Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2016-7411 (GCVE-0-2016-7411)
Vulnerability from cvelistv5 – Published: 2016-09-17 21:00 – Updated: 2024-08-06 01:57
VLAI
EPSS
Summary
ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://security.gentoo.org/glsa/201611-22 | vendor-advisoryx_refsource_GENTOO |
| http://www.securitytracker.com/id/1036836 | vdb-entryx_refsource_SECTRACK |
| https://bugs.php.net/bug.php?id=73052 | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2016/0… | mailing-listx_refsource_MLIST |
| https://github.com/php/php-src/commit/6a7cc8ff858… | x_refsource_CONFIRM |
| http://www.php.net/ChangeLog-5.php | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/93009 | vdb-entryx_refsource_BID |
Date Public
2016-09-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:47.609Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201611-22",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201611-22"
},
{
"name": "1036836",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036836"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=73052"
},
{
"name": "[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/15/10"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/php/php-src/commit/6a7cc8ff85827fa9ac715b3a83c2d9147f33cd43?w=1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"name": "93009",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93009"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-29T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201611-22",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201611-22"
},
{
"name": "1036836",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036836"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.php.net/bug.php?id=73052"
},
{
"name": "[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/15/10"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/php/php-src/commit/6a7cc8ff85827fa9ac715b3a83c2d9147f33cd43?w=1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"name": "93009",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93009"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7411",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201611-22",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201611-22"
},
{
"name": "1036836",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036836"
},
{
"name": "https://bugs.php.net/bug.php?id=73052",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=73052"
},
{
"name": "[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/15/10"
},
{
"name": "https://github.com/php/php-src/commit/6a7cc8ff85827fa9ac715b3a83c2d9147f33cd43?w=1",
"refsource": "CONFIRM",
"url": "https://github.com/php/php-src/commit/6a7cc8ff85827fa9ac715b3a83c2d9147f33cd43?w=1"
},
{
"name": "http://www.php.net/ChangeLog-5.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"name": "93009",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93009"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7411",
"datePublished": "2016-09-17T21:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T01:57:47.609Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2016-7411",
"date": "2026-05-30",
"epss": "0.00597",
"percentile": "0.69718"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2016-7411\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2016-09-17T21:59:02.573\",\"lastModified\":\"2026-05-06T22:30:45.220\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object.\"},{\"lang\":\"es\",\"value\":\"ext/standard/var_unserializer.re en PHP en versiones anteriores a 5.6.26 no maneja correctamente los fallos de deserializaci\u00f3n de objeto, lo que podr\u00eda permitir a atacantes remotos provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) o tener otro posible impacto no especificado a trav\u00e9s de una llamada no serializada que referencia a un objeto construido parcialmente.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.6.25\",\"matchCriteriaId\":\"D860D77C-575A-48A1-9475-485D26EF5E41\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2016/09/15/10\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.php.net/ChangeLog-5.php\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"http://www.securityfocus.com/bid/93009\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id/1036836\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://bugs.php.net/bug.php?id=73052\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Issue Tracking\"]},{\"url\":\"https://github.com/php/php-src/commit/6a7cc8ff85827fa9ac715b3a83c2d9147f33cd43?w=1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://security.gentoo.org/glsa/201611-22\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2016/09/15/10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.php.net/ChangeLog-5.php\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"http://www.securityfocus.com/bid/93009\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1036836\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugs.php.net/bug.php?id=73052\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\"]},{\"url\":\"https://github.com/php/php-src/commit/6a7cc8ff85827fa9ac715b3a83c2d9147f33cd43?w=1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://security.gentoo.org/glsa/201611-22\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
VDE-2023-009
Vulnerability from csaf_adstecindustrialitgmbh - Published: 2023-05-08 13:37 - Updated: 2023-05-08 13:37Summary
ads-tec: Multiple Vulnerabilities in IRF1000, IRF2000 and IRF3000
Notes
Impact: The affected products integrate the vulnerable libraries in a way so that the vulnerabilities can't be exploited remotely without prior authentication.
Mitigation: It is recommended to disable all user accounts with restricted configuration write permissions if the update to the latest released version cannot be installed immediately.It is further recommended to use best practice password policies.
Remediation: Update firmware to the latest version available. The issues have been resolved with IRF1000 version 1.5.0, IRF2000 version 4.4.0 and IRF3000 version 1.2.0.
Double free vulnerability in the zend_ts_hash_graceful_destroy function in zend_ts_hash.c in the Zend Engine in PHP through 5.5.20 and 5.6.x through 5.6.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
Mitigation
It is recommended to disable all user accounts with restricted configuration write permissions if the update to the latest released version cannot be installed immediately.It is further recommended to use best practice password policies.
Vendor Fix
Update firmware to the latest version available. The issues have been resolved with IRF1000 version 1.5.0, IRF2000 version 4.4.0 and IRF3000 version 1.2.0.
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — |
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — |
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys within the serialized properties of an object, a different vulnerability than CVE-2004-1019.
Mitigation
It is recommended to disable all user accounts with restricted configuration write permissions if the update to the latest released version cannot be installed immediately.It is further recommended to use best practice password policies.
Vendor Fix
Update firmware to the latest version available. The issues have been resolved with IRF1000 version 1.5.0, IRF2000 version 4.4.0 and IRF3000 version 1.2.0.
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — |
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — |
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an __wakeup function, a related issue to CVE-2015-0231.
Mitigation
It is recommended to disable all user accounts with restricted configuration write permissions if the update to the latest released version cannot be installed immediately.It is further recommended to use best practice password policies.
Vendor Fix
Update firmware to the latest version available. The issues have been resolved with IRF1000 version 1.5.0, IRF2000 version 4.4.0 and IRF3000 version 1.2.0.
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — |
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — |
The move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \x00 character, which allows remote attackers to bypass intended extension restrictions and create files with unexpected names via a crafted second argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.
Mitigation
It is recommended to disable all user accounts with restricted configuration write permissions if the update to the latest released version cannot be installed immediately.It is further recommended to use best practice password policies.
Vendor Fix
Update firmware to the latest version available. The issues have been resolved with IRF1000 version 1.5.0, IRF2000 version 4.4.0 and IRF3000 version 1.2.0.
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — |
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — |
Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize function that triggers calculation of a large length value.
Mitigation
It is recommended to disable all user accounts with restricted configuration write permissions if the update to the latest released version cannot be installed immediately.It is further recommended to use best practice password policies.
Vendor Fix
Update firmware to the latest version available. The issues have been resolved with IRF1000 version 1.5.0, IRF2000 version 4.4.0 and IRF3000 version 1.2.0.
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — |
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — |
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142.
Mitigation
It is recommended to disable all user accounts with restricted configuration write permissions if the update to the latest released version cannot be installed immediately.It is further recommended to use best practice password policies.
Vendor Fix
Update firmware to the latest version available. The issues have been resolved with IRF1000 version 1.5.0, IRF2000 version 4.4.0 and IRF3000 version 1.2.0.
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — |
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — |
The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement.
CWE-404 - Improper Resource Shutdown or Release
Mitigation
It is recommended to disable all user accounts with restricted configuration write permissions if the update to the latest released version cannot be installed immediately.It is further recommended to use best practice password policies.
Vendor Fix
Update firmware to the latest version available. The issues have been resolved with IRF1000 version 1.5.0, IRF2000 version 4.4.0 and IRF3000 version 1.2.0.
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — |
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — |
SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement.
CWE-908 - Use of Uninitialized Resource
Mitigation
It is recommended to disable all user accounts with restricted configuration write permissions if the update to the latest released version cannot be installed immediately.It is further recommended to use best practice password policies.
Vendor Fix
Update firmware to the latest version available. The issues have been resolved with IRF1000 version 1.5.0, IRF2000 version 4.4.0 and IRF3000 version 1.2.0.
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — |
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — |
Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not validate certain Exception objects, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger unintended method execution via crafted serialized data.
9.8 (Critical)
Mitigation
It is recommended to disable all user accounts with restricted configuration write permissions if the update to the latest released version cannot be installed immediately.It is further recommended to use best practice password policies.
Vendor Fix
Update firmware to the latest version available. The issues have been resolved with IRF1000 version 1.5.0, IRF2000 version 4.4.0 and IRF3000 version 1.2.0.
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — |
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — |
The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 mishandles multiple php_var_unserialize calls, which allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted session content.
9.8 (Critical)
Mitigation
It is recommended to disable all user accounts with restricted configuration write permissions if the update to the latest released version cannot be installed immediately.It is further recommended to use best practice password policies.
Vendor Fix
Update firmware to the latest version available. The issues have been resolved with IRF1000 version 1.5.0, IRF2000 version 4.4.0 and IRF3000 version 1.2.0.
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — |
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — |
The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to a "type confusion" issue.
9.8 (Critical)
Mitigation
It is recommended to disable all user accounts with restricted configuration write permissions if the update to the latest released version cannot be installed immediately.It is further recommended to use best practice password policies.
Vendor Fix
Update firmware to the latest version available. The issues have been resolved with IRF1000 version 1.5.0, IRF2000 version 4.4.0 and IRF3000 version 1.2.0.
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — |
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — |
ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object.
9.8 (Critical)
Mitigation
It is recommended to disable all user accounts with restricted configuration write permissions if the update to the latest released version cannot be installed immediately.It is further recommended to use best practice password policies.
Vendor Fix
Update firmware to the latest version available. The issues have been resolved with IRF1000 version 1.5.0, IRF2000 version 4.4.0 and IRF3000 version 1.2.0.
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — |
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — |
ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a (1) __destruct call or (2) magic method call.
9.8 (Critical)
Mitigation
It is recommended to disable all user accounts with restricted configuration write permissions if the update to the latest released version cannot be installed immediately.It is further recommended to use best practice password policies.
Vendor Fix
Update firmware to the latest version available. The issues have been resolved with IRF1000 version 1.5.0, IRF2000 version 4.4.0 and IRF3000 version 1.2.0.
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — |
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — |
PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during __wakeup processing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data, as demonstrated by Exception::__toString with DateInterval::__wakeup.
9.8 (Critical)
Mitigation
It is recommended to disable all user accounts with restricted configuration write permissions if the update to the latest released version cannot be installed immediately.It is further recommended to use best practice password policies.
Vendor Fix
Update firmware to the latest version available. The issues have been resolved with IRF1000 version 1.5.0, IRF2000 version 4.4.0 and IRF3000 version 1.2.0.
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — |
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — |
The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finish_nested_data call.
7.5 (High)
Mitigation
It is recommended to disable all user accounts with restricted configuration write permissions if the update to the latest released version cannot be installed immediately.It is further recommended to use best practice password policies.
Vendor Fix
Update firmware to the latest version available. The issues have been resolved with IRF1000 version 1.5.0, IRF2000 version 4.4.0 and IRF3000 version 1.2.0.
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — |
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — |
The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script's use of .= with a long string.
9.8 (Critical)
Mitigation
It is recommended to disable all user accounts with restricted configuration write permissions if the update to the latest released version cannot be installed immediately.It is further recommended to use best practice password policies.
Vendor Fix
Update firmware to the latest version available. The issues have been resolved with IRF1000 version 1.5.0, IRF2000 version 4.4.0 and IRF3000 version 1.2.0.
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — |
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — |
The finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an unspecified impact on the integrity of PHP.
9.8 (Critical)
Mitigation
It is recommended to disable all user accounts with restricted configuration write permissions if the update to the latest released version cannot be installed immediately.It is further recommended to use best practice password policies.
Vendor Fix
Update firmware to the latest version available. The issues have been resolved with IRF1000 version 1.5.0, IRF2000 version 4.4.0 and IRF3000 version 1.2.0.
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — |
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — |
In PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before 7.1.3, remote attackers could cause a CPU consumption denial of service attack by injecting long form variables, related to main/php_variables.c.
7.5 (High)
Mitigation
It is recommended to disable all user accounts with restricted configuration write permissions if the update to the latest released version cannot be installed immediately.It is further recommended to use best practice password policies.
Vendor Fix
Update firmware to the latest version available. The issues have been resolved with IRF1000 version 1.5.0, IRF2000 version 4.4.0 and IRF3000 version 1.2.0.
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — |
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — |
References
4 references
Acknowledgments
CERT@VDE
certvde.com
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "description",
"text": "The affected products integrate the vulnerable libraries in a way so that the vulnerabilities can\u0027t be exploited remotely without prior authentication.",
"title": "Impact"
},
{
"category": "description",
"text": "It is recommended to disable all user accounts with restricted configuration write permissions if the update to the latest released version cannot be installed immediately.It is further recommended to use best practice password policies.",
"title": "Mitigation"
},
{
"category": "description",
"text": "Update firmware to the latest version available.\u00a0The issues have been resolved with IRF1000 version 1.5.0, IRF2000 version 4.4.0 and IRF3000 version 1.2.0.",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@ads-tec.de",
"name": "ads-tec Industrial IT GmbH",
"namespace": "https://www.ads-tec-iit.com"
},
"references": [
{
"category": "self",
"summary": "VDE-2023-009: ads-tec: Multiple Vulnerabilities in IRF1000, IRF2000 and IRF3000 - HTML",
"url": "https://certvde.com/en/advisories/VDE-2023-009/"
},
{
"category": "self",
"summary": "VDE-2023-009: ads-tec: Multiple Vulnerabilities in IRF1000, IRF2000 and IRF3000 - CSAF",
"url": "https://ads-tec-iit.csaf-tp.certvde.com/.well-known/csaf/white/2023/vde-2023-009.json"
},
{
"category": "external",
"summary": "Vendor PSIRT",
"url": "https://www.ads-tec-iit.com"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for ads-tec Industrial IT GmbH",
"url": "https://certvde.com/en/advisories/vendor/ads-tec-iit/"
}
],
"title": "ads-tec: Multiple Vulnerabilities in IRF1000, IRF2000 and IRF3000",
"tracking": {
"aliases": [
"VDE-2023-009"
],
"current_release_date": "2023-05-08T13:37:00.000Z",
"generator": {
"date": "2025-04-14T08:26:31.923Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.23"
}
},
"id": "VDE-2023-009",
"initial_release_date": "2023-05-08T13:37:00.000Z",
"revision_history": [
{
"date": "2023-05-08T13:37:00.000Z",
"number": "1",
"summary": "Initial revision."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "IRF1000",
"product": {
"name": "IRF1000",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"model_numbers": [
"DVG-IRF1401, DVG-IRF1421"
]
}
}
},
{
"category": "product_name",
"name": "IRF2000",
"product": {
"name": "IRF2000",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"model_numbers": [
"DVG-IRF2200, DVG-IRF2100, DVG-IRF2220, DVG-IRF2621, DVG-IRF2601"
]
}
}
},
{
"category": "product_name",
"name": "IRF3000",
"product": {
"name": "IRF3000",
"product_id": "CSAFPID-11003",
"product_identification_helper": {
"model_numbers": [
"DVG-IRF3401, DVG-IRF3421, DVG-IRF3801. DVG-IRF3821"
]
}
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.5.0",
"product": {
"name": "Firmware \u003c1.5.0",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version_range",
"name": "\u003c4.4.0",
"product": {
"name": "Firmware \u003c4.4.0",
"product_id": "CSAFPID-21002"
}
},
{
"category": "product_version_range",
"name": "\u003c1.2.0",
"product": {
"name": "Firmware \u003c1.2.0",
"product_id": "CSAFPID-21003"
}
},
{
"category": "product_version",
"name": "1.5.0",
"product": {
"name": "Firmware 1.5.0",
"product_id": "CSAFPID-22001"
}
},
{
"category": "product_version",
"name": "4.4.0",
"product": {
"name": "Firmware 4.4.0",
"product_id": "CSAFPID-22002"
}
},
{
"category": "product_version",
"name": "1.2.0",
"product": {
"name": "Firmware 1.2.0",
"product_id": "CSAFPID-22003"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "ads-tec Industrial IT"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
],
"summary": "Affected products."
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"summary": "Fixed products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.5.0 installed on IRF1000",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c4.4.0 installed on IRF2000",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.2.0 installed on IRF3000",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.5.0 installed on IRF1000",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 4.4.0 installed on IRF2000",
"product_id": "CSAFPID-32002"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.2.0 installed on IRF3000",
"product_id": "CSAFPID-32003"
},
"product_reference": "CSAFPID-22003",
"relates_to_product_reference": "CSAFPID-11003"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-9425",
"notes": [
{
"category": "description",
"text": "Double free vulnerability in the zend_ts_hash_graceful_destroy function in zend_ts_hash.c in the Zend Engine in PHP through 5.5.20 and 5.6.x through 5.6.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
},
"remediations": [
{
"category": "mitigation",
"details": "It is recommended to disable all user accounts with restricted configuration write permissions if the update to the latest released version cannot be installed immediately.It is further recommended to use best practice password policies.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update firmware to the latest version available.\u00a0The issues have been resolved with IRF1000 version 1.5.0, IRF2000 version 4.4.0 and IRF3000 version 1.2.0.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"title": "CVE-2014-9425"
},
{
"cve": "CVE-2014-8142",
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys within the serialized properties of an object, a different vulnerability than CVE-2004-1019.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
},
"remediations": [
{
"category": "mitigation",
"details": "It is recommended to disable all user accounts with restricted configuration write permissions if the update to the latest released version cannot be installed immediately.It is further recommended to use best practice password policies.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update firmware to the latest version available.\u00a0The issues have been resolved with IRF1000 version 1.5.0, IRF2000 version 4.4.0 and IRF3000 version 1.2.0.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"title": "CVE-2014-8142"
},
{
"cve": "CVE-2015-2787",
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an __wakeup function, a related issue to CVE-2015-0231.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
},
"remediations": [
{
"category": "mitigation",
"details": "It is recommended to disable all user accounts with restricted configuration write permissions if the update to the latest released version cannot be installed immediately.It is further recommended to use best practice password policies.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update firmware to the latest version available.\u00a0The issues have been resolved with IRF1000 version 1.5.0, IRF2000 version 4.4.0 and IRF3000 version 1.2.0.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"title": "CVE-2015-2787"
},
{
"cve": "CVE-2015-2348",
"notes": [
{
"category": "description",
"text": "The move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \\x00 character, which allows remote attackers to bypass intended extension restrictions and create files with unexpected names via a crafted second argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
},
"remediations": [
{
"category": "mitigation",
"details": "It is recommended to disable all user accounts with restricted configuration write permissions if the update to the latest released version cannot be installed immediately.It is further recommended to use best practice password policies.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update firmware to the latest version available.\u00a0The issues have been resolved with IRF1000 version 1.5.0, IRF2000 version 4.4.0 and IRF3000 version 1.2.0.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"title": "CVE-2015-2348"
},
{
"cve": "CVE-2014-3669",
"notes": [
{
"category": "description",
"text": "Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize function that triggers calculation of a large length value.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
},
"remediations": [
{
"category": "mitigation",
"details": "It is recommended to disable all user accounts with restricted configuration write permissions if the update to the latest released version cannot be installed immediately.It is further recommended to use best practice password policies.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update firmware to the latest version available.\u00a0The issues have been resolved with IRF1000 version 1.5.0, IRF2000 version 4.4.0 and IRF3000 version 1.2.0.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"title": "CVE-2014-3669"
},
{
"cve": "CVE-2015-0231",
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
},
"remediations": [
{
"category": "mitigation",
"details": "It is recommended to disable all user accounts with restricted configuration write permissions if the update to the latest released version cannot be installed immediately.It is further recommended to use best practice password policies.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update firmware to the latest version available.\u00a0The issues have been resolved with IRF1000 version 1.5.0, IRF2000 version 4.4.0 and IRF3000 version 1.2.0.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"title": "CVE-2015-0231"
},
{
"cve": "CVE-2015-3415",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "description",
"text": "The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0\u0026O\u003eO) in a CREATE TABLE statement.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
},
"remediations": [
{
"category": "mitigation",
"details": "It is recommended to disable all user accounts with restricted configuration write permissions if the update to the latest released version cannot be installed immediately.It is further recommended to use best practice password policies.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update firmware to the latest version available.\u00a0The issues have been resolved with IRF1000 version 1.5.0, IRF2000 version 4.4.0 and IRF3000 version 1.2.0.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"title": "CVE-2015-3415"
},
{
"cve": "CVE-2015-3414",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "description",
"text": "SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE\"\"\"\"\"\"\"\" at the end of a SELECT statement.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
},
"remediations": [
{
"category": "mitigation",
"details": "It is recommended to disable all user accounts with restricted configuration write permissions if the update to the latest released version cannot be installed immediately.It is further recommended to use best practice password policies.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update firmware to the latest version available.\u00a0The issues have been resolved with IRF1000 version 1.5.0, IRF2000 version 4.4.0 and IRF3000 version 1.2.0.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"title": "CVE-2015-3414"
},
{
"cve": "CVE-2015-8876",
"notes": [
{
"category": "description",
"text": "Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not validate certain Exception objects, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger unintended method execution via crafted serialized data.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
},
"remediations": [
{
"category": "mitigation",
"details": "It is recommended to disable all user accounts with restricted configuration write permissions if the update to the latest released version cannot be installed immediately.It is further recommended to use best practice password policies.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update firmware to the latest version available.\u00a0The issues have been resolved with IRF1000 version 1.5.0, IRF2000 version 4.4.0 and IRF3000 version 1.2.0.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
}
],
"title": "CVE-2015-8876"
},
{
"cve": "CVE-2015-6835",
"notes": [
{
"category": "description",
"text": "The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 mishandles multiple php_var_unserialize calls, which allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted session content.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
},
"remediations": [
{
"category": "mitigation",
"details": "It is recommended to disable all user accounts with restricted configuration write permissions if the update to the latest released version cannot be installed immediately.It is further recommended to use best practice password policies.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update firmware to the latest version available.\u00a0The issues have been resolved with IRF1000 version 1.5.0, IRF2000 version 4.4.0 and IRF3000 version 1.2.0.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
}
],
"title": "CVE-2015-6835"
},
{
"cve": "CVE-2015-4602",
"notes": [
{
"category": "description",
"text": "The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to a \"type confusion\" issue.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
},
"remediations": [
{
"category": "mitigation",
"details": "It is recommended to disable all user accounts with restricted configuration write permissions if the update to the latest released version cannot be installed immediately.It is further recommended to use best practice password policies.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update firmware to the latest version available.\u00a0The issues have been resolved with IRF1000 version 1.5.0, IRF2000 version 4.4.0 and IRF3000 version 1.2.0.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
}
],
"title": "CVE-2015-4602"
},
{
"cve": "CVE-2016-7411",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "description",
"text": "ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
},
"remediations": [
{
"category": "mitigation",
"details": "It is recommended to disable all user accounts with restricted configuration write permissions if the update to the latest released version cannot be installed immediately.It is further recommended to use best practice password policies.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update firmware to the latest version available.\u00a0The issues have been resolved with IRF1000 version 1.5.0, IRF2000 version 4.4.0 and IRF3000 version 1.2.0.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
}
],
"title": "CVE-2016-7411"
},
{
"cve": "CVE-2016-7124",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "description",
"text": "ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a (1) __destruct call or (2) magic method call.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
},
"remediations": [
{
"category": "mitigation",
"details": "It is recommended to disable all user accounts with restricted configuration write permissions if the update to the latest released version cannot be installed immediately.It is further recommended to use best practice password policies.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update firmware to the latest version available.\u00a0The issues have been resolved with IRF1000 version 1.5.0, IRF2000 version 4.4.0 and IRF3000 version 1.2.0.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
}
],
"title": "CVE-2016-7124"
},
{
"cve": "CVE-2016-9138",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during __wakeup processing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data, as demonstrated by Exception::__toString with DateInterval::__wakeup.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
},
"remediations": [
{
"category": "mitigation",
"details": "It is recommended to disable all user accounts with restricted configuration write permissions if the update to the latest released version cannot be installed immediately.It is further recommended to use best practice password policies.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update firmware to the latest version available.\u00a0The issues have been resolved with IRF1000 version 1.5.0, IRF2000 version 4.4.0 and IRF3000 version 1.2.0.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
}
],
"title": "CVE-2016-9138"
},
{
"cve": "CVE-2016-10161",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finish_nested_data call.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
},
"remediations": [
{
"category": "mitigation",
"details": "It is recommended to disable all user accounts with restricted configuration write permissions if the update to the latest released version cannot be installed immediately.It is further recommended to use best practice password policies.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update firmware to the latest version available.\u00a0The issues have been resolved with IRF1000 version 1.5.0, IRF2000 version 4.4.0 and IRF3000 version 1.2.0.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
}
],
"title": "CVE-2016-10161"
},
{
"cve": "CVE-2017-8923",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script\u0027s use of .= with a long string.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
},
"remediations": [
{
"category": "mitigation",
"details": "It is recommended to disable all user accounts with restricted configuration write permissions if the update to the latest released version cannot be installed immediately.It is further recommended to use best practice password policies.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update firmware to the latest version available.\u00a0The issues have been resolved with IRF1000 version 1.5.0, IRF2000 version 4.4.0 and IRF3000 version 1.2.0.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
}
],
"title": "CVE-2017-8923"
},
{
"cve": "CVE-2017-12933",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "The finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an unspecified impact on the integrity of PHP.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
},
"remediations": [
{
"category": "mitigation",
"details": "It is recommended to disable all user accounts with restricted configuration write permissions if the update to the latest released version cannot be installed immediately.It is further recommended to use best practice password policies.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update firmware to the latest version available.\u00a0The issues have been resolved with IRF1000 version 1.5.0, IRF2000 version 4.4.0 and IRF3000 version 1.2.0.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
}
],
"title": "CVE-2017-12933"
},
{
"cve": "CVE-2017-11142",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "description",
"text": "In PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before 7.1.3, remote attackers could cause a CPU consumption denial of service attack by injecting long form variables, related to main/php_variables.c.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
},
"remediations": [
{
"category": "mitigation",
"details": "It is recommended to disable all user accounts with restricted configuration write permissions if the update to the latest released version cannot be installed immediately.It is further recommended to use best practice password policies.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update firmware to the latest version available.\u00a0The issues have been resolved with IRF1000 version 1.5.0, IRF2000 version 4.4.0 and IRF3000 version 1.2.0.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
}
],
"title": "CVE-2017-11142"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…