n----------------------------------------------------------------------\n\nBETA test the new Secunia Personal Software Inspector!\n\nThe Secunia PSI detects installed software on your computer and\ncategorises it as either Insecure, End-of-Life, or Up-To-Date. \nEffectively enabling you to focus your attention on software\ninstallations where more secure versions are available from the\nvendors. \n\nThe vulnerability is caused due to an error within the handling of\n\"about:blank\" pages loaded by chrome in an addon. This can be\nexploited to execute script code under chrome privileges by e.g. \nclicking on a link opened in an \"about:blank\" window created and\npopulated in a certain ways by an addon. \n\nSuccessful exploitation requires that certain addons are installed. \nhttp://www.mozilla.com/en-US/firefox/\n\nThunderbird:\nFixed in the upcoming version 2.0.0.6. \nhttp://www.mozilla.com/en-US/thunderbird/\n\nSeaMonkey:\nFixed in the upcoming version 1.1.4. \n\nFor more information:\nSA26201\n\nPROVIDED AND/OR DISCOVERED BY:\nmoz_bug_r_a4\n\nCHANGELOG:\n2007-07-31: Updated \"Description\". Added link to vendor advisory. \"mailto\", \"news\", \"nntp\", \"snews\", \"telnet\"). using\nFirefox visits a malicious website with a specially crafted \"mailto\"\nURI containing a \"%\" character and ends in a certain extension (e.g. \n\nThe vulnerability is confirmed on a fully patched Windows XP SP2 and\nWindows Server 2003 SP2 system using Firefox version 2.0.0.5 and\nNetscape Navigator version 9.0b2. Other versions and browsers may\nalso be affected. \n\nSOLUTION:\nDo not browse untrusted websites or follow untrusted links. \n\nPROVIDED AND/OR DISCOVERED BY:\nVulnerability discovered by:\n* Billy (BK) Rios\n\nFirefox not escaping quotes originally discussed by:\n* Jesper Johansson\n\nAdditional research by Secunia Research. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\tNational Cyber Alert System\n Technical Cyber Security Alert TA07-297B\n\n\nAdobe Updates for Microsoft Windows URI Vulnerability\n\n Original release date: October 24, 2007\n Last revised: --\n Source: US-CERT\n\nSystems Affected\n\n Microsoft Windows XP and Windows Server 2003 systems with Internet\n Explorer 7 and any of the following Adobe products:\n * Adobe Reader 8.1 and earlier\n * Adobe Acrobat Professional, 3D, and Standard 8.1 and earlier\n * Adobe Reader 7.0.9 and earlier\n * Adobe Acrobat Professional, 3D, Standard, and Elements 7.0.9 and\n earlier\n\nOverview\n\n Adobe has released updates for the Adobe Reader and Adobe Acrobat\n product families. The update addresses a URI handling vulnerability in\n Microsoft Windows XP and Server 2003 systems with Internet Explorer 7. \n\nI. Description\n\n Installing Microsoft Internet Explorer (IE) 7 on Windows XP or Server\n 2003 changes the way Windows handles Uniform Resource Identifiers\n (URIs). This change has introduced a flaw that can cause Windows to\n incorrectly determine the appropriate handler for the protocol\n specified in a URI. More information about this vulnerability is available in\n US-CERT Vulnerability Note VU#403150. \n\n Public reports indicate that this vulnerability is being actively\n exploited with malicious PDF files. Adobe has released Adobe Reader\n 8.1.1 and Adobe Acrobat 8.1.1, which mitigate this vulnerability. \n\nII. \n\nIII. Solution\n\nApply an update\n\n Adobe has released Adobe Reader 8.1.1 and Adobe Acrobat 8.1.1 to\n address this issue. These Adobe products handle URIs in a way that\n mitigates the vulnerability in Microsoft Windows. \n\nDisable the mailto: URI in Adobe Reader and Adobe Acrobat\n\n If you are unable to install an updated version of the software, this\n vulnerability can be mitigated by disabling the mailto: URI handler in\n Adobe Reader and Adobe Acrobat. Please see Adobe Security Bulletin\n APSB07-18 for details. \n\n\nAppendix A. Vendor Information\n\nAdobe\n\n For information about updating affected Adobe products, see Adobe\n Security Bulletin APSB07-18. \n\nAppendix B. References\n\n * Adobe Security Bulletin APSB07-18 -\n \u003chttp://www.adobe.com/support/security/bulletins/apsb07-18.htm\u003e\n \n * Microsoft Security Advisory (943521) -\n \u003chttp://www.microsoft.com/technet/security/advisory/943521.mspx\u003e\n \n * US-CERT Vulnerability Note VU#403150 -\n \u003chttp://www.kb.cert.org/vuls/id/403150\u003e\n\n _________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA07-297B.html\u003e\n _________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA07-297B Feedback VU#403150\" in the\n subject. \n _________________________________________________________________\n \n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n _________________________________________________________________\n\n Produced 2007 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n _________________________________________________________________\n\nRevision History\n\n October 24, 2007: Initial release\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBRx+8WPRFkHkM87XOAQIrOQf/USsBbfDmKZ4GCi8W2466mI+kZoEHoe/H\n3l3p4/1cuFGoPHFfeDLbG+alXiHSAdXoX7Db34InEUKMs7kRUVPEdW9LggI9VaTJ\nlKnZJxM3dXL+zPCWcDkNqrmmzyJuXwN5FmSXhlcnN4+FRzNrZYwDe1UcOk3q6m1s\nVNPIBTrqfSuFRllNt+chV1vQ876LLweS+Xh1DIQ/VIyduqvTogoYZO4p2A0YJD57\n4y0obNuk+IhgzyhZHtSsR0ql7rGrFr4S97XUQGbKOAZWcDzNGiXJ5FkrMTaP25OI\nLazBVDofVz8ydUcEkb4belgv5REpfYUJc9hRbRZ+IpbAay2j42m8NQ==\n=PgB9\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-2900"
},
{
"db": "CERT/CC",
"id": "VU#143297"
},
{
"db": "CERT/CC",
"id": "VU#403150"
},
{
"db": "CERT/CC",
"id": "VU#783400"
},
{
"db": "VULHUB",
"id": "VHN-19008"
},
{
"db": "PACKETSTORM",
"id": "47071"
},
{
"db": "PACKETSTORM",
"id": "57832"
},
{
"db": "PACKETSTORM",
"id": "58191"
},
{
"db": "PACKETSTORM",
"id": "58068"
},
{
"db": "PACKETSTORM",
"id": "60418"
}
],
"trust": 3.6
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "SECUNIA",
"id": "26201",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "20449",
"trust": 1.8
},
{
"db": "BID",
"id": "18308",
"trust": 1.7
},
{
"db": "SREASON",
"id": "1059",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2006-2161",
"trust": 1.7
},
{
"db": "NVD",
"id": "CVE-2006-2900",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "26288",
"trust": 0.9
},
{
"db": "SECUNIA",
"id": "26095",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#403150",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#783400",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#143297",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200606-183",
"trust": 0.7
},
{
"db": "FULLDISC",
"id": "20060605 FILE UPLOAD WIDGETS IN IE AND FIREFOX HAVE ISSUES",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-19008",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "47071",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "57832",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "58191",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "58068",
"trust": 0.1
},
{
"db": "USCERT",
"id": "TA07-297B",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "60418",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#143297"
},
{
"db": "CERT/CC",
"id": "VU#403150"
},
{
"db": "CERT/CC",
"id": "VU#783400"
},
{
"db": "VULHUB",
"id": "VHN-19008"
},
{
"db": "PACKETSTORM",
"id": "47071"
},
{
"db": "PACKETSTORM",
"id": "57832"
},
{
"db": "PACKETSTORM",
"id": "58191"
},
{
"db": "PACKETSTORM",
"id": "58068"
},
{
"db": "PACKETSTORM",
"id": "60418"
},
{
"db": "CNNVD",
"id": "CNNVD-200606-183"
},
{
"db": "NVD",
"id": "CVE-2006-2900"
}
]
},
"id": "VAR-200606-0464",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-19008"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T20:58:09.422000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-19008"
},
{
"db": "NVD",
"id": "CVE-2006-2900"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://secunia.com/advisories/26201/"
},
{
"trust": 1.7,
"url": "http://xs-sniper.com/blog/2007/07/24/remote-command-execution-in-firefox-2005/"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/18308"
},
{
"trust": 1.7,
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-june/046610.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/20449"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/1059"
},
{
"trust": 1.6,
"url": "http://xs-sniper.com/blog/remote-command-exec-firefox-2005/"
},
{
"trust": 1.6,
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=389580"
},
{
"trust": 1.6,
"url": "http://support.microsoft.com/kb/224816"
},
{
"trust": 1.6,
"url": "http://kb.mozillazine.org/firefox_:_faqs_:_about:config_entries"
},
{
"trust": 1.6,
"url": "http://en.wikipedia.org/wiki/uniform_resource_identifier"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2006/2161"
},
{
"trust": 0.9,
"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-20.html"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/26095/"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/26288/"
},
{
"trust": 0.8,
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0026.html"
},
{
"trust": 0.8,
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=382686"
},
{
"trust": 0.8,
"url": "http://www.w3schools.com/tags/tag_iframe.asp"
},
{
"trust": 0.8,
"url": "http://www.w3.org/tr/html401/present/frames.html#h-16.5"
},
{
"trust": 0.8,
"url": "https://addons.mozilla.org/en-us/firefox/addon/722"
},
{
"trust": 0.8,
"url": "http://www.mozilla.org/projects/security/components/same-origin.html"
},
{
"trust": 0.8,
"url": "http://www.cert.org/archive/pdf/cross_site_scripting.pdf"
},
{
"trust": 0.8,
"url": "http://www.stopbadware.org/home/security#preventing"
},
{
"trust": 0.8,
"url": "http://www.antiphishing.org/consumer_recs.html"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/reading_room/securing_browser/"
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/ms07-061.mspx"
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/advisory/943521.mspx"
},
{
"trust": 0.8,
"url": "http://blogs.technet.com/msrc/archive/2007/10/25/msrc-blog-october-25th-update-to-security-advisory-943521.aspx"
},
{
"trust": 0.8,
"url": "http://www.adobe.com/support/security/advisories/apsa07-04.html"
},
{
"trust": 0.8,
"url": "http://www.adobe.com/support/security/bulletins/apsb07-18.html"
},
{
"trust": 0.8,
"url": "http://en-us.www.mozilla.com/en-us/firefox/2.0.0.6/releasenotes/"
},
{
"trust": 0.8,
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=389106"
},
{
"trust": 0.8,
"url": "http://www.w3schools.com/tags/ref_urlencode.asp"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/2161"
},
{
"trust": 0.4,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.4,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.4,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/network_software_inspector/"
},
{
"trust": 0.2,
"url": "http://secunia.com/product/12434/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/20449/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/20442/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/11/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_specialist/"
},
{
"trust": 0.1,
"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-18.html"
},
{
"trust": 0.1,
"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-25.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/21906/"
},
{
"trust": 0.1,
"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-19.html"
},
{
"trust": 0.1,
"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-21.html"
},
{
"trust": 0.1,
"url": "http://www.mozilla.org/projects/seamonkey/"
},
{
"trust": 0.1,
"url": "http://www.mozilla.com/en-us/firefox/"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/"
},
{
"trust": 0.1,
"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-27.html"
},
{
"trust": 0.1,
"url": "http://www.mozilla.com/en-us/thunderbird/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14383/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14070/"
},
{
"trust": 0.1,
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=388121"
},
{
"trust": 0.1,
"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-26.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1173/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/22/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1174/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1176/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1175/"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/783400"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/16/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/12366/"
},
{
"trust": 0.1,
"url": "http://msinfluentials.com/blogs/jesper/archive/2007/07/20/hey-mozilla-quotes-are-not-legal-in-a-url.aspx"
},
{
"trust": 0.1,
"url": "http://www.adobe.com/support/security/bulletins/apsb07-18.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.microsoft.com/technet/security/advisory/943521.mspx\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/403150\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta07-297b.html\u003e"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#143297"
},
{
"db": "CERT/CC",
"id": "VU#403150"
},
{
"db": "CERT/CC",
"id": "VU#783400"
},
{
"db": "VULHUB",
"id": "VHN-19008"
},
{
"db": "PACKETSTORM",
"id": "47071"
},
{
"db": "PACKETSTORM",
"id": "57832"
},
{
"db": "PACKETSTORM",
"id": "58191"
},
{
"db": "PACKETSTORM",
"id": "58068"
},
{
"db": "PACKETSTORM",
"id": "60418"
},
{
"db": "CNNVD",
"id": "CNNVD-200606-183"
},
{
"db": "NVD",
"id": "CVE-2006-2900"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#143297"
},
{
"db": "CERT/CC",
"id": "VU#403150"
},
{
"db": "CERT/CC",
"id": "VU#783400"
},
{
"db": "VULHUB",
"id": "VHN-19008"
},
{
"db": "PACKETSTORM",
"id": "47071"
},
{
"db": "PACKETSTORM",
"id": "57832"
},
{
"db": "PACKETSTORM",
"id": "58191"
},
{
"db": "PACKETSTORM",
"id": "58068"
},
{
"db": "PACKETSTORM",
"id": "60418"
},
{
"db": "CNNVD",
"id": "CNNVD-200606-183"
},
{
"db": "NVD",
"id": "CVE-2006-2900"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-06-08T00:00:00",
"db": "CERT/CC",
"id": "VU#143297"
},
{
"date": "2007-07-27T00:00:00",
"db": "CERT/CC",
"id": "VU#403150"
},
{
"date": "2007-07-26T00:00:00",
"db": "CERT/CC",
"id": "VU#783400"
},
{
"date": "2006-06-07T00:00:00",
"db": "VULHUB",
"id": "VHN-19008"
},
{
"date": "2006-06-10T05:36:59",
"db": "PACKETSTORM",
"id": "47071"
},
{
"date": "2007-07-19T02:44:59",
"db": "PACKETSTORM",
"id": "57832"
},
{
"date": "2007-08-01T00:35:42",
"db": "PACKETSTORM",
"id": "58191"
},
{
"date": "2007-07-27T03:17:23",
"db": "PACKETSTORM",
"id": "58068"
},
{
"date": "2007-10-25T04:18:19",
"db": "PACKETSTORM",
"id": "60418"
},
{
"date": "2006-06-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200606-183"
},
{
"date": "2006-06-07T16:02:00",
"db": "NVD",
"id": "CVE-2006-2900"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-03-14T00:00:00",
"db": "CERT/CC",
"id": "VU#143297"
},
{
"date": "2007-11-13T00:00:00",
"db": "CERT/CC",
"id": "VU#403150"
},
{
"date": "2007-07-31T00:00:00",
"db": "CERT/CC",
"id": "VU#783400"
},
{
"date": "2011-10-11T00:00:00",
"db": "VULHUB",
"id": "VHN-19008"
},
{
"date": "2006-08-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200606-183"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2006-2900"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200606-183"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mozilla Firefox allows cross-domain iframe access via JavaScript",
"sources": [
{
"db": "CERT/CC",
"id": "VU#143297"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200606-183"
}
],
"trust": 0.6
}
}
VAR-202502-2479
Vulnerability from variot - Updated: 2025-03-02 23:12LBP621C is a color laser printer.
Canon (China) Co., Ltd. LBP621C has a command execution vulnerability, which can be exploited by attackers to execute printer commands.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202502-2479",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "lbp621c",
"scope": "eq",
"trust": 0.6,
"vendor": "canon",
"version": "10.0500000000000001"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-03349"
}
]
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2025-03349",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2025-03349",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-03349"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "LBP621C is a color laser printer. \n\nCanon (China) Co., Ltd. LBP621C has a command execution vulnerability, which can be exploited by attackers to execute printer commands.",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-03349"
}
],
"trust": 0.6
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-03349",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-03349"
}
]
},
"id": "VAR-202502-2479",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-03349"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-03349"
}
]
},
"last_update_date": "2025-03-02T23:12:12.567000Z",
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-03349"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-02-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-03349"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-02-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-03349"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Canon (China) Co., Ltd. LBP621C has a command execution vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-03349"
}
],
"trust": 0.6
}
}
VAR-201806-0938
Vulnerability from variot - Updated: 2024-11-23 23:12A remote attacker can bypass the System Manager Mode on the Canon MF210 and MF220 web interface without knowing the PIN for /login.html via vectors involving /portal_top.html to get full access to the device. NOTE: the vendor reportedly responded that this issue occurs when a customer keeps the default settings without using the countermeasures and best practices shown in the documentation. ** Unsettled ** This case has not been confirmed as a vulnerability. Canon MF210 and MF220 Contains an authentication vulnerability. The vendor has disputed this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2018-11711Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both the Canon MF210 and the MF220 are printers from Canon, Japan. There are security holes in the web interface in CanonMF210 and MF220
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201806-0938",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mf210",
"scope": "eq",
"trust": 1.6,
"vendor": "canon",
"version": null
},
{
"model": "mf220",
"scope": "eq",
"trust": 1.6,
"vendor": "canon",
"version": null
},
{
"model": "mf210",
"scope": null,
"trust": 1.4,
"vendor": "canon",
"version": null
},
{
"model": "mf220",
"scope": null,
"trust": 1.4,
"vendor": "canon",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-18051"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006311"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-270"
},
{
"db": "NVD",
"id": "CVE-2018-11711"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:canon:mf210_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:canon:mf220_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006311"
}
]
},
"cve": "CVE-2018-11711",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-11711",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-18051",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-121598",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-11711",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-11711",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-11711",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2018-18051",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201806-270",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-121598",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-11711",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-18051"
},
{
"db": "VULHUB",
"id": "VHN-121598"
},
{
"db": "VULMON",
"id": "CVE-2018-11711"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006311"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-270"
},
{
"db": "NVD",
"id": "CVE-2018-11711"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A remote attacker can bypass the System Manager Mode on the Canon MF210 and MF220 web interface without knowing the PIN for /login.html via vectors involving /portal_top.html to get full access to the device. NOTE: the vendor reportedly responded that this issue occurs when a customer keeps the default settings without using the countermeasures and best practices shown in the documentation. ** Unsettled ** This case has not been confirmed as a vulnerability. Canon MF210 and MF220 Contains an authentication vulnerability. The vendor has disputed this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2018-11711Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both the Canon MF210 and the MF220 are printers from Canon, Japan. There are security holes in the web interface in CanonMF210 and MF220",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-11711"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006311"
},
{
"db": "CNVD",
"id": "CNVD-2018-18051"
},
{
"db": "VULHUB",
"id": "VHN-121598"
},
{
"db": "VULMON",
"id": "CVE-2018-11711"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-11711",
"trust": 3.2
},
{
"db": "EXPLOIT-DB",
"id": "44845",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006311",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201806-270",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-18051",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-121598",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-11711",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-18051"
},
{
"db": "VULHUB",
"id": "VHN-121598"
},
{
"db": "VULMON",
"id": "CVE-2018-11711"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006311"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-270"
},
{
"db": "NVD",
"id": "CVE-2018-11711"
}
]
},
"id": "VAR-201806-0938",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-18051"
},
{
"db": "VULHUB",
"id": "VHN-121598"
}
],
"trust": 1.325
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-18051"
}
]
},
"last_update_date": "2024-11-23T23:12:07.058000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "https://canon.jp/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006311"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-121598"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006311"
},
{
"db": "NVD",
"id": "CVE-2018-11711"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://gist.github.com/huykha/9dbcd0e46058f1e18bab241d1b2754bd"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11711"
},
{
"trust": 1.2,
"url": "https://www.exploit-db.com/exploits/44845/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11711"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/287.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-18051"
},
{
"db": "VULHUB",
"id": "VHN-121598"
},
{
"db": "VULMON",
"id": "CVE-2018-11711"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006311"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-270"
},
{
"db": "NVD",
"id": "CVE-2018-11711"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-18051"
},
{
"db": "VULHUB",
"id": "VHN-121598"
},
{
"db": "VULMON",
"id": "CVE-2018-11711"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006311"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-270"
},
{
"db": "NVD",
"id": "CVE-2018-11711"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-18051"
},
{
"date": "2018-06-04T00:00:00",
"db": "VULHUB",
"id": "VHN-121598"
},
{
"date": "2018-06-04T00:00:00",
"db": "VULMON",
"id": "CVE-2018-11711"
},
{
"date": "2018-08-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006311"
},
{
"date": "2018-06-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-270"
},
{
"date": "2018-06-04T13:29:00.590000",
"db": "NVD",
"id": "CVE-2018-11711"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-18051"
},
{
"date": "2018-08-01T00:00:00",
"db": "VULHUB",
"id": "VHN-121598"
},
{
"date": "2018-08-01T00:00:00",
"db": "VULMON",
"id": "CVE-2018-11711"
},
{
"date": "2018-08-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006311"
},
{
"date": "2018-06-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-270"
},
{
"date": "2024-11-21T03:43:52.487000",
"db": "NVD",
"id": "CVE-2018-11711"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-270"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Canon MF210 and MF220 Authentication vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006311"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-270"
}
],
"trust": 0.6
}
}
VAR-202112-0112
Vulnerability from variot - Updated: 2024-11-23 22:54In Canon LBP223 printers, the System Manager Mode login does not require an account password or PIN. An attacker can remotely shut down the device after entering the background, creating a denial of service vulnerability. Canon LBP223 A weak password requirement vulnerability exists in the printer.Service operation interruption (DoS) It may be in a state. Canon LBP223 is a printer of Canon (Canon) in Japan
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-0112",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "lbp223dw",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": null
},
{
"model": "lbp223dw",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30ad\u30e4\u30ce\u30f3",
"version": null
},
{
"model": "lbp223dw",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30ad\u30e4\u30ce\u30f3",
"version": "lbp223dw firmware"
},
{
"model": "lbp223dw",
"scope": null,
"trust": 0.8,
"vendor": "\u30ad\u30e4\u30ce\u30f3",
"version": null
},
{
"model": "lbp223",
"scope": null,
"trust": 0.6,
"vendor": "canon",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-103085"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-015843"
},
{
"db": "NVD",
"id": "CVE-2021-43471"
}
]
},
"cve": "CVE-2021-43471",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-43471",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-103085",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-43471",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-43471",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-43471",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-43471",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-103085",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-351",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-43471",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-103085"
},
{
"db": "VULMON",
"id": "CVE-2021-43471"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-015843"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-351"
},
{
"db": "NVD",
"id": "CVE-2021-43471"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In Canon LBP223 printers, the System Manager Mode login does not require an account password or PIN. An attacker can remotely shut down the device after entering the background, creating a denial of service vulnerability. Canon LBP223 A weak password requirement vulnerability exists in the printer.Service operation interruption (DoS) It may be in a state. Canon LBP223 is a printer of Canon (Canon) in Japan",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-43471"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-015843"
},
{
"db": "CNVD",
"id": "CNVD-2021-103085"
},
{
"db": "VULMON",
"id": "CVE-2021-43471"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-43471",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2021-015843",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-103085",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202112-351",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-43471",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-103085"
},
{
"db": "VULMON",
"id": "CVE-2021-43471"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-015843"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-351"
},
{
"db": "NVD",
"id": "CVE-2021-43471"
}
]
},
"id": "VAR-202112-0112",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-103085"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-103085"
}
]
},
"last_update_date": "2024-11-23T22:54:45.568000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "top page",
"trust": 0.8,
"url": "https://canon.jp/"
},
{
"title": "CVE-2021-43471",
"trust": 0.1,
"url": "https://github.com/cxaqhq/CVE-2021-43471 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/cxaqhq/cxaqhq "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-43471"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-015843"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-521",
"trust": 1.0
},
{
"problemtype": "Weak password request (CWE-521) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-015843"
},
{
"db": "NVD",
"id": "CVE-2021-43471"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://github.com/cxaqhq/cve-1"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43471"
},
{
"trust": 0.9,
"url": "https://github.com/cxaqhq/cve-2021-43471"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/521.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-103085"
},
{
"db": "VULMON",
"id": "CVE-2021-43471"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-015843"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-351"
},
{
"db": "NVD",
"id": "CVE-2021-43471"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-103085"
},
{
"db": "VULMON",
"id": "CVE-2021-43471"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-015843"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-351"
},
{
"db": "NVD",
"id": "CVE-2021-43471"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-103085"
},
{
"date": "2021-12-06T00:00:00",
"db": "VULMON",
"id": "CVE-2021-43471"
},
{
"date": "2022-11-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-015843"
},
{
"date": "2021-12-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-351"
},
{
"date": "2021-12-06T13:15:07.410000",
"db": "NVD",
"id": "CVE-2021-43471"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-103085"
},
{
"date": "2021-12-07T00:00:00",
"db": "VULMON",
"id": "CVE-2021-43471"
},
{
"date": "2022-11-30T09:12:00",
"db": "JVNDB",
"id": "JVNDB-2021-015843"
},
{
"date": "2021-12-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-351"
},
{
"date": "2024-11-21T06:29:17.400000",
"db": "NVD",
"id": "CVE-2021-43471"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-351"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Canon\u00a0LBP223\u00a0 Weak password requirement vulnerability in printers",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-015843"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-351"
}
],
"trust": 0.6
}
}
VAR-202203-1326
Vulnerability from variot - Updated: 2024-11-23 22:36The Rambus SafeZone Basic Crypto Module before 10.4.0, as used in certain Fujifilm (formerly Fuji Xerox) devices before 2022-03-01, Canon imagePROGRAF and imageRUNNER devices through 2022-03-14, and potentially many other devices, generates RSA keys that can be broken with Fermat's factorization method. This allows efficient calculation of private RSA keys from the public key of a TLS certificate. Rambus FIPS is a portable software encryption toolkit from Rambus that allows IoT device and platform manufacturers to deploy the security they need
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-1326",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "apeosport 3560",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.60.9"
},
{
"model": "apeosport-vii c4473",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.60.2"
},
{
"model": "docucentre-vii c3372",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.60.2"
},
{
"model": "apeos c4570",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.1.7"
},
{
"model": "apeosport c3060",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.60.9"
},
{
"model": "apeosport c3570 g",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.60.9"
},
{
"model": "apeos c328 df",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "202112062053"
},
{
"model": "apeosport 3060",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.60.9"
},
{
"model": "apeosport-vii c2273",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.60.2"
},
{
"model": "safezone basic crypto module",
"scope": "lt",
"trust": 1.0,
"vendor": "rambus",
"version": "10.4.0"
},
{
"model": "apeosport-vii c7788",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.60.1"
},
{
"model": "apeosport-vii c7773",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.60.2"
},
{
"model": "docuprint 3508 d",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.57.5"
},
{
"model": "apeosport 3560 g",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.60.9"
},
{
"model": "apeosport-vii cp4421",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.60.9"
},
{
"model": "docucentre-vii c7773",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.60.2"
},
{
"model": "apeos c6570 g",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.1.7"
},
{
"model": "apeospro c810",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.1.6"
},
{
"model": "apeosport 4570 g",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.60.9"
},
{
"model": "apeosprint c325 dw",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "202112062117"
},
{
"model": "apeos c4570 g",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.1.7"
},
{
"model": "apeosport-vii c5573",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.60.2"
},
{
"model": "apeosport 3060 g",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.60.9"
},
{
"model": "apeosport-vii p4021",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.60.9"
},
{
"model": "apeosport c5570",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.60.9"
},
{
"model": "apeosport-vii c3372",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.60.2"
},
{
"model": "apeosport 2560",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.60.9"
},
{
"model": "apeos c325 dw",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "202112062053"
},
{
"model": "apeosport c6570",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.60.9"
},
{
"model": "apeosport print c5570",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.60.9"
},
{
"model": "docuprint 3205 d",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.57.5"
},
{
"model": "docucentre-vii c5588",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.60.1"
},
{
"model": "apeos c7070",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.1.7"
},
{
"model": "apeosport c2560",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.60.9"
},
{
"model": "apeosport-vii c4421",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.60.9"
},
{
"model": "apeos c328 dw",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "202112062053"
},
{
"model": "apeosport-vii c6688",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.60.1"
},
{
"model": "docuprint 3208 d",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.57.5"
},
{
"model": "apeosport c4570",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.60.9"
},
{
"model": "apeosport 4570",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.60.9"
},
{
"model": "apeosport c5570 g",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.60.9"
},
{
"model": "apeosport-vii c6773",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.60.2"
},
{
"model": "apeosport c2560 g",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.60.9"
},
{
"model": "apeos c3070",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.1.7"
},
{
"model": "apeos c3070 g",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.1.7"
},
{
"model": "apeosport-vii 4021",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.60.9"
},
{
"model": "apeosport c7070 g",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.60.9"
},
{
"model": "docucentre-vii c6673",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.60.2"
},
{
"model": "apeosport c7070",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.60.9"
},
{
"model": "apeosport c4570 g",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.60.9"
},
{
"model": "docuprint c3555 d",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.57.6"
},
{
"model": "apeosport-vii 5021",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.60.9"
},
{
"model": "apeosport 5570",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.60.9"
},
{
"model": "apeosport c3070",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.60.9"
},
{
"model": "apeosport c6570 g",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.60.9"
},
{
"model": "apeos c325 z",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "202112062053"
},
{
"model": "apeosport 5570 g",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.60.9"
},
{
"model": "apeosprint c328 dw",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "202112062117"
},
{
"model": "apeosprint c328",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "202112062117"
},
{
"model": "primelink c9065",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.145.1"
},
{
"model": "apeosport c2060 g",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.60.9"
},
{
"model": "apeosport-vii c5588",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.60.1"
},
{
"model": "apeosport c2060",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.60.9"
},
{
"model": "primelink c9070",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.145.1"
},
{
"model": "apeosport-vii c3321",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.60.9"
},
{
"model": "apeospro c750",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.1.6"
},
{
"model": "apeosport-vii c3373",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.60.2"
},
{
"model": "apeospro c650",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.1.6"
},
{
"model": "apeosport c3070 g",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.60.9"
},
{
"model": "docuprint c2555 d",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.57.6"
},
{
"model": "docucentre-vii c2273",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.60.2"
},
{
"model": "docucentre-vii c3373",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.60.2"
},
{
"model": "imagerunner",
"scope": "lte",
"trust": 1.0,
"vendor": "canon",
"version": "2020-03-14"
},
{
"model": "apeos c5570",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.1.7"
},
{
"model": "apeos c8180",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.1.6"
},
{
"model": "docuprint 4405 d",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.57.5"
},
{
"model": "docuprint 4408 d",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.57.5"
},
{
"model": "docucentre-vii c7788",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.60.1"
},
{
"model": "apeos c7070 g",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.1.7"
},
{
"model": "imageprograf",
"scope": "lt",
"trust": 1.0,
"vendor": "canon",
"version": "2020-03-14"
},
{
"model": "safezone basic crypto module",
"scope": "gte",
"trust": 1.0,
"vendor": "rambus",
"version": "9.3.0"
},
{
"model": "apeos c5570 g",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.1.7"
},
{
"model": "apeos c7580",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.1.6"
},
{
"model": "docucentre-vii c5573",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.60.2"
},
{
"model": "docucentre-vii c6688",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.60.1"
},
{
"model": "apeosport 2560 g",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.60.9"
},
{
"model": "docuprint 3505 d",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.57.5"
},
{
"model": "apeosport c3570",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.60.9"
},
{
"model": "apeos c6580",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.1.6"
},
{
"model": "apeos c6570",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.1.7"
},
{
"model": "docucentre-vii c4473",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.60.2"
},
{
"model": "apeos c3570",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.1.7"
},
{
"model": "apeos c3570 g",
"scope": "lt",
"trust": 1.0,
"vendor": "fujifilm",
"version": "1.1.7"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-26320"
}
]
},
"cve": "CVE-2022-26320",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2022-26320",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-415478",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-26320",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-26320",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202203-1379",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-415478",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-26320",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415478"
},
{
"db": "VULMON",
"id": "CVE-2022-26320"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1379"
},
{
"db": "NVD",
"id": "CVE-2022-26320"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Rambus SafeZone Basic Crypto Module before 10.4.0, as used in certain Fujifilm (formerly Fuji Xerox) devices before 2022-03-01, Canon imagePROGRAF and imageRUNNER devices through 2022-03-14, and potentially many other devices, generates RSA keys that can be broken with Fermat\u0027s factorization method. This allows efficient calculation of private RSA keys from the public key of a TLS certificate. Rambus FIPS is a portable software encryption toolkit from Rambus that allows IoT device and platform manufacturers to deploy the security they need",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-26320"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1379"
},
{
"db": "VULHUB",
"id": "VHN-415478"
},
{
"db": "VULMON",
"id": "CVE-2022-26320"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-26320",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1379",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-415478",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-26320",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415478"
},
{
"db": "VULMON",
"id": "CVE-2022-26320"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1379"
},
{
"db": "NVD",
"id": "CVE-2022-26320"
}
]
},
"id": "VAR-202203-1326",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-415478"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:36:52.390000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "",
"trust": 0.1,
"url": "https://github.com/google/paranoid_crypto "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-26320"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-330",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415478"
},
{
"db": "NVD",
"id": "CVE-2022-26320"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.fujifilm.com/fbglobal/eng/company/news/notice/2022/0302_rsakey_announce.html"
},
{
"trust": 1.8,
"url": "https://fermatattack.secvuln.info"
},
{
"trust": 1.8,
"url": "https://global.canon/en/support/security/index.html"
},
{
"trust": 1.8,
"url": "https://safezoneswupdate.com"
},
{
"trust": 1.0,
"url": "https://www.rambus.com/security/response-center/advisories/rmbs-2021-01/"
},
{
"trust": 1.0,
"url": "https://web.archive.org/web/20220922042721/https://safezoneswupdate.com/"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-26320/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/330.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/google/paranoid_crypto"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415478"
},
{
"db": "VULMON",
"id": "CVE-2022-26320"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1379"
},
{
"db": "NVD",
"id": "CVE-2022-26320"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-415478"
},
{
"db": "VULMON",
"id": "CVE-2022-26320"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1379"
},
{
"db": "NVD",
"id": "CVE-2022-26320"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-14T00:00:00",
"db": "VULHUB",
"id": "VHN-415478"
},
{
"date": "2022-03-14T00:00:00",
"db": "VULMON",
"id": "CVE-2022-26320"
},
{
"date": "2022-03-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1379"
},
{
"date": "2022-03-14T18:15:08.123000",
"db": "NVD",
"id": "CVE-2022-26320"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-23T00:00:00",
"db": "VULHUB",
"id": "VHN-415478"
},
{
"date": "2022-03-23T00:00:00",
"db": "VULMON",
"id": "CVE-2022-26320"
},
{
"date": "2022-03-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1379"
},
{
"date": "2024-11-21T06:53:44.970000",
"db": "NVD",
"id": "CVE-2022-26320"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1379"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rambus FIPS Security feature vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1379"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "security feature problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1379"
}
],
"trust": 0.6
}
}
VAR-201806-0922
Vulnerability from variot - Updated: 2024-11-23 22:34An issue was discovered on Canon LBP6650, LBP3370, LBP3460, and LBP7750C devices. It is possible to bypass the Administrator Mode authentication for /tlogin.cgi via vectors involving frame.cgi?page=DevStatus. NOTE: the vendor reportedly responded that this issue occurs when a customer keeps the default settings without using the countermeasures and best practices shown in the documentation. ** Unsettled ** This case has not been confirmed as a vulnerability. plural Canon The product contains authentication vulnerabilities. The vendor has disputed this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2018-11692Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CanonLBP6650 and other printers are all Canon's printers. Canon LBP6650, etc. are all printers produced by Japan's Canon (Canon)
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "lbp7750c",
"scope": "eq",
"trust": 1.6,
"vendor": "canon",
"version": null
},
{
"_id": null,
"model": "lbp3370",
"scope": "eq",
"trust": 1.6,
"vendor": "canon",
"version": null
},
{
"_id": null,
"model": "lbp3460",
"scope": "eq",
"trust": 1.6,
"vendor": "canon",
"version": null
},
{
"_id": null,
"model": "lbp6650",
"scope": "eq",
"trust": 1.6,
"vendor": "canon",
"version": null
},
{
"_id": null,
"model": "lbp6650",
"scope": null,
"trust": 1.4,
"vendor": "canon",
"version": null
},
{
"_id": null,
"model": "lbp3370",
"scope": null,
"trust": 1.4,
"vendor": "canon",
"version": null
},
{
"_id": null,
"model": "lbp3460",
"scope": null,
"trust": 1.4,
"vendor": "canon",
"version": null
},
{
"_id": null,
"model": "lbp7750c",
"scope": null,
"trust": 1.4,
"vendor": "canon",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11784"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006144"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-284"
},
{
"db": "NVD",
"id": "CVE-2018-11692"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:canon:lbp3370_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:canon:lbp3460_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:canon:lbp6650_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:canon:lbp7750c_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006144"
}
]
},
"cve": "CVE-2018-11692",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-11692",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2018-11784",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-121577",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-11692",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-11692",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-11692",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2018-11784",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201806-284",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-121577",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-11692",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11784"
},
{
"db": "VULHUB",
"id": "VHN-121577"
},
{
"db": "VULMON",
"id": "CVE-2018-11692"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006144"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-284"
},
{
"db": "NVD",
"id": "CVE-2018-11692"
}
]
},
"description": {
"_id": null,
"data": "An issue was discovered on Canon LBP6650, LBP3370, LBP3460, and LBP7750C devices. It is possible to bypass the Administrator Mode authentication for /tlogin.cgi via vectors involving frame.cgi?page=DevStatus. NOTE: the vendor reportedly responded that this issue occurs when a customer keeps the default settings without using the countermeasures and best practices shown in the documentation. ** Unsettled ** This case has not been confirmed as a vulnerability. plural Canon The product contains authentication vulnerabilities. The vendor has disputed this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2018-11692Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CanonLBP6650 and other printers are all Canon\u0027s printers. Canon LBP6650, etc. are all printers produced by Japan\u0027s Canon (Canon)",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-11692"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006144"
},
{
"db": "CNVD",
"id": "CNVD-2018-11784"
},
{
"db": "VULHUB",
"id": "VHN-121577"
},
{
"db": "VULMON",
"id": "CVE-2018-11692"
}
],
"trust": 2.34
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2018-11692",
"trust": 3.2
},
{
"db": "EXPLOIT-DB",
"id": "44844",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006144",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201806-284",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-11784",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-97328",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-121577",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-11692",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11784"
},
{
"db": "VULHUB",
"id": "VHN-121577"
},
{
"db": "VULMON",
"id": "CVE-2018-11692"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006144"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-284"
},
{
"db": "NVD",
"id": "CVE-2018-11692"
}
]
},
"id": "VAR-201806-0922",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11784"
},
{
"db": "VULHUB",
"id": "VHN-121577"
}
],
"trust": 1.325
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11784"
}
]
},
"last_update_date": "2024-11-23T22:34:15.599000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.usa.canon.com/internet/portal/us/home"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006144"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-121577"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006144"
},
{
"db": "NVD",
"id": "CVE-2018-11692"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.4,
"url": "https://gist.github.com/huykha/2dfbe97810e96a05e67359fd9e7cc9ff"
},
{
"trust": 1.2,
"url": "https://www.exploit-db.com/exploits/44844/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11692"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11692"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/287.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11784"
},
{
"db": "VULHUB",
"id": "VHN-121577"
},
{
"db": "VULMON",
"id": "CVE-2018-11692"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006144"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-284"
},
{
"db": "NVD",
"id": "CVE-2018-11692"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-11784",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-121577",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2018-11692",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006144",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201806-284",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2018-11692",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2018-06-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-11784",
"ident": null
},
{
"date": "2018-06-04T00:00:00",
"db": "VULHUB",
"id": "VHN-121577",
"ident": null
},
{
"date": "2018-06-04T00:00:00",
"db": "VULMON",
"id": "CVE-2018-11692",
"ident": null
},
{
"date": "2018-08-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006144",
"ident": null
},
{
"date": "2018-06-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-284",
"ident": null
},
{
"date": "2018-06-04T06:29:00.623000",
"db": "NVD",
"id": "CVE-2018-11692",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2018-06-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-11784",
"ident": null
},
{
"date": "2018-07-20T00:00:00",
"db": "VULHUB",
"id": "VHN-121577",
"ident": null
},
{
"date": "2018-07-20T00:00:00",
"db": "VULMON",
"id": "CVE-2018-11692",
"ident": null
},
{
"date": "2018-08-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006144",
"ident": null
},
{
"date": "2018-06-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-284",
"ident": null
},
{
"date": "2024-11-21T03:43:50.213000",
"db": "NVD",
"id": "CVE-2018-11692",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-284"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "plural Canon Authentication vulnerabilities in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006144"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-284"
}
],
"trust": 0.6
}
}
VAR-202011-0485
Vulnerability from variot - Updated: 2024-11-23 22:33An issue was discovered on Canon MF237w 06.07 devices. An "Improper Handling of Length Parameter Inconsistency" issue in the IPv4/ICMPv4 component, when handling a packet sent by an unauthenticated network attacker, may expose Sensitive Information. Canon MF237w Contains an unspecified vulnerability.Information may be obtained. i-SENSYS MF237w is a four-in-one multifunction laser printer suitable for small offices launched by Canon.
There is an information disclosure vulnerability in i-SENSYS MF237w 06.07. An attacker could exploit this vulnerability to obtain sensitive information by sending a specially crafted packet
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202011-0485",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mf244dw",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": null
},
{
"model": "lbp113w",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": null
},
{
"model": "mf269dw",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": null
},
{
"model": "mf237w",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": "06.07"
},
{
"model": "mf247dw",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": null
},
{
"model": "ir2202n",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": null
},
{
"model": "lbp151dw",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": null
},
{
"model": "mf4570dn",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": null
},
{
"model": "mf4580dn",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": null
},
{
"model": "mf217w",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": null
},
{
"model": "mf232w",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": null
},
{
"model": "ir2204n",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": null
},
{
"model": "ir2206if",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": null
},
{
"model": "mf249dw",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": null
},
{
"model": "mf264dw",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": null
},
{
"model": "mf226dn",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": null
},
{
"model": "mf216n",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": null
},
{
"model": "mf229dw",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": null
},
{
"model": "mf4780w",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": null
},
{
"model": "mf4870dn",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": null
},
{
"model": "mf212w",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": null
},
{
"model": "ir2206n",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": null
},
{
"model": "mf4890dw",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": null
},
{
"model": "ir2204f",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": null
},
{
"model": "mf267dw",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": null
},
{
"model": "mf231",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": null
},
{
"model": "lbp162dw",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": null
},
{
"model": "mf113w",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": null
},
{
"model": "mf217w",
"scope": null,
"trust": 0.8,
"vendor": "\u30ad\u30e4\u30ce\u30f3",
"version": null
},
{
"model": "mf216n",
"scope": null,
"trust": 0.8,
"vendor": "\u30ad\u30e4\u30ce\u30f3",
"version": null
},
{
"model": "mf231",
"scope": null,
"trust": 0.8,
"vendor": "\u30ad\u30e4\u30ce\u30f3",
"version": null
},
{
"model": "mf232w",
"scope": null,
"trust": 0.8,
"vendor": "\u30ad\u30e4\u30ce\u30f3",
"version": null
},
{
"model": "mf237w",
"scope": null,
"trust": 0.8,
"vendor": "\u30ad\u30e4\u30ce\u30f3",
"version": null
},
{
"model": "mf212w",
"scope": null,
"trust": 0.8,
"vendor": "\u30ad\u30e4\u30ce\u30f3",
"version": null
},
{
"model": "mf244dw",
"scope": null,
"trust": 0.8,
"vendor": "\u30ad\u30e4\u30ce\u30f3",
"version": null
},
{
"model": "mf229dw",
"scope": null,
"trust": 0.8,
"vendor": "\u30ad\u30e4\u30ce\u30f3",
"version": null
},
{
"model": "mf113w",
"scope": null,
"trust": 0.8,
"vendor": "\u30ad\u30e4\u30ce\u30f3",
"version": null
},
{
"model": "mf226dn",
"scope": null,
"trust": 0.8,
"vendor": "\u30ad\u30e4\u30ce\u30f3",
"version": null
},
{
"model": "i-sensys mf237w",
"scope": "eq",
"trust": 0.6,
"vendor": "canon",
"version": "6.07"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-06537"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013892"
},
{
"db": "NVD",
"id": "CVE-2020-16849"
}
]
},
"cve": "CVE-2020-16849",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-16849",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-06537",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-16849",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-16849",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-16849",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-16849",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2022-06537",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202011-2072",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-06537"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013892"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-2072"
},
{
"db": "NVD",
"id": "CVE-2020-16849"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Canon MF237w 06.07 devices. An \"Improper Handling of Length Parameter Inconsistency\" issue in the IPv4/ICMPv4 component, when handling a packet sent by an unauthenticated network attacker, may expose Sensitive Information. Canon MF237w Contains an unspecified vulnerability.Information may be obtained. i-SENSYS MF237w is a four-in-one multifunction laser printer suitable for small offices launched by Canon. \n\r\n\r\nThere is an information disclosure vulnerability in i-SENSYS MF237w 06.07. An attacker could exploit this vulnerability to obtain sensitive information by sending a specially crafted packet",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-16849"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013892"
},
{
"db": "CNVD",
"id": "CNVD-2022-06537"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-16849",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013892",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-06537",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202011-2072",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-06537"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013892"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-2072"
},
{
"db": "NVD",
"id": "CVE-2020-16849"
}
]
},
"id": "VAR-202011-0485",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-06537"
}
],
"trust": 1.01666666
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-06537"
}
]
},
"last_update_date": "2024-11-23T22:33:15.803000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security\u00a0for\u00a0Products\u00a0Connected\u00a0to\u00a0a\u00a0Network",
"trust": 0.8,
"url": "https://www.canon-europe.com/support/product-security/"
},
{
"title": "Patch for i-SENSYS MF237w Information Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/316071"
},
{
"title": "Canon Mf237w Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=135876"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-06537"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013892"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-2072"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "Other (CWE-Other) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013892"
},
{
"db": "NVD",
"id": "CVE-2020-16849"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://blog.scadafence.com/vulnerability-report-cve-2020-16849"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16849"
},
{
"trust": 1.6,
"url": "https://www.canon-europe.com/support/product-security/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-06537"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013892"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-2072"
},
{
"db": "NVD",
"id": "CVE-2020-16849"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-06537"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013892"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-2072"
},
{
"db": "NVD",
"id": "CVE-2020-16849"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-06537"
},
{
"date": "2021-07-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-013892"
},
{
"date": "2020-11-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202011-2072"
},
{
"date": "2020-11-30T22:15:10.777000",
"db": "NVD",
"id": "CVE-2020-16849"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-06537"
},
{
"date": "2021-07-15T08:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-013892"
},
{
"date": "2020-12-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202011-2072"
},
{
"date": "2024-11-21T05:07:15.857000",
"db": "NVD",
"id": "CVE-2020-16849"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202011-2072"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Canon\u00a0MF237w\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013892"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202011-2072"
}
],
"trust": 0.6
}
}
JVNDB-2026-005744
Vulnerability from jvndb - Published: 2026-03-04 10:40 - Updated:2026-03-04 10:40
Severity
Summary
Canon IJ Scan Utility registers Windows services with unquoted file paths
Details
References
| Type | URL | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-005744.html",
"dc:date": "2026-03-04T10:40+09:00",
"dcterms:issued": "2026-03-04T10:40+09:00",
"dcterms:modified": "2026-03-04T10:40+09:00",
"description": "IJ Scan Utility provided by Canon Inc. contains the following vulnerability.\u003ca href=\u0027https://cwe.mitre.org/data/definitions/428.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003ca href=\u0027https://www.cve.org/CVERecord?id=CVE-2026-1585\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003cul\u003e\u003cli\u003eUnquoted search path or element (CWE-428) - CVE-2026-1585\u003c/li\u003e\u003c/ul\u003eCanon Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-005744.html",
"sec:cpe": {
"#text": "cpe:/a:canon:ij_scan_utility",
"@product": "IJ Scan Utility",
"@vendor": "Canon Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "6.7",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2026-005744",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU99676444/index.html",
"@id": "JVNVU#99676444",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-1585",
"@id": "CVE-2026-1585",
"@source": "CVE"
},
{
"#text": "https://cwe.mitre.org/data/definitions/428.html",
"@id": "CWE-428",
"@title": "Unquoted Search Path or Element(CWE-428)"
}
],
"title": "Canon IJ Scan Utility registers Windows services with unquoted file paths"
}
JVNDB-2026-001380
Vulnerability from jvndb - Published: 2026-01-19 10:08 - Updated:2026-01-19 10:08
Severity
Summary
Multiple vulnerabilities in Canon Small Office Multifunction Printers and Laser Printers
Details
Small Office Multifunction Printers and Laser Printers provided by Canon Inc. contain multiple vulnerabilities listed below.
- Out-of-bounds write (CWE-787) - CVE-2025-14231, CVE-2025-14232, CVE-2025-14234, CVE-2025-14235, CVE-2025-14236, CVE-2025-14237
- Release of invalid pointer or reference (CWE-763) - CVE-2025-14233
References
| Type | URL | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-001380.html",
"dc:date": "2026-01-19T10:08+09:00",
"dcterms:issued": "2026-01-19T10:08+09:00",
"dcterms:modified": "2026-01-19T10:08+09:00",
"description": "Small Office Multifunction Printers and Laser Printers provided by Canon Inc. contain multiple vulnerabilities listed below.\u003cul\u003e\u003cli\u003eOut-of-bounds write (CWE-787) - CVE-2025-14231, CVE-2025-14232, CVE-2025-14234, CVE-2025-14235, CVE-2025-14236, CVE-2025-14237\u003c/li\u003e\u003cli\u003eRelease of invalid pointer or reference (CWE-763) - CVE-2025-14233\u003c/li\u003e\u003c/ul\u003eCanon Inc. reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-001380.html",
"sec:cpe": {
"#text": "cpe:/a:canon:multiple_product",
"@product": "(multiple product)",
"@vendor": "Canon Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "9.8",
"@severity": "Critical",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2026-001380",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU99107852/index.html",
"@id": "JVNVU#99107852",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-14231",
"@id": "CVE-2025-14231",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-14232",
"@id": "CVE-2025-14232",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-14233",
"@id": "CVE-2025-14233",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-14234",
"@id": "CVE-2025-14234",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-14235",
"@id": "CVE-2025-14235",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-14236",
"@id": "CVE-2025-14236",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-14237",
"@id": "CVE-2025-14237",
"@source": "CVE"
},
{
"#text": "https://cwe.mitre.org/data/definitions/763.html",
"@id": "CWE-763",
"@title": "Release of Invalid Pointer or Reference(CWE-763)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/787.html",
"@id": "CWE-787",
"@title": "Out-of-bounds Write(CWE-787)"
}
],
"title": "Multiple vulnerabilities in Canon Small Office Multifunction Printers and Laser Printers"
}
JVNDB-2025-014642
Vulnerability from jvndb - Published: 2025-09-30 11:50 - Updated:2025-09-30 11:50
Severity
Summary
Multiple vulnerabilities in Canon Printer Drivers for Production Printers, Office/Small Office Multifunction Printers and Laser Printers
Details
Canon printer drivers for Production Printers, Office/Small Office Multifunction Printers and Laser Printers contain multiple vulnerabilities listed below.
- Out-of-bounds read (CWE-125) - CVE-2025-7698
- Out-of-bounds write (CWE-787) - CVE-2025-9903
- Reference to unallocated memory (CWE-696) - CVE-2025-9904
References
| Type | URL | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-014642.html",
"dc:date": "2025-09-30T11:50+09:00",
"dcterms:issued": "2025-09-30T11:50+09:00",
"dcterms:modified": "2025-09-30T11:50+09:00",
"description": "Canon printer drivers for Production Printers, Office/Small Office Multifunction Printers and Laser Printers contain multiple vulnerabilities listed below.\r\n\u003cul\u003e\r\n\u003cli\u003eOut-of-bounds read (CWE-125) - CVE-2025-7698\u003c/li\u003e\r\n\u003cli\u003eOut-of-bounds write (CWE-787) - CVE-2025-9903\u003c/li\u003e\r\n\u003cli\u003eReference to unallocated memory (CWE-696) - CVE-2025-9904\u003c/li\u003e\r\n\u003c/ul\u003e\r\nCanon Inc. reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN. JPCERT/CC and Canon Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-014642.html",
"sec:cpe": {
"#text": "cpe:/a:canon:multiple_product",
"@product": "(multiple product)",
"@vendor": "Canon Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "5.9",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-014642",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU93104961/index.html",
"@id": "JVNVU#93104961",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-7698",
"@id": "CVE-2025-7698",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-9903",
"@id": "CVE-2025-9903",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-9904",
"@id": "CVE-2025-9904",
"@source": "CVE"
},
{
"#text": "https://cwe.mitre.org/data/definitions/125.html",
"@id": "CWE-125",
"@title": "Out-of-bounds Read(CWE-125)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/696.html",
"@id": "CWE-696",
"@title": "Incorrect Behavior Order(CWE-696)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/787.html",
"@id": "CWE-787",
"@title": "Out-of-bounds Write(CWE-787)"
}
],
"title": "Multiple vulnerabilities in Canon Printer Drivers for Production Printers, Office/Small Office Multifunction Printers and Laser Printers"
}
JVNDB-2025-005467
Vulnerability from jvndb - Published: 2025-05-22 15:03 - Updated:2025-05-22 15:03
Severity
Summary
Passback vulnerabilities in Canon Production Printers, Office/Small Office Multifunction Printers, and Laser Printers
Details
Production Printers, Office/Small Office Multifunction Printers, and Laser Printers provided by Canon Inc. do not implement sufficient protection on credential information (CWE-522).
* CVE-2025-3078, CVE-2025-3079
Canon Inc. reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
References
| Type | URL | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-005467.html",
"dc:date": "2025-05-22T15:03+09:00",
"dcterms:issued": "2025-05-22T15:03+09:00",
"dcterms:modified": "2025-05-22T15:03+09:00",
"description": "Production Printers, Office/Small Office Multifunction Printers, and Laser Printers provided by Canon Inc. do not implement sufficient protection on credential information (CWE-522).\r\n\r\n * CVE-2025-3078, CVE-2025-3079\r\n\r\nCanon Inc. reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-005467.html",
"sec:cpe": {
"#text": "cpe:/a:canon:multiple_product",
"@product": "(multiple product)",
"@vendor": "Canon Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "8.7",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-005467",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU99563104/index.html",
"@id": "JVNVU#99563104",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-3078",
"@id": "CVE-2025-3078",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-3079",
"@id": "CVE-2025-3079",
"@source": "CVE"
},
{
"#text": "https://cwe.mitre.org/data/definitions/522.html",
"@id": "CWE-522",
"@title": "Insufficiently Protected Credentials(CWE-522)"
}
],
"title": "Passback vulnerabilities in Canon Production Printers, Office/Small Office Multifunction Printers, and Laser Printers"
}
JVNDB-2025-002790
Vulnerability from jvndb - Published: 2025-04-02 15:05 - Updated:2025-04-02 15:05
Severity
Summary
Out-of-bounds Write vulnerabilities in Canon Printer Drivers for Production Printers, Office/Small Office Multifunction Printers and Laser Printers
Details
Out-of-bounds Write vulnerabilities were found in Canon printer drivers for Production Printers, Office/Small Office Multifunction Printers and Laser Printers.
* Out-of-bounds Write vulnerability on curve segmentation (CWE-787) - CVE-2025-0234
* Out-of-bounds Write vulnerability on image rendering (CWE-787) - CVE-2025-0235
* Out-of-bounds Write vulnerability on slope processing during curve rendering
(CWE-787) - CVE-2025-0236
* Out-of-bounds Write vulnerability on EMF records processing (CWE-787) - CVE-2025-1268
Canon Inc. reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN. JPCERT/CC and Canon Inc. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-002790.html",
"dc:date": "2025-04-02T15:05+09:00",
"dcterms:issued": "2025-04-02T15:05+09:00",
"dcterms:modified": "2025-04-02T15:05+09:00",
"description": "Out-of-bounds Write vulnerabilities were found in Canon printer drivers for Production Printers, Office/Small Office Multifunction Printers and Laser Printers.\r\n\r\n * Out-of-bounds Write vulnerability on curve segmentation (CWE-787) - CVE-2025-0234\r\n * Out-of-bounds Write vulnerability on image rendering (CWE-787) - CVE-2025-0235\r\n * Out-of-bounds Write vulnerability on slope processing during curve rendering \r\n (CWE-787) - CVE-2025-0236\r\n * Out-of-bounds Write vulnerability on EMF records processing (CWE-787) - CVE-2025-1268\r\n\r\nCanon Inc. reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN. JPCERT/CC and Canon Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-002790.html",
"sec:cpe": {
"#text": "cpe:/a:canon:multiple_product",
"@product": "(multiple product)",
"@vendor": "Canon Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "9.4",
"@severity": "Critical",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-002790",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU93701955/index.html",
"@id": "JVNVU#93701955",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-0234",
"@id": "CVE-2025-0234",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-0235",
"@id": "CVE-2025-0235",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-0236",
"@id": "CVE-2025-0236",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-1268",
"@id": "CVE-2025-1268",
"@source": "CVE"
},
{
"#text": "https://cwe.mitre.org/data/definitions/787.html",
"@id": "CWE-787",
"@title": "Out-of-bounds Write(CWE-787)"
}
],
"title": "Out-of-bounds Write vulnerabilities in Canon Printer Drivers for Production Printers, Office/Small Office Multifunction Printers and Laser Printers"
}
JVNDB-2025-001238
Vulnerability from jvndb - Published: 2025-01-29 13:41 - Updated:2025-05-27 16:06
Severity
Summary
Multiple out-of-bounds write vulnerabilities in Canon Office/Small Office Multifunction Printers and Laser Printers
Details
Office/Small Office Multifunction Printers and Laser Printers provided by Canon Inc. contain multiple out-of-bounds write vulnerabilities (CWE-787, CVE-2024-12647, CVE-2024-12648, CVE-2024-12649, CVE-2025-2146).
Canon Inc. reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
References
| Type | URL | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-001238.html",
"dc:date": "2025-05-27T16:06+09:00",
"dcterms:issued": "2025-01-29T13:41+09:00",
"dcterms:modified": "2025-05-27T16:06+09:00",
"description": "Office/Small Office Multifunction Printers and Laser Printers provided by Canon Inc. contain multiple out-of-bounds write vulnerabilities (CWE-787, CVE-2024-12647, CVE-2024-12648, CVE-2024-12649, CVE-2025-2146).\r\n\r\nCanon Inc. reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-001238.html",
"sec:cpe": {
"#text": "cpe:/a:canon:multiple_product",
"@product": "(multiple product)",
"@vendor": "Canon Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "9.8",
"@severity": "Critical",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-001238",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU93455283/index.html",
"@id": "JVNVU#93455283",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-12647",
"@id": "CVE-2024-12647",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-12648",
"@id": "CVE-2024-12648",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-12649",
"@id": "CVE-2024-12649",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-2146",
"@id": "CVE-2025-2146",
"@source": "CVE"
},
{
"#text": "https://cwe.mitre.org/data/definitions/787.html",
"@id": "CWE-787",
"@title": "Out-of-bounds Write(CWE-787)"
}
],
"title": "Multiple out-of-bounds write vulnerabilities in Canon Office/Small Office Multifunction Printers and Laser Printers"
}